hub-and-spoke-dns-operator
The Azure Hub and Spoke DNS Operator is an event-based DNS record operator tool designed for a specific use case within Kubernetes environments. It manages Kubernetes influxes fronted by a firewall in a Hub Network and having NAT rules to direct traffic to Kubernetes Influxes in a Spoke Network.
This operator monitors Kubernetes events for Ingress resource creation, updates, or deletion and then creates a Type A DNS record in the target DNS zone. It can set the IP associated with the Ingress resource or a "customIP" parameter defined in the helm chart provided with this operator.
Helm-chart Description
A Helm chart for the Hub and Spoke DNS Kubernetes DNS Operator
Maintainers
| Name | Url | |
|---|---|---|
| Marcus Aleks | marcus@aleksand.com | https://github.com/marcus1aleksand |
Values
| Key | Type | Default | Description |
|---|---|---|---|
| azure.dnsResourceGroup | string |
""
|
|
| azure.dnsZone | string |
""
|
|
| azure.managedIdentityClientId | string |
""
|
|
| azure.subscriptionId | string |
""
|
|
| customIP | string |
""
|
Paramater with the IP address to override the ingress assigned IP when creating the DNS record. |
| customTTL | int |
300
|
Paramater with the TTL to be used when creating the automated DNS record. |
| deployment.automountServiceAccountToken | bool |
false
|
|
| fullnameOverride | string |
""
|
|
| image.pullPolicy | string |
"Always"
|
|
| image.repository | string |
"ghcr.io/marcus1aleksand/hub-and-spoke-dns-operator"
|
|
| imageCredentials | string |
""
|
|
| nameOverride | string |
""
|
|
| replicaCount | int |
1
|
|
| serviceAccount.create | bool |
true
|
|
| serviceAccount.name | string |
"azurednsoperator"
|
Installation
Install the hub-and-spoke-dns-operator helm chart:
helm install hub-and-spoke-dns-operator oci://ghcr.io/marcus1aleksand/helm-charts/hub-and-spoke-dns-operator
Security Checks
Security checks in this repository are performed by a pipeline that executes Checkov whenever a Pull Request is created against the main branch.
Checkov is a static code analysis tool for infrastructure as code (IaC) and also a software composition analysis (SCA) tool for images and open source packages.
It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Helm charts, Kustomize, Dockerfile, Serverless, Bicep, OpenAPI or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.
It performs Software Composition Analysis (SCA) scanning which is a scan of open source packages and images for Common Vulnerabilities and Exposures (CVEs).
Checkov also powers Prisma Cloud Application Security, the developer-first platform that codifies and streamlines cloud security throughout the development lifecycle. Prisma Cloud identifies, fixes, and prevents misconfigurations in cloud resources and infrastructure-as-code files.
Validation Hooks
This repository has pre-commit hooks configuration within it. This is utilized to run a set of validations locally such as automatically fixing formatting issues before the code is pushed to a remote branch.git s
In order to have the pre-commit working in your local IDE, after cloning this repository locally, run the following commands:
- Install pre-commit locally
brew install pre-commit
- After cloning this repository and having pre-commit installed in your locall computer, run the following command via CLI in the repository directory:
pre-commit install
Done! now whenever a commit command is executed, your code terraform code will be fully validated and documentation will be automatically updated before it is pushed to the remote repository's branch.
Autogenerated from chart metadata using helm-docs v1.14.2