cloudflare-dns-operator 0.1.11

Kubernetes operator to manage Cloudflare DNS records
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

apiVersion: v1
kind: Namespace
metadata:
  name: cloudflare-dns
---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: cloudflare-dns-operator
  namespace: cloudflare-dns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cloudflare-dns-operator
  template:
    metadata:
      labels:
        app: cloudflare-dns-operator
    spec:
      serviceAccountName: cloudflare-dns-operator
      containers:
      - name: cloudflare-dns-operator
        image: robertkrahn/cloudflare-dns-operator:latest
        imagePullPolicy: Always
        env:
        - name: RUST_LOG
          value: "debug"
        - name: RUST_BACKTRACE
          value: "1"
        - name: CLOUDFLARE_API_TOKEN
          valueFrom:
            secretKeyRef:
              name: cloudflare-api-token
              key: api-token
        # optional
        - name: CHECK_DNS_RESOLUTION
          value: "5m"
        - name: NAMESERVER_FOR_DNS_CHECK
          value: "1.1.1.1:53"
---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: cloudflare-dns-operator
  namespace: cloudflare-dns
---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cloudflare-dns-operator-role
rules:
- apiGroups: ["dns.cloudflare.com"]
  resources:
  - cloudflarednsrecords
  - cloudflarednsrecords/status
  verbs:
  - get
  - list
  - watch
  - create
  - delete
  - patch
  - update
# Access to services to resolve ips. If you don't use dynamic content via
# referencing services, you can remove this.
- apiGroups: [""]
  resources: ["services"]
  verbs:
  - get
  - list
  - watch
# Access to configmaps and secrets to read zone names or ids. Remove this if you
# specify the zone id/name directly.
- apiGroups: [""]
  resources:
  - configmaps
  - secrets
  verbs:
  - get
  - list
  - watch
---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudflare-dns-operator-rolebinding
subjects:
- kind: ServiceAccount
  name: cloudflare-dns-operator
roleRef:
  kind: ClusterRole
  name: cloudflare-dns-operator-role
  apiGroup: rbac.authorization.k8s.io
---