external-dns
Vault
external-dns | Vault | |
---|---|---|
79 | 160 | |
7,286 | 29,743 | |
1.1% | 0.8% | |
9.6 | 10.0 | |
about 20 hours ago | 1 day ago | |
Go | Go | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
external-dns
-
Upgrading Hundreds of Kubernetes Clusters
The second one is a combination of tools: External DNS, cert-manager, and NGINX ingress. Using these as a stack, you can quickly deploy an application, making it available through a DNS with a TLS without much effort via simple annotations. When I first discovered External DNS, I was amazed at its quality.
-
Kubernetes External DNS provider for Hetzner
One of the reasons why I chose Hetzner was that it WAS supported by the ExternalDNS project. I didn't quite understand why the Hetzner provider was pulled, but I saw that an attempt of re-adding it was refused, on the ground that the upcoming webhook architecture would have allowed to better maintain providers.
-
Istio Multi-Cluster Setup
Write a custom controller for the external DNS controller, or setup some form of ArgoCD app / appset templating.
-
Looking for ExternalDns alternative for non k8s environment
so I am looking at having an automated way for new routers registered in Traefik to also have the corresponding DNS entry added to my Pihole instance similar to external-dns but obviously, this is exclusive to ingress on k8s environments. my current setup is traefik in a container on unraid.
-
Is a Load Balancer necessary for a HA Cluster?
You technically don’t need to run a load balancer or have a virtual IP for your control plane. If you control your dns, you can add an A record pointing to all IPs for your control plane nodes. It won’t load balance your traffic, but combined with something like External DNS it gives you HA for the control plane.
-
How can I assign an EIP to a Kubernetes deployment?
I normally deploy external-dns, which automatically updates DNS with the ingress controller's external IP address.
-
Registering DNS with Windows Domain DNS
Background: Having a look I can see this https://github.com/kubernetes-sigs/external-dns
-
Cluster nodes on different networks
3) Use the Kubernetes External-DNS. I've never used this, but this is assuming it can update DNS for each pods/app to point to the correct Node (it'd need to update my Homelab DNS running on Windows Server)
-
I am stuck on learning how to provision K8s in AWS. Security groups? ALB? ACM? R53?
So here’s the solution I have taken for our current stack. EKS and its dependencies are created through terraform using the eks module as well as provision a route53 subdomain and a wildcard cert. Once we have that created, I have installed this deployment into the cluster via the helm module: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/. This allows me to use kuberentes resources (load balancers or ingress objects) and it will handle all the provisioning of load balancers and security groups for me, based on my application yaml and annotations. We also use https://github.com/kubernetes-sigs/external-dns to manage all of our specific host names for the applications through annotations. So to generally put, terraform manages out Kubernetes clusters, and Kubernetes manages the deployment of anything needed for the application including volumes, load balancers, hostnames though Kubernetes system deployments
-
How to expose services/apps to my home network with custom DNS names
Metallb for your load balancer (layer2 mode will do) NginX-ingress, will be spot on for internal home apps External-dns to publish your dns record to your Dns server at home, https://github.com/kubernetes-sigs/external-dns
Vault
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
-
Top Secrets Management Tools for 2024
HashiCorp Vault
-
Keep it cool and secure: do's and don'ts for managing Web App secrets
For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.
-
Kubernetes Secret Management
HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.
-
Champion Building - How to successfully adopt a developer tool
So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…
-
AWS Secrets Manager for on-premise and other cloud accounts scaled architecture
You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.
-
Show HN: Anchor – developer-friendly private CAs for internal TLS
https://github.com/openwrt/luci/blob/master/applications/luc...
https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :
> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.
-
The Complete Microservices Guide
Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.
-
Horcrux: Split your file into encrypted fragments
The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.
[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...
-
OpenTF Announces Fork of Terraform
Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...
What are some alternatives?
metallb - A network load-balancer implementation for Kubernetes using standard routing protocols
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
cloudflare-ingress-controller - A Kubernetes ingress controller for Cloudflare's Argo Tunnels
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
ingress-nginx - Ingress-NGINX Controller for Kubernetes
sops - Simple and flexible tool for managing secrets
crossplane - The Cloud Native Control Plane
etcd - Distributed reliable key-value store for the most critical data of a distributed system
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
awx-operator - An Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. 🤖
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]