Skip to content

Hub and Spoke DNS Operator

Hub and Spoke DNS Operator

A multi-cloud Kubernetes operator that automatically manages DNS records for Ingress resources β€” purpose-built for hub-and-spoke network architectures.

Helm Version License Kubernetes Python

Get Started View on GitHub

⚑ Key Features

☁ Multi-Cloud Support

Manage DNS records across Azure DNS, Google Cloud DNS, and AWS Route53 with a single operator deployment.

Event-Driven

Watches Kubernetes Ingress events in real-time β€” DNS records are created, updated, and deleted automatically.

πŸ›‘ Secure by Default

Uses managed identities, IRSA, and workload identity. No hardcoded credentials. Minimal RBAC. Non-root container.

πŸ“Š Observable

Built-in Prometheus metrics for operations, latency, and error tracking. ServiceMonitor support included.

πŸ“¦ Helm-Ready

Production-ready Helm chart with full configurability. Install in one command from GHCR.

βš™ Flexible IP Override

Use a custom IP (e.g., firewall NAT IP) instead of the Ingress load balancer IP for hub-and-spoke topologies.

πŸ€” How It Works

The operator is designed for hub-and-spoke network topologies where Kubernetes clusters run in spoke networks behind a central hub firewall with NAT rules.

graph LR
    ING["☸️ Ingress Event"] --> OP["βš™οΈ DNS Operator"]
    OP --> |Azure| AZ["Azure DNS"]
    OP --> |GCP| GC["Cloud DNS"]
    OP --> |AWS| R53["Route53"]

    style OP fill:#e8f4f8,stroke:#2196F3,stroke-width:2px
    style AZ fill:#0078d4,color:#fff,stroke:#0078d4
    style GC fill:#4285f4,color:#fff,stroke:#4285f4
    style R53 fill:#ff9900,color:#fff,stroke:#ff9900
  1. Watch β€” The operator watches all Ingress resources in the cluster
  2. Detect β€” When an Ingress is created, modified, or deleted, the operator captures the event
  3. Resolve IP β€” Uses either the Ingress load balancer IP or a configured customIP
  4. Sync DNS β€” Creates, updates, or deletes the corresponding A record in your cloud DNS provider

πŸš€ Quick Install

helm install dns-operator \
  oci://ghcr.io/marcus1aleksand/helm-charts/hub-and-spoke-dns-operator \
  --set cloudProvider=azure \
  --set azure.subscriptionId="your-sub-id" \
  --set azure.dnsZone="example.com" \
  --set azure.dnsResourceGroup="rg-dns" \
  --set customIP="203.0.113.1"

Full installation guide

☁ Supported Providers

Provider Service Auth Method Status
Azure Azure DNS Zones Managed Identity / Workload Identity βœ… Stable
GCP Cloud DNS Service Account / Workload Identity βœ… Stable
AWS Route53 IRSA / IAM Roles βœ… Stable