tiredofit / docker-traefik-cloudflare-companion

Automatically Create CNAME records for containers served by Traefik
MIT License
404 stars 65 forks source link

Feature request: Delete CNAME on container stop #13

Open modem7 opened 4 years ago

modem7 commented 4 years ago

Heya,

I'm unsure if this is possible at all.

Would it be feasible to delete CNAMEs on containers that no longer exist?

Would be useful for test containers or limited time/scope mini-projects that once their usefulness is done can just be deleted. But obviously currently, the CNAME still stays up on CF.

Thanks!

dchidell commented 4 years ago

It's possible, but not entirely reliable, for the following reasons:

1) If a container disappears when this container isn't running, there will be nothing to see the 'stop' event. Even if this container is run afterwards, the DNS record will still exist.

2) There may be some records which exist statically on some peoples setups, so deleting them when you see a traefik enabled container disappearing might be considered dangerous.

I'm happy to submit a PR for this if it would be seen as useful - however I think it should be a toggleable option which is disabled by default. Let me know your thoughts.

tiredofit commented 4 years ago

There's an active issue in Traefik's issue tracker that has an interesting take on this but in reverse. I'd like to see if it gains any traction before evaluating this. I agree it is fairly risky.

modem7 commented 4 years ago

I certainly agree that it should be a variable/option that's disabled by default, forcing this could (and probably would) cause far too many unexpected problems for those not expecting the new functionality.

Alternatively, potentially make it a white list system only, only dealing with the CNAMEs that are declared or similar functionality?

tiredofit commented 4 years ago

Whitelist sounds interesting. I have hundreds of dev.* domains I'd like to clear out and Cloudflare point click process is tedious.

modem7 commented 4 years ago

Even more so if we can set some form of label that we can attach to containers (kinda like the autoheal container needs "autoheal = true"), it would effectively add a safety net and an easier way to automate the whitelisting

On Sat, 22 Aug 2020, 19:17 Dave Conroy, notifications@github.com wrote:

Whitelist sounds interesting. I have hundreds of dev.* domains I'd like to clear out and Cloudflare point click process is tedious.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/tiredofit/docker-traefik-cloudflare-companion/issues/13#issuecomment-678674178, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABBGACVPNJYRBFYMPBGI3B3SCADSTANCNFSM4PVWBGSQ .

jathek commented 4 years ago

What makes this extension very useful is that parsing traefik's labels removes the task of updating another label or list. Moving the CNAME identification to somewhere else would defeat the purpose, I think.

However, adding a custom Cloudflare Companion label could open up the ability to set the proxy status or forced update status on a per CNAME basis, which would be very useful.

For deleting obsolete CNAMEs, you could have an environment variable called DELETE_UNDECLARED=TRUE/FALSE, where if TRUE all CNAMEs not declared in traefik labels are deleted.

It's possible to imitate a whitelist by just adding a traefik Host rule to Cloudflare Companion's own container (shout-out to @htpcbeginner for that trick). Alternatively you can add a WHITELIST environment variable to make the whitelisting a bit more integrated.

iangregsondev commented 3 years ago

This would be great if this feature was implemented. I like the idea of having a few more ENV vars to configure it.

KillerTic commented 2 years ago

Would find it very helpful as well. Should be configurable!

An option could be to "remember" all domains which where set and on the next run compare. If one is on the "remembered" list, but not in the run to be set, then remove it.

romich commented 1 month ago

One can leverage Cloudflare record comments (or tags - but they are not available on free plan) to mark DNS records as "owned" by traefik-cloudflare-companion so that their lifecycle can be managed end-to-end (create/update/delete) - similar to how external-dns works in Kubernetes world.