Skip to content

Commit

Permalink
Add canary test record sets (#81)
Browse files Browse the repository at this point in the history 
* feat: add command to create ip address

* feat: remove ip address command and add permissions for sa to create addresses

* feat: add canary-ip resource

* feat: add canary record sets

* fix: add required labels and annotations

* fix: remove blank lines for yamllint

* fix: update managedZoneRef to be external

* fix: file name in kustomization

* feat: move canary-gc-ca.yaml to ./k8s/components/infrastructure
  • Loading branch information
@vedantthapa
vedantthapa authored Jun 11, 2024
1 parent 34f6a49 commit 320b9ec
Show file tree
Hide file tree
Showing 4 changed files with 354 additions and 0 deletions.
7 changes: 7 additions & 0 deletions infra-deployment-scripts/cloud-shell-infra-init.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@ gcloud projects add-iam-policy-binding "${GOOGLE_CLOUD_PROJECT}" \
--role "roles/dns.admin" \
--project "${GOOGLE_CLOUD_PROJECT}"

# Add IAM policy binding for managing compute ips
gcloud projects add-iam-policy-binding "${GOOGLE_CLOUD_PROJECT}" \
--member "serviceAccount:sa-${GOOGLE_CLOUD_PROJECT}-phac-dns@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" \
--role "roles/compute.publicIpAdmin" \
--project "${GOOGLE_CLOUD_PROJECT}"

gcloud iam service-accounts add-iam-policy-binding \ py base gcloud pht-scienceportal
"sa-${GOOGLE_CLOUD_PROJECT}-phac-dns@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" \
--member="serviceAccount:${GOOGLE_CLOUD_PROJECT}.svc.id.goog[cnrm-system/cnrm-controller-manager-dns]" \
Expand Down Expand Up @@ -84,3 +90,4 @@ gcloud container clusters create-auto "${GOOGLE_CLOUD_PROJECT}-phac-dns" \
--subnetwork="projects/${GOOGLE_CLOUD_PROJECT}/regions/northamerica-northeast1/subnetworks/${GOOGLE_CLOUD_PROJECT}-vpc-01-sub-01" \
--project=${GOOGLE_CLOUD_PROJECT} \
--service-account="sa-${GOOGLE_CLOUD_PROJECT}-gke@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com"

333 changes: 333 additions & 0 deletions k8s/components/infrastructure/canary-gc-ca.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,333 @@
# These record sets are meant for internally testing domains
# _
# _ __ | |__ __ _ ___ __ _ ___ _ __ ___
# | '_ \| '_ \ / _` |/ __|____ / _` / __| '_ \ / __|
# | |_) | | | | (_| | (_|_____| (_| \__ \ |_) | (__
# | .__/|_| |_|\__,_|\___| \__,_|___/ .__/ \___|
# |_| |_|
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-beta-phac-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.beta.phac-aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: beta-phac-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-alpha-phac-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.alpha.phac-aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: alpha-phac-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-api-ipa-phac-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.api-ipa.phac-aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: api-ipa-phac-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-data-donnees-phac-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.data-donnees.phac-aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: data-donnees-phac-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-open-ouvert-phac-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.open-ouvert.phac-aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: open-ouvert-phac-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
# _
# _ __ | |__ __ _ ___
# | '_ \| '_ \ / _` |/ __|
# | |_) | | | | (_| | (__
# | .__/|_| |_|\__,_|\___|
# |_|
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-beta-phac
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.beta.phac.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: beta-phac-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-alpha-phac
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.alpha.phac.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: alpha-phac-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-api-phac
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.api.phac.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: api-phac-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-data-phac
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.data.phac.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: data-phac-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-open-phac
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.open.phac.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: open-phac-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
# __ _ ___ _ __ ___
# / _` / __| '_ \ / __|
# | (_| \__ \ |_) | (__
# \__,_|___/ .__/ \___|
# |_|
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-beta-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.beta.aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: beta-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-alpha-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.alpha.aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: alpha-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-ipa-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.ipa.aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: ipa-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-donnees-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.donnees.aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: donnees-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
apiVersion: dns.cnrm.cloud.google.com/v1beta1
kind: DNSRecordSet
metadata:
name: canary-ouvert-aspc
namespace: dns
annotations:
sourceCodeRepository: "https://github.com/PHACDataHub/phac-dns"
labels:
controlled-by: "phac-dns"
project-name: "phac-dns"
project-id: "php-01hhmj81fhp"
spec:
name: "canary.ouvert.aspc.gc.ca."
type: A
ttl: 300
managedZoneRef:
external: ouvert-aspc-gc-ca
rrdatasRefs:
- name: canary-ip
kind: ComputeAddress
---
12 changes: 12 additions & 0 deletions k8s/components/infrastructure/canary-ip.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: canary-ip
namespace: dns
annotations:
cnrm.cloud.google.com/state-into-spec: merge
spec:
description: Static external ip address to test domains internally via nslookup
addressType: EXTERNAL
location: northamerica-northeast1
networkTier: STANDARD
2 changes: 2 additions & 0 deletions k8s/components/infrastructure/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ resources:
- open-ouvert-phac-aspc-gc-ca.yaml
- open-phac-gc-ca.yaml
- ouvert-aspc-gc-ca.yaml
- canary-ip.yaml
- canary-gc-ca.yaml
commonLabels:
controlled-by: "phac-dns"
commonAnnotations:
Expand Down

0 comments on commit 320b9ec

Please sign in to comment.