From 553e08b035cbcdd414ac7b6c1692028d9ded3d5e Mon Sep 17 00:00:00 2001 From: JohnBlackwell Date: Mon, 9 Mar 2026 15:19:11 -0400 Subject: [PATCH 1/4] decouple azure db dns zones --- terraform/core-infra/azure/network.tf | 61 +++++++++++++++++-------- terraform/core-infra/azure/variables.tf | 17 ++++--- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/terraform/core-infra/azure/network.tf b/terraform/core-infra/azure/network.tf index 3b7fca2..5700908 100644 --- a/terraform/core-infra/azure/network.tf +++ b/terraform/core-infra/azure/network.tf @@ -2,16 +2,37 @@ data "azurerm_resource_group" "default" { name = var.resource_group_name } -data "azurerm_private_dns_zone" "postgres" { +resource "azurerm_private_dns_zone" "postgres" { + name = "${var.cluster_name}.postgres.database.azure.com" + resource_group_name = data.azurerm_resource_group.default.name +} + +resource "azurerm_private_dns_zone" "mysql" { + name = "${var.cluster_name}.mysql.database.azure.com" + resource_group_name = data.azurerm_resource_group.default.name +} + +data "azurerm_private_dns_zone" "postgres_mgmt" { + count = var.use_mgmt_dns_zone ? 1 : 0 + name = var.postgres_dns_zone resource_group_name = data.azurerm_resource_group.default.name } -data "azurerm_private_dns_zone" "mysql" { +data "azurerm_private_dns_zone" "mysql_mgmt" { + count = var.use_mgmt_dns_zone ? 1 : 0 + name = var.mysql_dns_zone resource_group_name = data.azurerm_resource_group.default.name } +locals { + postgres_private_dns_zone_name = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.postgres_mgmt[0].name : azurerm_private_dns_zone.postgres.name + postgres_private_dns_zone_id = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.postgres_mgmt[0].id : azurerm_private_dns_zone.postgres.id + mysql_private_dns_zone_name = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.mysql_mgmt[0].name : azurerm_private_dns_zone.mysql.name + mysql_private_dns_zone_id = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.mysql_mgmt[0].id : azurerm_private_dns_zone.mysql.id +} + data "azurerm_virtual_network" "plural" { name = var.network_name resource_group_name = data.azurerm_resource_group.default.name @@ -39,8 +60,8 @@ resource "plural_service_context" "plural" { sn_subnet_id = data.azurerm_subnet.plural_sn.id pg_subnet_name = data.azurerm_subnet.plural_pg.name pg_subnet_id = data.azurerm_subnet.plural_pg.id - dns_zone_name = data.azurerm_private_dns_zone.postgres.name - dns_zone_id = data.azurerm_private_dns_zone.postgres.id + dns_zone_name = local.postgres_private_dns_zone_name + dns_zone_id = local.postgres_private_dns_zone_id }) } @@ -98,14 +119,14 @@ resource "azurerm_subnet" "dev_mysql" { resource "azurerm_private_dns_zone_virtual_network_link" "dev_pg" { name = "dev.postgres.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = data.azurerm_private_dns_zone.postgres.name + private_dns_zone_name = local.postgres_private_dns_zone_name virtual_network_id = azurerm_virtual_network.dev.id } resource "azurerm_private_dns_zone_virtual_network_link" "dev_mysql" { name = "dev.mysql.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = data.azurerm_private_dns_zone.mysql.name + private_dns_zone_name = local.mysql_private_dns_zone_name virtual_network_id = azurerm_virtual_network.dev.id } @@ -119,19 +140,19 @@ resource "plural_service_context" "dev" { sn_subnet_id = azurerm_subnet.dev_sn.id pg_subnet_name = azurerm_subnet.dev_pg.name pg_subnet_id = azurerm_subnet.dev_pg.id - pg_dns_zone_name = data.azurerm_private_dns_zone.postgres.name - pg_dns_zone_id = data.azurerm_private_dns_zone.postgres.id + pg_dns_zone_name = local.postgres_private_dns_zone_name + pg_dns_zone_id = local.postgres_private_dns_zone_id mysql_subnet_name = azurerm_subnet.dev_mysql.name mysql_subnet_id = azurerm_subnet.dev_mysql.id - mysql_dns_zone_name = data.azurerm_private_dns_zone.mysql.name - mysql_dns_zone_id = data.azurerm_private_dns_zone.mysql.id + mysql_dns_zone_name = local.mysql_private_dns_zone_name + mysql_dns_zone_id = local.mysql_private_dns_zone_id {{ if .AppDomain }} ingress_dns_zone = "dev.{{ .AppDomain }}" {{ end}} # Kept for backwards compatibility. Use fields with pg_ prefix instead. - dns_zone_name = data.azurerm_private_dns_zone.postgres.name - dns_zone_id = data.azurerm_private_dns_zone.postgres.id + dns_zone_name = local.postgres_private_dns_zone_name + dns_zone_id = local.postgres_private_dns_zone_id }) } @@ -189,14 +210,14 @@ resource "azurerm_subnet" "prod_mysql" { resource "azurerm_private_dns_zone_virtual_network_link" "prod_pg" { name = "prod.postgres.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = data.azurerm_private_dns_zone.postgres.name + private_dns_zone_name = local.postgres_private_dns_zone_name virtual_network_id = azurerm_virtual_network.prod.id } resource "azurerm_private_dns_zone_virtual_network_link" "prod_mysql" { name = "prod.mysql.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = data.azurerm_private_dns_zone.mysql.name + private_dns_zone_name = local.mysql_private_dns_zone_name virtual_network_id = azurerm_virtual_network.prod.id } @@ -210,17 +231,17 @@ resource "plural_service_context" "prod" { sn_subnet_id = azurerm_subnet.prod_sn.id pg_subnet_name = azurerm_subnet.prod_pg.name pg_subnet_id = azurerm_subnet.prod_pg.id - pg_dns_zone_name = data.azurerm_private_dns_zone.postgres.name - pg_dns_zone_id = data.azurerm_private_dns_zone.postgres.id + pg_dns_zone_name = local.postgres_private_dns_zone_name + pg_dns_zone_id = local.postgres_private_dns_zone_id mysql_subnet_name = azurerm_subnet.prod_mysql.name mysql_subnet_id = azurerm_subnet.prod_mysql.id - mysql_dns_zone_name = data.azurerm_private_dns_zone.mysql.name - mysql_dns_zone_id = data.azurerm_private_dns_zone.mysql.id + mysql_dns_zone_name = local.mysql_private_dns_zone_name + mysql_dns_zone_id = local.mysql_private_dns_zone_id {{ if .AppDomain }} ingress_dns_zone = "{{ .AppDomain }}" {{ end}} # Kept for backwards compatibility. Use fields with pg_ prefix instead. - dns_zone_name = data.azurerm_private_dns_zone.postgres.name - dns_zone_id = data.azurerm_private_dns_zone.postgres.id + dns_zone_name = local.postgres_private_dns_zone_name + dns_zone_id = local.postgres_private_dns_zone_id }) } diff --git a/terraform/core-infra/azure/variables.tf b/terraform/core-infra/azure/variables.tf index d5acb8d..0f50ca6 100644 --- a/terraform/core-infra/azure/variables.tf +++ b/terraform/core-infra/azure/variables.tf @@ -7,12 +7,12 @@ variable "resource_group_name" { } variable "network_name" { - type = string + type = string default = "plural" } variable "region" { - type = string + type = string default = "us-east-2" } @@ -28,6 +28,11 @@ variable "client_id" { type = string } +variable "use_mgmt_dns_zone" { + type = bool + default = false +} + variable "postgres_dns_zone" { default = "plrl.postgres.database.azure.com" } @@ -37,21 +42,21 @@ variable "mysql_dns_zone" { } variable "network_cidrs" { - type = list(string) + type = list(string) default = ["10.52.0.0/16"] } variable "subnet_cidrs" { - type = list(string) + type = list(string) default = ["10.52.0.0/20"] } variable "postgres_cidrs" { - type = list(string) + type = list(string) default = ["10.52.16.0/24"] } variable "mysql_cidrs" { - type = list(string) + type = list(string) default = ["10.52.17.0/24"] } From f3b30db11bc2d08b19a5d9bbebc9a0c03bca23f8 Mon Sep 17 00:00:00 2001 From: JohnBlackwell Date: Mon, 9 Mar 2026 15:52:37 -0400 Subject: [PATCH 2/4] temp set to true to test --- terraform/core-infra/azure/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/core-infra/azure/variables.tf b/terraform/core-infra/azure/variables.tf index 0f50ca6..90cb93f 100644 --- a/terraform/core-infra/azure/variables.tf +++ b/terraform/core-infra/azure/variables.tf @@ -30,7 +30,7 @@ variable "client_id" { variable "use_mgmt_dns_zone" { type = bool - default = false + default = true } variable "postgres_dns_zone" { From e5b22a5814539b673c54cbe795223efae01dfc3c Mon Sep 17 00:00:00 2001 From: JohnBlackwell Date: Mon, 9 Mar 2026 16:08:56 -0400 Subject: [PATCH 3/4] reset back to false --- terraform/core-infra/azure/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/core-infra/azure/variables.tf b/terraform/core-infra/azure/variables.tf index 90cb93f..0f50ca6 100644 --- a/terraform/core-infra/azure/variables.tf +++ b/terraform/core-infra/azure/variables.tf @@ -30,7 +30,7 @@ variable "client_id" { variable "use_mgmt_dns_zone" { type = bool - default = true + default = false } variable "postgres_dns_zone" { From a88ae8cee7a324e1eec6416ed510d36393a3e533 Mon Sep 17 00:00:00 2001 From: JohnBlackwell Date: Wed, 11 Mar 2026 10:47:03 -0400 Subject: [PATCH 4/4] separate zone contracts per context --- terraform/core-infra/azure/network.tf | 53 ++++++++++++++------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/terraform/core-infra/azure/network.tf b/terraform/core-infra/azure/network.tf index 5700908..dc8be3e 100644 --- a/terraform/core-infra/azure/network.tf +++ b/terraform/core-infra/azure/network.tf @@ -13,24 +13,25 @@ resource "azurerm_private_dns_zone" "mysql" { } data "azurerm_private_dns_zone" "postgres_mgmt" { - count = var.use_mgmt_dns_zone ? 1 : 0 - name = var.postgres_dns_zone resource_group_name = data.azurerm_resource_group.default.name } data "azurerm_private_dns_zone" "mysql_mgmt" { - count = var.use_mgmt_dns_zone ? 1 : 0 - name = var.mysql_dns_zone resource_group_name = data.azurerm_resource_group.default.name } locals { - postgres_private_dns_zone_name = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.postgres_mgmt[0].name : azurerm_private_dns_zone.postgres.name - postgres_private_dns_zone_id = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.postgres_mgmt[0].id : azurerm_private_dns_zone.postgres.id - mysql_private_dns_zone_name = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.mysql_mgmt[0].name : azurerm_private_dns_zone.mysql.name - mysql_private_dns_zone_id = var.use_mgmt_dns_zone ? data.azurerm_private_dns_zone.mysql_mgmt[0].id : azurerm_private_dns_zone.mysql.id + mgmt_postgres_private_dns_zone_name = data.azurerm_private_dns_zone.postgres_mgmt.name + mgmt_postgres_private_dns_zone_id = data.azurerm_private_dns_zone.postgres_mgmt.id + mgmt_mysql_private_dns_zone_name = data.azurerm_private_dns_zone.mysql_mgmt.name + mgmt_mysql_private_dns_zone_id = data.azurerm_private_dns_zone.mysql_mgmt.id + + env_postgres_private_dns_zone_name = var.use_mgmt_dns_zone ? local.mgmt_postgres_private_dns_zone_name : azurerm_private_dns_zone.postgres.name + env_postgres_private_dns_zone_id = var.use_mgmt_dns_zone ? local.mgmt_postgres_private_dns_zone_id : azurerm_private_dns_zone.postgres.id + env_mysql_private_dns_zone_name = var.use_mgmt_dns_zone ? local.mgmt_mysql_private_dns_zone_name : azurerm_private_dns_zone.mysql.name + env_mysql_private_dns_zone_id = var.use_mgmt_dns_zone ? local.mgmt_mysql_private_dns_zone_id : azurerm_private_dns_zone.mysql.id } data "azurerm_virtual_network" "plural" { @@ -60,8 +61,8 @@ resource "plural_service_context" "plural" { sn_subnet_id = data.azurerm_subnet.plural_sn.id pg_subnet_name = data.azurerm_subnet.plural_pg.name pg_subnet_id = data.azurerm_subnet.plural_pg.id - dns_zone_name = local.postgres_private_dns_zone_name - dns_zone_id = local.postgres_private_dns_zone_id + dns_zone_name = local.mgmt_postgres_private_dns_zone_name + dns_zone_id = local.mgmt_postgres_private_dns_zone_id }) } @@ -119,14 +120,14 @@ resource "azurerm_subnet" "dev_mysql" { resource "azurerm_private_dns_zone_virtual_network_link" "dev_pg" { name = "dev.postgres.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = local.postgres_private_dns_zone_name + private_dns_zone_name = local.env_postgres_private_dns_zone_name virtual_network_id = azurerm_virtual_network.dev.id } resource "azurerm_private_dns_zone_virtual_network_link" "dev_mysql" { name = "dev.mysql.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = local.mysql_private_dns_zone_name + private_dns_zone_name = local.env_mysql_private_dns_zone_name virtual_network_id = azurerm_virtual_network.dev.id } @@ -140,19 +141,19 @@ resource "plural_service_context" "dev" { sn_subnet_id = azurerm_subnet.dev_sn.id pg_subnet_name = azurerm_subnet.dev_pg.name pg_subnet_id = azurerm_subnet.dev_pg.id - pg_dns_zone_name = local.postgres_private_dns_zone_name - pg_dns_zone_id = local.postgres_private_dns_zone_id + pg_dns_zone_name = local.env_postgres_private_dns_zone_name + pg_dns_zone_id = local.env_postgres_private_dns_zone_id mysql_subnet_name = azurerm_subnet.dev_mysql.name mysql_subnet_id = azurerm_subnet.dev_mysql.id - mysql_dns_zone_name = local.mysql_private_dns_zone_name - mysql_dns_zone_id = local.mysql_private_dns_zone_id + mysql_dns_zone_name = local.env_mysql_private_dns_zone_name + mysql_dns_zone_id = local.env_mysql_private_dns_zone_id {{ if .AppDomain }} ingress_dns_zone = "dev.{{ .AppDomain }}" {{ end}} # Kept for backwards compatibility. Use fields with pg_ prefix instead. - dns_zone_name = local.postgres_private_dns_zone_name - dns_zone_id = local.postgres_private_dns_zone_id + dns_zone_name = local.env_postgres_private_dns_zone_name + dns_zone_id = local.env_postgres_private_dns_zone_id }) } @@ -210,14 +211,14 @@ resource "azurerm_subnet" "prod_mysql" { resource "azurerm_private_dns_zone_virtual_network_link" "prod_pg" { name = "prod.postgres.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = local.postgres_private_dns_zone_name + private_dns_zone_name = local.env_postgres_private_dns_zone_name virtual_network_id = azurerm_virtual_network.prod.id } resource "azurerm_private_dns_zone_virtual_network_link" "prod_mysql" { name = "prod.mysql.com" resource_group_name = data.azurerm_resource_group.default.name - private_dns_zone_name = local.mysql_private_dns_zone_name + private_dns_zone_name = local.env_mysql_private_dns_zone_name virtual_network_id = azurerm_virtual_network.prod.id } @@ -231,17 +232,17 @@ resource "plural_service_context" "prod" { sn_subnet_id = azurerm_subnet.prod_sn.id pg_subnet_name = azurerm_subnet.prod_pg.name pg_subnet_id = azurerm_subnet.prod_pg.id - pg_dns_zone_name = local.postgres_private_dns_zone_name - pg_dns_zone_id = local.postgres_private_dns_zone_id + pg_dns_zone_name = local.env_postgres_private_dns_zone_name + pg_dns_zone_id = local.env_postgres_private_dns_zone_id mysql_subnet_name = azurerm_subnet.prod_mysql.name mysql_subnet_id = azurerm_subnet.prod_mysql.id - mysql_dns_zone_name = local.mysql_private_dns_zone_name - mysql_dns_zone_id = local.mysql_private_dns_zone_id + mysql_dns_zone_name = local.env_mysql_private_dns_zone_name + mysql_dns_zone_id = local.env_mysql_private_dns_zone_id {{ if .AppDomain }} ingress_dns_zone = "{{ .AppDomain }}" {{ end}} # Kept for backwards compatibility. Use fields with pg_ prefix instead. - dns_zone_name = local.postgres_private_dns_zone_name - dns_zone_id = local.postgres_private_dns_zone_id + dns_zone_name = local.env_postgres_private_dns_zone_name + dns_zone_id = local.env_postgres_private_dns_zone_id }) }