The DNS Private Zone feature within OCI's DNS service allows the users to expand the capabilities of the built-in VCN DNS resolver, enabling them to use custom domain names for the resources within the VCNs.
This sample deployment uses OCI Events to monitor a parent compartment for compute resource creation and termination. When such an event occurs, OCI Functions are triggered to maintain the records in a user-configured DNS Zone.
In case of duplicate records, the function will attempt to generate a new hostname using the latest five characters in instance OCID.
Two free-form tags: hostnames and dns_zone_record_hashes, will be attached to the instance to confirm the DNS Zone record insertion at instance creation and DNS Zone record deletion at instance termination.
- Administrative rights (to manage OCIRs, Functions, IAM, Compute, DNS Zones, Stacks) in the tenancy.
- The DNS zone should be created before this deployment.
- The subnet used for functions must provide connectivity to OCI API via a Service Gateway or NAT Gateway.
Navigate to User Profile in OCI Console and create a new auth token. Auth token is used during deployment to push the functions container images to OCIR.
Click below button, fill-in required values and Apply.
Prerequisites: bash, terraform, fn, docker
- Create a file named
terraform.auto.tfvarsin the root directory using below list of variables and update associated values based on your use-case:
tenancy_ocid = "ocid1.tenancy.oc1...7dq"
user_ocid = "ocid1.user.oc1...7wa"
private_key_path = "/path/to/..../oci_api_key.pem"
private_key_password = ""
fingerprint = "aa:bb:cc:dd:ee:ff:00:11:22:33:44:55:66:77:88:99"
region = "eu-frankfurt-1"
deployment_compartment = "ocid1.compartment.oc1...iqq"
monitored_compartment = "ocid1.compartment.oc1...iqq"
application_subnet = "ocid1.subnet.oc1...uca"
oci_username = "oracleidentitycloudservice/[email protected]"
oci_auth_token = "<generated_auth_token>"
dns_zone_ocid = "ocid1.dns-zone.oc1...a4q"
- Execute
terraform init - Execute
terraform plan - Execute
terraform apply
The function code is written in Python and can be customized by modifying func.py file in the two archives under utils directory. After code change, pack the code in a container image, push the new container image to OCIR and update the function container image.
- Create an instance, confirm if a DNS A record is added to the DNS zone and the two free-form tags (
hostnamesanddns_zone_record_hashes) are present on the instance. - Terminate the instance and confirm if the DNS record was removed.
- Use OCI Functions logging to troubleshoot any issue with function execution.
- Nothing at this time
This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open-source community.
Copyright (c) 2024 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.
ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK.