From 13e4b702f769ba3311e8bc9d4925b03fd92b8c4b Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Thu, 11 Apr 2019 15:16:26 -0400
Subject: [PATCH] data/aws: create an api-int dns name

wired to the same load balancer. But does mean you can change the certs
and CA for the apiserver on the public name, but let us continue to own
certs for the -int name.
---
 data/data/aws/route53/base.tf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/data/data/aws/route53/base.tf b/data/data/aws/route53/base.tf
index 999218e2aa..95de3103d3 100644
--- a/data/data/aws/route53/base.tf
+++ b/data/data/aws/route53/base.tf
@@ -30,6 +30,18 @@ resource "aws_route53_record" "api_external" {
 }
 
 resource "aws_route53_record" "api_internal" {
+  zone_id = "${aws_route53_zone.int.zone_id}"
+  name    = "api-int.${var.cluster_domain}"
+  type    = "A"
+
+  alias {
+    name                   = "${var.api_internal_lb_dns_name}"
+    zone_id                = "${var.api_internal_lb_zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "api_external_internal_zone" {
   zone_id = "${aws_route53_zone.int.zone_id}"
   name    = "api.${var.cluster_domain}"
   type    = "A"