Kubernetes Ingress integration (#95)

* Initial kubernetes ingress implementation

* Set timeout for golangci-lint

* Update README.md

* Add rbac example

* Fix rbac

* Update README.md

Co-authored-by: giotto <giottolino@gmail.com>

* Fix in-cluster kubernetes client

* Simplification

* Fix license and readme

* Improve log message

* Simplify kube client creation

* Increase retries for asset upload

Co-authored-by: giotto <giottolino@gmail.com>

Author: rxbn

.github/workflows/golangci-lint.yml

@@ -17,3 +17,5 @@ jobs:
       - uses: actions/checkout@v2
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v2
+        with:
+          args: --timeout=3m

.github/workflows/release.yml

@@ -17,6 +17,7 @@ jobs:
         goarch: amd64
         binary_name: syncflaer
         project_path: cmd/syncflaer
+        retry: 5
   release-linux-arm:
     name: release linux/arm
     runs-on: ubuntu-latest
@@ -29,6 +30,7 @@ jobs:
         goarch: arm
         binary_name: syncflaer
         project_path: cmd/syncflaer
+        retry: 5
   release-linux-arm64:
     name: release linux/arm64
     runs-on: ubuntu-latest
@@ -41,6 +43,7 @@ jobs:
         goarch: arm64
         binary_name: syncflaer
         project_path: cmd/syncflaer
+        retry: 5
   release-darwin-amd64:
     name: release darwin/amd64
     runs-on: ubuntu-latest
@@ -53,6 +56,7 @@ jobs:
           goarch: amd64
           binary_name: syncflaer
           project_path: cmd/syncflaer
+          retry: 5
   release-darwin-arm64:
     name: release darwin/arm64
     runs-on: ubuntu-latest
@@ -65,6 +69,7 @@ jobs:
           goarch: arm64
           binary_name: syncflaer
           project_path: cmd/syncflaer
+          retry: 5
   release-windows-amd64:
     name: release windows/amd64
     runs-on: ubuntu-latest
@@ -77,3 +82,4 @@ jobs:
           goarch: amd64
           binary_name: syncflaer
           project_path: cmd/syncflaer
+          retry: 5

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [v5.3.0](https://github.com/containeroo/SyncFlaer/tree/v5.3.0) (2022-01-21)
+
+[All Commits](https://github.com/containeroo/SyncFlaer/compare/v5.2.0...v5.3.0)
+
+**New features:**
+
+- Add support for Kubernetes ingress objects (#80)
+
 ## [v5.2.0](https://github.com/containeroo/SyncFlaer/tree/v5.2.0) (2021-12-24)
 
 [All Commits](https://github.com/containeroo/SyncFlaer/compare/v5.1.6...v5.2.0)

LICENSE

@@ -631,8 +631,8 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
-    SyncFlaer: Synchronize Traefik host rules with Cloudflare®.
-    Copyright (C) 2021 Containeroo
+    SyncFlaer: Synchronize Traefik host rules and/or Kubernetes Ingresses with Cloudflare®.
+    Copyright (C) 2022 containeroo
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    SyncFlaer  Copyright (C) 2021 Containeroo
+    SyncFlaer  Copyright (C) 2022 containeroo
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.

README.md

@@ -1,15 +1,16 @@
 # SyncFlaer
 
-Synchronize Traefik host rules with Cloudflare®.
+Synchronize Traefik host rules and/or Kubernetes Ingresses with Cloudflare®.
 
 ![Docker Image Version (latest semver)](https://img.shields.io/docker/v/containeroo/syncflaer?sort=semver)
 ![Docker Pulls](https://img.shields.io/docker/pulls/containeroo/syncflaer)
 ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/containeroo/syncflaer)
 
 ## Why?
 
-- Dynamically create, update or delete Cloudflare® DNS records based on Traefik http rules
+- Dynamically create, update or delete Cloudflare® DNS records based on Traefik http rules and/or Kubernetes Ingresses (apiVersion: networking.k8s.io/v1)
 - Supports multiple Traefik instances
+- Supports Kubernetes Ingresses (apiVersion: networking.k8s.io/v1)
 - Supports multiple Cloudflare zones
 - Update DNS records when public IP changes
 - Supports configuring additional DNS records for services outside Traefik (i.e. vpn server)
@@ -21,9 +22,9 @@ Synchronize Traefik host rules with Cloudflare®.
   - [Kubernetes](#kubernetes)
 - [Configuration](#configuration)
   - [Overview](#overview)
-    - [Minimal Config File](#minimal-config-file)
-    - [Full Config File](#full-config-file)
+    - [Config File](#config-file)
     - [Using Multiple Traefik Instances](#using-multiple-traefik-instances)
+    - [Kubernetes Ingress Support](#kubernetes-ingress-support)
     - [Environment Variables](#environment-variables)
     - [Defaults](#defaults)
   - [Additional Records](#additional-records)
@@ -61,25 +62,9 @@ You can run SyncFlaer as a Kubernetes CronJob. For an example deployment, please
 
 ### Overview
 
-SyncFlaer must be configured via a [YAML config file](#full-config-file). Some secrets can be configured using [environment variables](#environment-variables).
+SyncFlaer must be configured via a [YAML config file](#config-file). Some secrets can be configured using [environment variables](#environment-variables).
 
-#### Minimal Config File
-
-The following configuration is required:
-
-```yaml
----
-traefikInstances:
-  - name: main
-    url: https://traefik.example.com
-
-cloudflare:
-  apiToken: abc
-  zoneNames:
-    - example.com
-```
-
-#### Full Config File
+#### Config File
 
 The full configuration file can be found at `configs/config.yml`.
 
@@ -110,6 +95,25 @@ traefikInstances:
 
 Every instance can be configured to use different HTTP basic auth, custom request headers and ignored rules.
 
+#### Kubernetes Ingress Support
+
+SyncFlaer can be configured to support Kubernetes Ingresses. By default, SyncFlaer will sync all Ingresses.
+
+If you run SyncFlaer in a Kubernetes cluster, please refer to the `deployments/kubernetes` folder for an example deployment.  
+If you run SyncFlaer outside a Kubernetes cluster, you can use the `KUBECONFIG` environment variable to configure a specific kubeconfig file.  
+If the `KUBECONFIG` environment variable is not set, SyncFlaer will use the default kubeconfig file located at `$HOME/.kube/config`.
+
+If you want to ignore specific Ingresses, use the annotation `syncflaer.containeroo.ch/ignore=true`.
+
+To overwrite the default configuration for DNS records, you can specify the following annotations for each Ingress:
+
+| Annotation                         | Example        |
+|------------------------------------|----------------|
+| `syncflaer.containeroo.ch/type`    | `A` or `CNAME` |
+| `syncflaer.containeroo.ch/content` | `example.com`  |
+| `syncflaer.containeroo.ch/proxied` | `true`         |
+| `syncflaer.containeroo.ch/ttl`     | `120`          |
+
 #### Environment Variables
 
 Instead of putting secrets in the config file, SyncFlaer can grab secrets from environment variables.
@@ -130,6 +134,7 @@ If not specified, the following defaults apply:
 | Name                           | Default Value                                                                                                                            |
 |--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|
 | `ipProviders`                  | `["https://ifconfig.me/ip", "https://ipecho.net/plain", "https://myip.is/ip", "https://checkip.amazonaws.com", "https://api.ipify.org"]` |
+| `kubernetes.enabled`           | `false`                                                                                                                                  |
 | `managedRootRecord`            | `true`                                                                                                                                   |
 | `cloudflare.deleteGrace`       | `0` (delete records instantly)                                                                                                           |
 | `cloudflare.defaults.type`     | `CNAME`                                                                                                                                  |
@@ -184,7 +189,7 @@ Everything after the `env:` part will be used as the name of the environment var
 
 ## Copyright
 
-2021 Containeroo
+2022 containeroo
 
 Cloudflare and the Cloudflare logo are registered trademarks owned by Cloudflare Inc.
 This project is not affiliated with Cloudflare®.

cmd/syncflaer/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"github.com/cloudflare/cloudflare-go"
+	"github.com/containeroo/syncflaer/internal/kube"
 	"os"
 	"strconv"
 
@@ -11,7 +12,7 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
-const version string = "5.2.0"
+const version string = "5.3.0"
 
 func main() {
 	log.SetOutput(os.Stdout)
@@ -48,8 +49,16 @@ func main() {
 		deleteGraceRecords := internal.GetDeleteGraceRecords(cf, zoneID)
 
 		var userRecords []cloudflare.DNSRecord
-		userRecords = internal.GetTraefikRules(config, currentIP, zoneName, userRecords)
-		userRecords = internal.GetAdditionalRecords(config, currentIP, zoneName, userRecords)
+		if config.TraefikInstances != nil {
+			userRecords = internal.GetTraefikRules(config, currentIP, zoneName, userRecords)
+		}
+		if config.AdditionalRecords != nil {
+			userRecords = internal.GetAdditionalRecords(config, currentIP, zoneName, userRecords)
+		}
+		if *config.Kubernetes.Enabled {
+			kubeClient := kube.SetupKubernetesClient()
+			userRecords = kube.GetIngresses(kubeClient, config, currentIP, zoneName, userRecords)
+		}
 
 		missingRecords := internal.GetMissingDNSRecords(cloudflareDNSRecords, userRecords)
 		if missingRecords != nil {

configs/config.yml

@@ -49,6 +49,10 @@ traefikInstances:
       - example.example.com
       - internal.example.com
 
+# enable kubernetes ingress integration
+kubernetes:
+  enabled: true
+
 # set whether you want to have the root record managed by SyncFlaer
 # if you don't need a root record, you can set this to false
 # it is also helpful to set this to false if your root record points to a different server

deployments/kubernetes/configmap.yaml

@@ -9,12 +9,15 @@ data:
     notifications:
       slack:
         webhookURL: env:SLACK_WEBHOOK_URL
-    traefikInstances:
-      - name: main
-        url: https://traefik.example.com
-        ignoredRules:
-          - local.example.com
-          - dev.example.com
+    # traefikInstances:
+    #   - name: main
+    #     url: https://traefik.example.com
+    #     ignoredRules:
+    #       - local.example.com
+    #       - dev.example.com
+
+    kubernetes:
+      enabled: true
 
     additionalRecords:
       - name: vpn.example.com

deployments/kubernetes/cronjob.yaml

@@ -29,7 +29,7 @@ spec:
                   name: config
                   subPath: config.yml
           restartPolicy: Never
-          automountServiceAccountToken: false
+          serviceAccountName: syncflaer
           volumes:
             - name: config
               configMap:

deployments/kubernetes/rbac.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: syncflaer
+  namespace: syncflaer
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: syncflaer
+rules:
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: syncflaer
+metadata:
+  name: syncflaer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: syncflaer
+subjects:
+  - kind: ServiceAccount
+    name: syncflaer
+    namespace: syncflaer

go.mod

@@ -8,14 +8,39 @@ require (
 	github.com/slack-go/slack v0.10.1
 	github.com/spf13/pflag v1.0.5
 	gopkg.in/yaml.v2 v2.4.0
+	k8s.io/apimachinery v0.23.2
+	k8s.io/client-go v0.23.2
 )
 
 require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-logr/logr v1.2.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.5 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/gorilla/websocket v1.4.2 // indirect
-	github.com/kr/text v0.2.0 // indirect
+	github.com/imdario/mergo v0.3.5 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	golang.org/x/net v0.0.0-20210510120150-4163338589ed // indirect
-	golang.org/x/sys v0.0.0-20210423082822-04245dca01da // indirect
-	golang.org/x/text v0.3.6 // indirect
-	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
+	golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
+	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
+	golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e // indirect
+	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	k8s.io/api v0.23.2 // indirect
+	k8s.io/klog/v2 v2.30.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
+	k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect
+	sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
 )