Add DNS zone secondary region support

Azure · Sep 23, 2024 · 3aa7536 · 3aa7536
1 parent df41641
commit 3aa7536
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 14 deletions.
diff --git a/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml b/templates/complete_multi_region/config-hub-and-spoke-vnet.yaml
@@ -144,4 +144,6 @@ connectivity:
 
   private_dns: 
     location: ${starter_location_01}
+    secondary_locations: 
+      - ${starter_location_02}
     resource_group_name: rg-dns-${starter_location_01}
diff --git a/templates/complete_multi_region/locals-private-dns.tf b/templates/complete_multi_region/locals-private-dns.tf
@@ -1,11 +1,35 @@
 locals {
-    private_dns_virtual_networks_hub_and_spoke_vnet = (local.hub_networking_enabled ? 
-        { for virtual_network_key, virtual_network in module.hub_and_spoke_vnet[0].virtual_networks : virtual_network_key => { vnet_resource_id = virtual_network.id } } :
-        {}
-    )
-    private_dns_virtual_networks_virtual_wan = (local.virtual_wan_enabled ? 
-        { "virtual_wan" = { vnet_resource_id = module.virtual_network_private_dns.resource_id} } :
-        {}
-    )
-    private_dns_virtual_networks = merge(local.private_dns_virtual_networks_hub_and_spoke_vnet, local.private_dns_virtual_networks_virtual_wan)
+  private_dns_virtual_networks_hub_and_spoke_vnet = (local.hub_networking_enabled ? 
+      { for virtual_network_key, virtual_network in module.hub_and_spoke_vnet[0].virtual_networks : virtual_network_key => { vnet_resource_id = virtual_network.id } } :
+      {}
+  )
+  private_dns_virtual_networks_virtual_wan = (local.virtual_wan_enabled ? 
+      { "virtual_wan" = { vnet_resource_id = module.virtual_network_private_dns.resource_id} } :
+      {}
+  )
+  private_dns_virtual_networks = merge(local.private_dns_virtual_networks_hub_and_spoke_vnet, local.private_dns_virtual_networks_virtual_wan)
+  private_dns_secondary_locations = { for location in local.module_private_dns.secondary_locations : location => { is_primary = false } }
+  private_dns_location_map = local.private_dns_enabled ? merge({
+    try(local.module_private_dns.location, var.starter_locations[0]) = { is_primary = true }
+  }, local.private_dns_secondary_locations) : {}
+  private_dns_secondary_zones = {
+    azure_data_explorer = {
+      zone_name = "privatelink.{regionName}.kusto.windows.net"
+    }
+    azure_batch_account = {
+      zone_name = "{regionName}.privatelink.batch.azure.com"
+    }
+    azure_batch_node_mgmt = {
+      zone_name = "{regionName}.service.privatelink.batch.azure.com"
+    }
+    azure_aks_mgmt = {
+      zone_name = "privatelink.{regionName}.azmk8s.io"
+    }
+    azure_acr_data = {
+      zone_name = "{regionName}.data.privatelink.azurecr.io"
+    }
+    azure_backup = {
+      zone_name = "privatelink.{regionCode}.backup.windowsazure.com"
+    }
+  }      
 }
diff --git a/templates/complete_multi_region/main.tf b/templates/complete_multi_region/main.tf
diff --git a/templates/complete_multi_region/networking-private-dns.tf b/templates/complete_multi_region/networking-private-dns.tf
@@ -2,14 +2,15 @@ module "private_dns_zones" {
   source  = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm"
   version = "0.4.0"
 
-  count = local.private_dns_enabled ? 1 : 0
+  for_each = local.private_dns_location_map
 
-  location = try(local.module_private_dns.location, var.starter_locations[0])
+  location = each.key
   resource_group_name = try(local.module_private_dns.resource_group_name, null)
   resource_group_creation_enabled  = try(local.module_private_dns.resource_group_creation_enabled, true)
   virtual_network_resource_ids_to_link_to = local.private_dns_virtual_networks
+  private_link_private_dns_zones = each.value.is_primary ? null : local.private_dns_secondary_zones
 
   providers = {
     azurerm = azurerm.connectivity
   }
-}
+}