{"id":14975843,"url":"https://github.com/linka-cloud/k8s-dns-manager","last_synced_at":"2026-03-06T17:35:51.303Z","repository":{"id":57559968,"uuid":"326201761","full_name":"linka-cloud/k8s-dns-manager","owner":"linka-cloud","description":"Host DNS server and manage records inside Kubernetes Clusters","archived":false,"fork":false,"pushed_at":"2023-06-22T14:57:57.000Z","size":240,"stargazers_count":20,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-27T14:40:46.421Z","etag":null,"topics":["cert-manager","cert-manager-webhook","coredns","coredns-plugin","dns","dns-operator","dns-records","k8s","kubernetes","kubernetes-operator","open-source","operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linka-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-02T14:37:47.000Z","updated_at":"2025-08-12T07:21:29.000Z","dependencies_parsed_at":"2024-06-19T17:37:13.006Z","dependency_job_id":"3c99f88e-7f8b-458b-b444-503338fc6ccb","html_url":"https://github.com/linka-cloud/k8s-dns-manager","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/linka-cloud/k8s-dns-manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fk8s-dns-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fk8s-dns-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fk8s-dns-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fk8s-dns-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linka-cloud","download_url":"https://codeload.github.com/linka-cloud/k8s-dns-manager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fk8s-dns-manager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30188319,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T17:33:53.563Z","status":"ssl_error","status_checked_at":"2026-03-06T17:33:51.678Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager","cert-manager-webhook","coredns","coredns-plugin","dns","dns-operator","dns-records","k8s","kubernetes","kubernetes-operator","open-source","operator"],"created_at":"2024-09-24T13:52:45.294Z","updated_at":"2026-03-06T17:35:51.266Z","avatar_url":"https://github.com/linka-cloud.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Kubernetes DNS Manager\n\n**Project status: *alpha*** \n\nNot all planned features are completed. \nThe API, spec, status and other user facing objects are subject to change. \nWe do not support backward-compatibility for the alpha releases.\n\n## Overview\n\nThe DNS Operator allows managing DNS record directly from within a Kubernetes cluster by defining a new resource: DNSRecord.\n\nWhen using an external provider, the DNS Operator will create a DNS record in the provider based on the resource definition.\n\nWhen using the CoreDNS provider, the DNS Operator will configure CoreDNS to serve the DNS record.\n\nThe supported records types are:\n- A\n- CNAME\n- TXT\n- SRV\n- MX\n\nExample MX Record:\n```yaml\napiVersion: dns.linka.cloud/v1alpha1\nkind: DNSRecord\nmetadata:\n  name: mx-example-org\n  namespace: default\nspec:\n  mx:\n    name: example.org.\n    preference: 10\n    target: mail.example.org.\n```\n\n### Raw DNS Records\n\n**Only supported by the CoreDNS plugin**\n\nFor everything else the `raw` field allows to create any kind of record, including the supported ones.\nRaw records are parsed using [miekg/dns](https://godoc.org/github.com/miekg/dns).\n\nExample:\n```yaml\napiVersion: dns.linka.cloud/v1alpha1\nkind: DNSRecord\nmetadata:\n  name: ns-example-org\n  namespace: default\nspec:\n  raw: 'example.org ns ns0.dns.example.org'\n```\n\n### Generate A Records from LoadBalancer Services and Ingresses\n\nThe DNS Operator support creating automatically DNS records for LoadBalancer Services and Ingresses.\n\nThis behavior can be disabled by setting the `dns.linka.cloud/disabled` annotation on the Ingress or the Service.\n\nThe TTL can be set using the `dns.linka.cloud/ttl` annotation on the Ingress or the Service.\n\nFor Services, the DNS Operator will create an A record if the Service has the `dns.linka.cloud/hostname` annotation set \nto a valid dns hostname and the Service has a LoadBalancer IP.\n\n```yaml\napiVersion: v1\nkind: Service\nmetadata:\n  name: whoami\n  annotations:\n    dns.linka.cloud/hostname: whoami.example.org\n    dns.linka.cloud/ttl: \"60\"\nspec:\n  selector:\n    app: whoami\n  ports:\n  - port: 80\n    name: http\n  type: LoadBalancer\n```\n\nFor Ingresses, the DNS Operator will create an A record per host with the status loadbalancer IP.\n\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: whoami\n  annotations:\n    dns.linka.cloud/ttl: \"60\"\nspec:\n  rules:\n  - host: whoami.example.org\n    http:\n      paths:\n      - path: /\n        pathType: Prefix\n        backend:\n          service:\n            name: whoami\n            port:\n              number: 80\n```\n\n\n## Requirements\n\n### Domain Name\n\nObviously, you need a domain name to use this operator.\n\nIf you don't want to buy one, you can use a free domain name from [Freenom](https://www.freenom.com/en/index.html?lang=en)\nand use it with [Cloudflare](https://www.cloudflare.com/) or the CoreDNS provider.\n\nIf using the CoreDNS provider, you will also need to configure your domain name to use the CoreDNS server as a nameserver.\n\n\n### Cert-Manager\n\nCert Manager is required in order to generate the TLS certificates used by the DNS Operator Validation Webhook.\n\nIt can be installed using the [official documentation](https://cert-manager.io/docs/installation/kubernetes/).\n\n```bash\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml\n```\n\n\n## Installation\n\n⚠️ **When upgrading from v0.1 to v0.2+, due to the renaming of the resource to the plural form, you need to back up all the DNSRecords then delete the old CRD before upgrading.** ⚠️\n\n### CRDs, RBAC and Webhook\n\n```bash\nkubectl apply -f https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/common.yaml\n```\n\n### Providers\n\n#### CoreDNS\n\n*Note*:\nIn order to be available from outside the cluster, a LoadBalancer service is deployed with the operator.\nThe LoadBalancer external IP must be given to the operator by updating the deployment \nand setting the operator's `--external-address` flag.\n\nFinally, change the nameservers in your DNS registrar console, so they point to the operator's \ncoredns server.\n\n```bash\nkubectl apply -f https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/coredns.yaml\n```\n\n#### Cloudflare\n\nRequired environment variables:\n\n- `CLOUDFLARE_TOKEN`: Cloudflare API token\n\n```bash\nexport CLOUDFLARE_TOKEN=...\ncurl -sL https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/cloudflare.yaml | envsubst | kubectl apply -f -\n```\n\n#### Hetzner\n\nRequired environment variables:\n\n- `HETZNER_TOKEN`: Hetzner DNS API token\n\n```bash\nexport HETZNER_TOKEN=...\ncurl -sL https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/hetzner.yaml | envsubst | kubectl apply -f -\n```\n\n#### OVH\n\nRequired environment variables:\n\n- `OVH_APPLICATION_KEY`: OVH Application Key\n- `OVH_APPLICATION_SECRET`: OVH Application Secret\n- `OVH_CONSUMER_KEY`: OVH Consumer Key\n- `OVH_ENDPOINT`: OVH API endpoint\n\n```bash\nexport OVH_APPLICATION_KEY=...\nexport OVH_APPLICATION_SECRET=...\nexport OVH_CONSUMER_KEY=...\nexport OVH_ENDPOINT=...\ncurl -sL https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/ovh.yaml | envsubst | kubectl apply -f -\n```\n\n#### Scaleway\n\nRequired environment variables:\n- `SCALEWAY_SECRET_KEY`: Scaleway Secret Key\n- `SCALEWAY_ORGANIZATION_ID`: Scaleway Organization ID\n\n```bash\nexport SCALEWAY_SECRET_KEY=...\nexport SCALEWAY_ORGANIZATION_ID=...\ncurl -sL https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/scaleway.yaml | envsubst | kubectl apply -f -\n```\n\n## Uninstall\n\nYou need to delete the crds first, so that the controller can remove the finializers from the resources.\nThis will delete all the DNSRecords.\n\n```bash\nkubectl delete crds dnsrecords.dns.linka.cloud\n```\n\nThen delete the controller and the webhook.\n\n```bash\nkubectl delete -f https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/\u003cprovider\u003e.yaml\nkubectl delete -f https://raw.githubusercontent.com/linka-cloud/k8s-dns-manager/v0.2.0/deploy/common.yaml\n```\n\n## Operator\n\nThe operator ensure the dns records' validity and state (active / inactive).\nWhen using the **coredns** provider, it may also run the CoreDNS server, but it should be soon moved out and deployed by the operator.\nWhen using the other providers, the operator creates and updates the records using the DNS provider's API.\n\nBy default, the manifests include a Kubernetes LoadBalancer Service exposing the in-process CoreDNS server\n`udp` and `tcp` ports: 53.\n\n## k8s_dns CoreDNS Plugin\nThe `k8s_dns` plugin serve the `DNSRecord` and ensure that valid dns apex are served if not defined via `DNSRecord`:\n- it generates a valid `NS` record for each dns records zones (e.g ns0.dns.example.org)\n- it generates a valid `SOA` record for each dns records zones\n\nIn order to generate accurate `NS` records, the plugin needs to know the CoreDNS server public address.\nIt can be given using the `--external-address` operator's flag.\n\nNext, the `NS` record should be configured in the DNS provider's console as Nameserver.\n\n## Operator Configuration flags\n\n```bash\n$ k8s-dns --help\n\nk8s-dns is a DNS Controller allowing to manage DNS Records from within a Kubernetes cluster\n\nUsage:\n  k8s-dns [flags]\n\nFlags:\n      --dns-any                      Enable coredns 'any' plugin\n      --dns-cache int                Enable coredns cache with ttl (in seconds)\n      --dns-forward strings          Dns forward servers\n      --dns-log                      Enable coredns query logs\n      --dns-metrics                  Enable coredns metrics on 0.0.0.0:9153\n      --dns-verification-server ip   DNS server to use for verification (default 1.1.1.1)\n      --enable-leader-election       Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.\n      --enable-webhook               Enable the validation webhook\n  -a, --external-address ip          The external dns server address, e.g the loadbalancer service IP (default 127.0.0.1)\n  -h, --help                         help for k8s-dns\n      --metrics-addr string          The address the metric endpoint binds to. (default \":4299\")\n      --no-dns                       Do not run in process coredns server\n  -p, --provider string              DNS provider to use (default \"coredns\")\n\n```\n\n## kubectl-dns\n\nA `kubectl` plugin is available in the repository, it allows simple dns management tasks.\n\n```bash\n$ kubectl dns --help\n\ndns root command\n\nUsage:\n  dns [command]\n\nAvailable Commands:\n  activate    active DNSRecord\n  create      create a DNSRecord from bind record format and print it to stdout\n  deactivate  de-activate DNSRecord\n  help        Help about any command\n  import      import dns bind file zone and print the DNSRecordList to stdout\n  list        list DNSRecords\n\nFlags:\n  -h, --help   help for dns\n\nUse \"dns [command] --help\" for more information about a command.\n\n```\n\n## Cert-Manager DNS Challenges Webhook\n\nSee [cert-manager-webhook-k8s-dns](https://github.com/linka-cloud/cert-manager-webhook-k8s-dns).\n\n## Related Projects\n\n- [Kubernetes ExternalDNS](https://github.com/kubernetes-sigs/external-dns)\n- [Gardener External DNS Management](https://github.com/gardener/external-dns-management)\n\n## TODOs:\n- [ ] docs\n- [ ] handle private IP address\n- [ ] out of manager CoreDNS server\n- [ ] CoreDNS server deployed by the manager\n- [ ] find public CoreDNS server IP from LoadBalancer service\n- [x] add CoreDNS options (cache, log, etc.)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinka-cloud%2Fk8s-dns-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinka-cloud%2Fk8s-dns-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinka-cloud%2Fk8s-dns-manager/lists"}