{"id":47819550,"url":"https://github.com/hops-ops/aws-dns-stack","last_synced_at":"2026-04-03T19:04:30.445Z","repository":{"id":342671994,"uuid":"1173870463","full_name":"hops-ops/aws-dns-stack","owner":"hops-ops","description":"DNS and Certificate Management using Route53 – HostedZones, Subdomain HostedZones, External DNS, and TLS (HTTPS) Certs managed automatically by Cert Manager with LetsEncrypt.","archived":false,"fork":false,"pushed_at":"2026-03-21T19:33:15.000Z","size":38,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-22T08:01:25.819Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"KCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hops-ops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-05T20:51:57.000Z","updated_at":"2026-03-21T19:06:29.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hops-ops/aws-dns-stack","commit_stats":null,"previous_names":["hops-ops/stack-aws-dns","hops-ops/aws-dns-stack"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/hops-ops/aws-dns-stack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Faws-dns-stack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Faws-dns-stack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Faws-dns-stack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Faws-dns-stack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hops-ops","download_url":"https://codeload.github.com/hops-ops/aws-dns-stack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hops-ops%2Faws-dns-stack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31371685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T17:53:18.093Z","status":"ssl_error","status_checked_at":"2026-04-03T17:53:17.617Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-03T19:03:09.566Z","updated_at":"2026-04-03T19:04:30.420Z","avatar_url":"https://github.com/hops-ops.png","language":"KCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-dns-stack\n\nDeploys DNS and TLS automation: Route53 hosted zones, ExternalDNS for automatic DNS record management, CertManager for automated TLS certificates, and a ClusterIssuer configured for Let's Encrypt DNS-01 validation via Route53.\n\n## Why DNSStack?\n\n**Without DNSStack:**\n- Manual DNS record management for every service endpoint\n- Manual TLS certificate provisioning and renewal\n- Separate IAM roles, policies, and Helm releases to coordinate\n- Easy to misconfigure DNS-01 solvers or forget to wire hosted zone IDs\n\n**With DNSStack:**\n- Single claim provisions Route53 zones, ExternalDNS, CertManager, and ClusterIssuer\n- Automatic DNS record creation for Kubernetes Services and Ingresses\n- Automatic TLS certificate issuance and renewal via Let's Encrypt\n- Hosted zone IDs automatically wired into ClusterIssuer DNS-01 solvers\n\n## The Journey\n\n### Stage 1: Getting Started\n\nMinimal configuration for a single domain with automatic DNS and TLS.\n\n```yaml\napiVersion: aws.hops.ops.com.ai/v1alpha1\nkind: DNSStack\nmetadata:\n  name: dns\n  namespace: default\nspec:\n  clusterName: my-cluster\n  aws:\n    region: us-east-1\n  domains:\n  - name: example.com\n  clusterIssuer:\n    email: admin@example.com\n```\n\nThis creates:\n- A Route53 hosted zone for `example.com`\n- ExternalDNS watching for DNS annotations on Services/Ingresses\n- CertManager with a ClusterIssuer using Let's Encrypt production\n\n### Stage 2: Growing (Multiple Domains)\n\nAdd multiple domains and customize AWS settings.\n\n```yaml\napiVersion: aws.hops.ops.com.ai/v1alpha1\nkind: DNSStack\nmetadata:\n  name: dns\n  namespace: default\nspec:\n  clusterName: prod-cluster\n  aws:\n    region: us-west-2\n    permissionsBoundaryArn: arn:aws:iam::123456789012:policy/boundary\n    rolePrefix: prod-\n    tags:\n      environment: production\n  domains:\n  - name: example.com\n  - name: internal.example.com\n  clusterIssuer:\n    email: platform@example.com\n```\n\n### Stage 3: Import Existing\n\nAdopt existing Route53 hosted zones without recreating them.\n\n```yaml\napiVersion: aws.hops.ops.com.ai/v1alpha1\nkind: DNSStack\nmetadata:\n  name: dns\n  namespace: default\nspec:\n  clusterName: prod-cluster\n  aws:\n    region: us-west-2\n  domains:\n  - name: example.com\n    externalName: Z1234567890ABC\n  clusterIssuer:\n    email: platform@example.com\n```\n\n## Status\n\n```yaml\nstatus:\n  ready: true\n  hostedZones:\n  - domain: example.com\n    zoneId: \"Z1234567890ABC\"\n```\n\n| Field | Description |\n|-------|-------------|\n| `ready` | Whether all components are ready |\n| `hostedZones[].domain` | Domain name |\n| `hostedZones[].zoneId` | Route53 hosted zone ID |\n\n## Composed Resources\n\n- `Route53 Zone` - One per domain in `spec.domains`\n- `ExternalDNS` (sub-XRD) - Helm chart + PodIdentity for automatic DNS record management\n- `CertManager` (sub-XRD) - Helm chart + PodIdentity for TLS certificate automation\n- `Kubernetes Object (ClusterIssuer)` - Let's Encrypt ACME issuer with DNS-01 Route53 solver\n\n## Configuration Reference\n\n| Field | Required | Default | Description |\n|-------|----------|---------|-------------|\n| `clusterName` | Yes | - | Target cluster name |\n| `aws.region` | Yes | - | AWS region |\n| `aws.permissionsBoundaryArn` | No | - | IAM permissions boundary |\n| `aws.rolePrefix` | No | - | Prefix for IAM role names |\n| `aws.tags` | No | `{}` | Additional AWS tags |\n| `domains[].name` | Yes | - | Domain name |\n| `domains[].externalName` | No | - | Existing zone ID to import |\n| `externalDNS.enabled` | No | `true` | Deploy ExternalDNS |\n| `certManager.enabled` | No | `true` | Deploy CertManager |\n| `clusterIssuer.enabled` | No | `true` | Create ClusterIssuer |\n| `clusterIssuer.email` | No | - | Let's Encrypt registration email |\n| `clusterIssuer.staging` | No | `false` | Use staging ACME server |\n\n## Development\n\n```bash\nmake render          # Render all examples\nmake validate        # Validate all examples\nmake test            # Run unit tests\nmake e2e             # Run E2E tests\n```\n\n## License\n\nApache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhops-ops%2Faws-dns-stack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhops-ops%2Faws-dns-stack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhops-ops%2Faws-dns-stack/lists"}