-
Notifications
You must be signed in to change notification settings - Fork 0
Configuring Providers
In general, providers require no extra configuration other than a token/credential via an environment variable.
There's always at least one option available
for filtering which zones will be synced (usually domain_filter).
| Provider type | Integration quality | Update strategy | Integrates with |
|---|---|---|---|
cloudflare |
beta | record-by-record | Cloudflare DNS |
vultr |
stable | record-by-record | Vultr: "The Infrastructure Cloud" |
route53 |
beta | atomic patches | Amazon Route53 |
google |
stable | atomic replacements | Google Cloud DNS |
powerdns |
beta | atomic patches | PowerDNS (self-hostable) |
See below sections for more info on each provider.
Generate a Cloudflare API Token (the "edit DNS" sample is perfect)
and set it as the CLOUDFLARE_TOKEN environment variable.
[[provider]]
type = "cloudflare"
### Have traffic go through Cloudflare's CDN by default?
### This can also be set per-record with an Kubernetes annotation, see below
proxied_by_default = true # default: false
### If you want to enable proxied *wildcards* and you pay for Cloudflare Enterprise:
# allow_proxied_wildcards = false
### These let you give specific IDs instead of discovering what the API token can access
# account_id = ["zjh[etc]aio"]
# zone_id_filter = ["058[etc]90q"]
### This filters the list of zones that was discovered
# domain_filter = ["danopia.net"]To control proxy status (orange vs. gray cloud) on a per-record basis, use this annotation:
metadata:
annotations:
external-dns.alpha.kubernetes.io/cloudflare-proxied: 'true'If the annotation is present, proxying will be configured
based on the annotation value being equal to the string "true".
If the annotation is not present then the default value will be used from the config.
If the configuration doesn't have a value then the default is false.
Auth is handled from the environment (via environment variables, EC2 instance metadata, or Kubernetes IRSA).
[[provider]]
type = "route53"
### These filter the list of zones that was found
# zone_id_filter = ["058[etc]90q"]
# domain_filter = ["danopia.net"]
### Route53 is a 'global' service, so you shouldn't need this:
# region = "us-east-1"Generate an API Token
and set it as the VULTR_API_KEY environment variable.
[[provider]]
type = "vultr"
### This filters the list of zones that was found
# domain_filter = ["danopia.net"]Vultr supports every dns-sync record type except SOA.
For authentication, currently only the GOOGLE_APPLICATION_CREDENTIALS envvar is supported.
It must contain a path to a JSON file containing a "type":"service_account" credential.
The OAuth scopes https://www.googleapis.com/auth/ndev.clouddns.{read,write} will be used.
If you want more flexible auth, please ask :)
[[provider]]
type = "google"
### By default, the project is read from your service account's JSON data.
# project_id = "my-project-id"
### These filter which zones to pay attention to, by either DNS name or user-specified identifer
# domain_filter = ["danopia.net"]
# zone_filter = ["myzone-chosen-id"]PowerDNS is an open source authoritative DNS server.
So, unlike the other providers, you can run your own powerdns program
alongside kubernetes-dns-sync for local development purposes.
Set the POWERDNS_API_KEY envvar to authenticate.
[[provider]]
type = "powerdns"
# api_endpoint = "http://localhost:8081/api/" # default
# server_id = "localhost" # default
# domain_filter = ["danopia.net"]