Synchronize Traefik host rules and/or Kubernetes Ingresses with Cloudflare®.
- Dynamically create, update or delete Cloudflare® DNS records based on Traefik http rules and/or Kubernetes Ingresses (apiVersion: networking.k8s.io/v1)
- Supports multiple Traefik instances
- Supports Kubernetes Ingresses (apiVersion: networking.k8s.io/v1)
- Supports multiple Cloudflare zones
- Update DNS records when public IP changes
- Supports configuring additional DNS records for services outside Traefik (i.e. vpn server)
Create a config file based on the example located at configs/config.yml.
syncflaer --config-path /opt/syncflaer.ymlFlags:
-c, --config-path string Path to config file (default "config.yml")
-d, --debug Enable debug mode
-v, --version Print the current version and exit
You can run SyncFlaer as a Kubernetes CronJob. For an example deployment, please refer to the files located at deployments/kubernetes.
SyncFlaer must be configured via a YAML config file. Some secrets can be configured using environment variables.
The full configuration file can be found at configs/config.yml.
You can configure SyncFlaer to gather host rules from multiple Traefik instances.
The configuration for two instances would look like this:
traefikInstances:
- name: instance1
url: https://traefik1.example.com
user: admin1
password: supersecure
customRequestHeaders:
X-Example-Header: instance1
ignoredRules:
- instance1.example.com
- name: instance2
url: https://traefik2.example.com
user: admin2
password: stillsupersecure
customRequestHeaders:
Authorization: env:TREAFIK_AUTH_HEADER
ignoredRules:
- instance2.example.comEvery instance can be configured to use different HTTP basic auth, custom request headers and ignored rules.
Let's say you have the following Cloudflare defaults defined in config file:
cloudflare:
defaults:
type: CNAME
ttl: 1
proxied: trueUsually, every DNS record created for a Traefik host rule will have those defaults.
If you want to override those defaults, you can do so by specifying them in the defaultOverrides section of the config file under traefikInstances:
traefikInstances:
- name: main
url: https://traefik.example.com
defaultOverrides:
- rule: app.example.com
type: A
ttl: 60
proxied: falseThis will override the defaults for the app.example.com rule.
SyncFlaer can be configured to support Kubernetes Ingresses. By default, SyncFlaer will sync all Ingresses.
If you run SyncFlaer in a Kubernetes cluster, please refer to the deployments/kubernetes folder for an example deployment.
If you run SyncFlaer outside a Kubernetes cluster, you can use the KUBECONFIG environment variable to configure a specific kubeconfig file.
If the KUBECONFIG environment variable is not set, SyncFlaer will use the default kubeconfig file located at $HOME/.kube/config.
If you want to ignore specific Ingresses, use the annotation syncflaer.containeroo.ch/ignore=true.
To overwrite the default configuration for DNS records, you can specify the following annotations for each Ingress:
| Annotation | Example |
|---|---|
syncflaer.containeroo.ch/type |
A or CNAME |
syncflaer.containeroo.ch/content |
example.com |
syncflaer.containeroo.ch/proxied |
true |
syncflaer.containeroo.ch/ttl |
120 |
Instead of putting secrets in the config file, SyncFlaer can grab secrets from environment variables.
You can define the names of the environment variables by using the env: prefix.
| Configuration | Example |
|---|---|
notifications.slack.webhookURL |
env:SLACK_TOKEN |
password in traefikInstances |
env:TRAEFIK_K8S_PW |
customRequestHeaders in traefikInstances |
env:TRAEFIK_AUTH_HEADER |
cloudflare.apiToken |
env:CF_API_TOKEN |
If not specified, the following defaults apply:
| Name | Default Value |
|---|---|
skipUpdateCheck |
false |
ipProviders |
["https://ifconfig.me/ip", "https://ipecho.net/plain", "https://checkip.amazonaws.com", "https://api.ipify.org"] |
kubernetes.enabled |
false |
managedRootRecord |
true |
cloudflare.deleteGrace |
0 (delete records instantly) |
cloudflare.defaults.type |
CNAME |
cloudflare.defaults.proxied |
true |
cloudflare.defaults.ttl |
1 |
notifications.slack.username |
SyncFlaer |
notifications.slack.iconURL |
https://www.cloudflare.com/img/cf-facebook-card.png |
You can specify additional DNS records which are not configured as Traefik hosts.
| Key | Example | Default Value | Required |
|---|---|---|---|
name |
a.example.com |
none | yes |
type |
A |
cloudflare.defaults.type |
no |
proxied |
true |
cloudflare.defaults.proxied |
no |
ttl |
1 |
cloudflare.defaults.ttl |
no |
content |
1.1.1.1 |
current public IP |
no |
| Key | Example | Default Value | Required |
|---|---|---|---|
name |
vpn.example.com |
none | yes |
type |
CNAME |
cloudflare.defaults.type |
no |
proxied |
false |
cloudflare.defaults.proxied |
no |
ttl |
120 |
cloudflare.defaults.ttl |
no |
content |
mysite.com |
cloudflare.zoneName |
no |
To create an API token visit https://dash.cloudflare.com/profile/api-tokens, click on Create token and select Get started.
Select the following settings:
Permissions:
Zone-DNS-Edit
Zone Resources:
Include-All Zones
The cloudflare.apiToken config is now required to be present in config file.
If you want to use environment variables for Slack webhook URL, Traefik HTTP basic auth password and Cloudflare API token, you have to use the env: prefix.
Everything after the env: part will be used as the name of the environment variable.
2023 containeroo
Cloudflare and the Cloudflare logo are registered trademarks owned by Cloudflare Inc. This project is not affiliated with Cloudflare®.