containeroo / syncflaer Goto Github PK
View Code? Open in Web Editor NEWSynchronize Traefik host rules and/or Kubernetes Ingresses with Cloudflare
License: GNU General Public License v3.0
Synchronize Traefik host rules and/or Kubernetes Ingresses with Cloudflare
License: GNU General Public License v3.0
more is always better, right? ๐
Hey there!
This tool is great! Thanks for writing it!
How do you only update subdomains and not the main domain zone? I've tried everything that I can think of and I can't find a way to do it in the config.
I have some dockers which are extremely sensitive to cloudflare proxying. Disabling the proxy for that cname fixes consistently, but then syncflaer reverts it.
I've tried setting up an additionalRecords
for it but I think it's skipping it because it's got a record from Traefik:
time="2022-02-15T07:16:42Z" level=info msg="Updated: name: wiki.example.com, type: CNAME, content: weeb.house, proxied: true, ttl: 1"
time="2022-02-15T07:17:43Z" level=warning msg="DNS record wiki.example.com is already defined in a Traefik route. Skipping..."
How can I override the traefik information with docker/compose? I think this ability exists with the kubernetes config?
The new YAML config could look like this?
traefik:
# add multiple instances
<TRAEFIK_1>:
url: https://traefik_1.example.com
username: admin1
password: supersecure1 # can also be set using <TRAEFIK_1>_PASSWORD env variable
<TRAEFIK_2>:
url: https://traefik_2.example.com
username: admin2
password: supersecure2 # can also be set using <TRAEFIK_2>_PASSWORD env variable
Add a map
type of Traefiks
// Traefiks holds the Traefik list.
type Traefiks map[string]*Traefik
See docs
Then we can declare as many Traefik instances as we wish.
Thank you for your feedback!
when creating a pre release, the docker tag latest gets updated as well. it should only be updated when a stable release has been created.
time="2022-10-22T16:31:17Z" level=error msg="Failed to get latest release: GET https://api.github.com/repos/containeroo/syncflaer/releases/latest: 403 API rate limit exceeded for #.#.#.#. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) [rate reset in 13m06s]"
The most recent addition "update checker" is getting rate limited by github. As fas as I can tell, there's no means of adding GH auth to the syncflaer config to prevent these.
Could either auth be added or the rate limit errors be swallowed?
with v3.0.0 a new default ip provider has been added
It would be so nice to also have this included.
In newer releases cloudflared is configured mostly through config files which contains the routes (ingress:
).
In older releases the given Domains where automagically added to CF DNS. Sadly this isn't the case anymore.
So a way to implement this could be:
minimal config.yml example:
tunnel: example
ingress:
- hostname: example.domain.net
service: http://10.0.0.1:81
- service: http_status:404
``
I the path with the config also has to be a "key" file for cloudflared with the tunnel-id as filename:
a-b-c.json
```json
{"AccountTag":"x-y-z","TunnelSecret":"somerandomsecret","TunnelID":"a-b-c","TunnelName":"example"}
My usecase here is basically this: I don't expose my traefik endpoints/routes to the public but instead have an internal DNS resolving those DNS ... internally. Additionally an cloudflared is configured to also have these urls in ingress and the public CF DNS is tunneling public requests through cloudflared into traefik.
internal Request --> internal DNS -+
|
+-> Traefik --> Service
|
external Request --> CF DNS -------+
time="2022-10-25T12:34:01Z" level=error msg="Unable to get public ip from https://myip.is/ip/: http status code 404"
I also get 404 in a browser for this url.
If I go to https://myip.is, it works, and their "API" page is https://4.myip.is
Did the endpoint change? Should multiple options be defined in case one goes down?
Say you have two records:
fw-auth.example.com
auth.example.com
If fw-auth.example.com get's orphaned, SyncFlaer will not delete it since auth.example.com still matches.
time="2022-02-15T08:26:36Z" level=error msg="Unable to create DNS record 172.16: HTTP status 400: An A, AAAA, or CNAME record with that host already exists. (81053)"
time="2022-02-15T08:26:37Z" level=error msg="Unable to create DNS record 192.168: HTTP status 400: An A, AAAA, or CNAME record with that host already exists. (81053)"
time="2022-02-15T08:26:37Z" level=info msg="Waiting 4 more runs until DNS record 172.16.example.com gets deleted"
time="2022-02-15T08:26:37Z" level=info msg="Waiting 4 more runs until DNS record 192.168.example.com gets deleted"
While working on #102 I noticed that my syncflaer is constantly adding and deleting two record like the above, over and over again.
This is in docker-compose environment.
I suspect the issue might have to do with my unique Traefik label setup to get internal and external routers separate.
- "traefik.http.routers.wiki-int.rule=Host(`wiki.$DOMAIN`) && (ClientIP(`172.16.0.0/12`) || ClientIP(`192.168.0.0/16`))"
- "traefik.http.routers.wiki.rule=Host(`wiki.$DOMAIN`)"
The above is on a number of my docker images and that's the only place either 172.16
or 192.168
are ever mentioned in any config files anywhere.
SyncFlaer should be able to get Ingress objects from Kubernetes and parse the host rules accordingly.
There should be an annotation to skip a certain Ingress as well as annotations for setting things like ttl, content, proxied, ...
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
k8s.io/apimachinery
, k8s.io/client-go
)These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
Dockerfile
golang 1.20-alpine
.github/workflows/codeql-analysis.yml
actions/checkout v3
github/codeql-action v2
github/codeql-action v2
github/codeql-action v2
.github/workflows/golangci-lint.yml
actions/checkout v3
actions/setup-go v3
golangci/golangci-lint-action v3
.github/workflows/push.yml
actions/checkout v3
actions/setup-go v3
docker/setup-qemu-action v2
docker/setup-buildx-action v2
actions/cache v3
docker/login-action v2
docker/login-action v2
goreleaser/goreleaser-action v4
go.mod
go 1.19
github.com/cloudflare/cloudflare-go v0.57.1
github.com/google/go-github/v50 v50.1.0
github.com/sirupsen/logrus v1.9.0
github.com/slack-go/slack v0.12.1
github.com/spf13/pflag v1.0.5
github.com/traefik/traefik/v2 v2.9.8
gopkg.in/yaml.v3 v3.0.1
k8s.io/apimachinery v0.26.2
k8s.io/client-go v0.26.2
github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e@a37a7636d23e
github.com/containous/check v0.0.0-20170915194414-ca0bf163426a@ca0bf163426a
github.com/containous/mux v0.0.0-20220627093034-b2dd784e613f@b2dd784e613f
I would like to request a feature to exclude certain (manually created) DNS records from being managed (deleted) by SyncFlaer.
I am using a domain for services proxied by traefik. SyncFlaerautomatically manages those records and the root record.
I have now started using the same domain for ProtonMail. ProtonMail requires certain CNAME records to be set on the domain.
I could set these records using SyncFlaer but I would prefer to be able to specify that SyncFlaer ignores certain records (ideally following a regex pattern). That way I could tell SyncFlaer to ignore (and therefor not delete) all records containing protonmail
.
In the config this could be similar to additionalRecords.
I have also tried just setting the required CNAME records using SyncFlaer additionalRecords, however for some reason those records are continuously updated for no apparent reason.
If there is an additional record with the same hostname as in a Traefik route, SyncFlaer goes crazy and updates the record. It should skip it and print a warn message.
I tried the two following rules while setting two domains during my bitwarden_rs to vaultwarden renaming:
An operator:
rule: Host(`bitwarden.mydomain.com`) || Host(`vaultwarden.mydomain.com`)
A list:
rule: Host(`bitwarden.mydomain.com`, `vaultwarden.mydomain.com`)
Both are valid in the Router documentation and were working in Traefik but SyncFlaer saw my bitwarden.mydomain.com
as orphaned and didn't pick up the vaultwarden.mydomain.com
domain at all.
I worked around this in the meantime by having two separate rules.
Follows up on #163
Hi,
I tried out SyncFlaer as replacement for https://github.com/tiredofit/docker-traefik-cloudflare-companion and https://github.com/oznu/docker-cloudflare-ddns.
The first thing Syncflaer did was to delete the root records (A records with my IPs) from CloudFlare.
I intentionally had managedRootRecord: false
in the config so that these records are not touched.
As a workaround I had to add additional records in the config to recreate the A records again, but my expectation was that these records are not deleted or overwritten by SyncFlaer. The comment explicitely says: "set whether you want to have the root record managed by SyncFlaer"
.
Is this a bug?
Jochen
Follows up #89
Currently, SyncFlaer manages the root record with hardcoded defaults.
In case a user want to use a different server for their root record than for the subdomains, we should allow users to configure their root records similar to additional records.
adapt github actions to push images to ghcr
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.