Merge pull request #8 from quixio/dev

Add Private DNS Zone support and module flexibility improvements

Author: joseEnrique

.github/workflows/terraform-module.yml

@@ -63,8 +63,8 @@ jobs:
     name: Tag release
     runs-on: ubuntu-latest
     needs: validate
-    # Only release on manual dispatch with bump==minor
-    if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.bump == 'minor' }}
+    # Only release on manual dispatch
+    if: ${{ github.event_name == 'workflow_dispatch' }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4

examples/private-quix-infr-external-vnet/main.tf

@@ -79,8 +79,8 @@ module "aks" {
   sku_tier                = "Standard"
   private_cluster_enabled = true
 
-  vnet_name          = azurerm_virtual_network.ext.name
-  nodes_subnet_name  = azurerm_subnet.nodes_ext.name
+  vnet_name         = azurerm_virtual_network.ext.name
+  nodes_subnet_name = azurerm_subnet.nodes_ext.name
 
   identity_name     = "quix-private-nat-id"
   public_ip_name    = "quix-private-nat-ip"

modules/quix-aks/README.md

@@ -54,7 +54,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_attach_identity_ids"></a> [attach\_identity\_ids](#input\_attach\_identity\_ids) | Additional user-assigned identity IDs to attach to the cluster | `list(string)` | `[]` | no |
-| <a name="input_availability_zone"></a> [availability\_zone](#input\_availability\_zone) | Availability zone for public IP | `string` | n/a | yes |
+| <a name="input_availability_zone"></a> [availability\_zone](#input\_availability\_zone) | Availability zone for public IP (required only when create\_nat is true) | `string` | `null` | no |
 | <a name="input_bastion_name"></a> [bastion\_name](#input\_bastion\_name) | Name of the Azure Bastion resource | `string` | `"QuixBastion"` | no |
 | <a name="input_bastion_public_ip_id"></a> [bastion\_public\_ip\_id](#input\_bastion\_public\_ip\_id) | Existing Bastion Public IP ID to reuse (skip public IP creation when set) | `string` | `null` | no |
 | <a name="input_bastion_public_ip_name"></a> [bastion\_public\_ip\_name](#input\_bastion\_public\_ip\_name) | Name of the Public IP for Azure Bastion | `string` | `"QuixBastionIP"` | no |
@@ -82,6 +82,7 @@ No modules.
 | <a name="input_nodes_subnet_name"></a> [nodes\_subnet\_name](#input\_nodes\_subnet\_name) | Name of the AKS nodes subnet | `string` | `null` | no |
 | <a name="input_oidc_issuer_enabled"></a> [oidc\_issuer\_enabled](#input\_oidc\_issuer\_enabled) | Enable OIDC issuer | `bool` | `true` | no |
 | <a name="input_private_cluster_enabled"></a> [private\_cluster\_enabled](#input\_private\_cluster\_enabled) | Enable AKS private cluster | `bool` | `false` | no |
+| <a name="input_private_dns_prefix"></a> [private\_dns\_prefix](#input\_private\_dns\_prefix) | Custom DNS prefix for private cluster. Only used when private\_cluster\_enabled is true and private\_dns\_zone\_id is set to a custom zone ID. If null, uses the cluster name. | `string` | `null` | no |
 | <a name="input_private_dns_zone_id"></a> [private\_dns\_zone\_id](#input\_private\_dns\_zone\_id) | Private DNS Zone to use for AKS API server when private cluster is enabled. Accepts "System", "None", or a Private DNS Zone resource ID. | `string` | `"System"` | no |
 | <a name="input_public_ip_name"></a> [public\_ip\_name](#input\_public\_ip\_name) | Name of the public IP for NAT Gateway | `string` | `null` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Resource group name (existing or to be created) | `string` | n/a | yes |

modules/quix-aks/aks.tf

@@ -3,14 +3,15 @@
 ################################################################################
 
 resource "azurerm_kubernetes_cluster" "this" {
-  name                    = var.name
-  location                = local.rg_location
-  resource_group_name     = local.rg_name_effective
-  dns_prefix              = "${var.name}-dns"
-  kubernetes_version      = var.kubernetes_version
-  sku_tier                = var.sku_tier
-  private_cluster_enabled = var.private_cluster_enabled
-  private_dns_zone_id     = var.private_cluster_enabled ? var.private_dns_zone_id : null
+  name                       = var.name
+  location                   = local.rg_location
+  resource_group_name        = local.rg_name_effective
+  dns_prefix                 = var.private_cluster_enabled ? null : "${var.name}-dns"
+  dns_prefix_private_cluster = var.private_cluster_enabled ? coalesce(var.private_dns_prefix, "${var.name}-dns") : null
+  kubernetes_version         = var.kubernetes_version
+  sku_tier                   = var.sku_tier
+  private_cluster_enabled    = var.private_cluster_enabled
+  private_dns_zone_id        = var.private_cluster_enabled ? var.private_dns_zone_id : null
 
   oidc_issuer_enabled       = var.oidc_issuer_enabled
   workload_identity_enabled = var.workload_identity_enabled

modules/quix-aks/variables.tf

@@ -47,6 +47,12 @@ variable "private_dns_zone_id" {
   default     = "System"
 }
 
+variable "private_dns_prefix" {
+  description = "Custom DNS prefix for private cluster. Only used when private_cluster_enabled is true and private_dns_zone_id is set to a custom zone ID. If null, uses the cluster name."
+  type        = string
+  default     = null
+}
+
 variable "oidc_issuer_enabled" {
   description = "Enable OIDC issuer"
   type        = bool
@@ -181,8 +187,9 @@ variable "nat_gateway_id" {
 }
 
 variable "availability_zone" {
-  description = "Availability zone for public IP"
+  description = "Availability zone for public IP (required only when create_nat is true)"
   type        = string
+  default     = null
 }
 
 variable "attach_identity_ids" {