Cette page est affichée en anglais. Une traduction française est en cours.

SkillsApr 16, 2026·3 min de lecture

External-DNS — Automatic DNS Records for Kubernetes Services

External-DNS watches Kubernetes Services and Ingresses and automatically creates, updates, and deletes DNS records in providers like Route53, Cloudflare, and Google Cloud DNS to keep DNS in sync with your cluster.

AI Open Source · Community

Prêt pour agents

Installation agent prête

Cet actif peut être installé après choix du runtime, vérification du plan et exécution de la commande adaptée.

Native · 98/100Policy : autoriser

Surface agent

Tout agent MCP/CLI

Type

Skill

Installation

Single

Confiance

Confiance : Established

Point d'entrée

External-DNS Overview

Commande d'installation directe

npx -y tokrepo@latest install 1999538f-3943-11f1-9bc6-00163e2b0d79 --target codex

À exécuter après confirmation du plan en dry-run.

TL;DR

External-DNS syncs Kubernetes service endpoints to DNS providers like Route53 and Cloudflare.

§01

What it is

External-DNS is a Kubernetes controller that watches Services, Ingresses, and other resources and automatically creates, updates, and deletes DNS records in external DNS providers. It supports Route53, Cloudflare, Google Cloud DNS, Azure DNS, and many others. DNS configuration becomes declarative: define your service with an annotation, and External-DNS handles the rest.

This tool is for Kubernetes platform engineers who want DNS to stay in sync with cluster state without manual record management.

§02

How it saves time or tokens

Without External-DNS, deploying a new service to Kubernetes requires manual DNS record creation. External-DNS automates this entirely. When a service is created with the right annotation, DNS records appear. When the service is deleted, records are cleaned up. This eliminates a common source of deployment friction and human error.

§03

How to use

Deploy External-DNS to your Kubernetes cluster.
Configure it with your DNS provider credentials.
Add annotations to your Services or Ingresses.
DNS records are created and managed automatically.

# Install External-DNS via Helm
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/

helm install external-dns external-dns/external-dns \
  --set provider=cloudflare \
  --set cloudflare.apiToken=your-token \
  --set domainFilters[0]=example.com

§04

Example

An annotated Kubernetes Service:

apiVersion: v1
kind: Service
metadata:
  name: my-app
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.example.com
    external-dns.alpha.kubernetes.io/ttl: '300'
spec:
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8080
  selector:
    app: my-app

External-DNS creates an A record for app.example.com pointing to the LoadBalancer IP.

# Ingress example
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app-ingress
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.example.com
spec:
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-app
                port:
                  number: 80

§05

Related on TokRepo

DevOps tools — Kubernetes and infrastructure tools
Automation tools — Infrastructure automation

§06

Common pitfalls

External-DNS needs proper RBAC and DNS provider permissions. Missing permissions cause silent failures without DNS records.
The --domain-filter flag is important. Without it, External-DNS may try to manage DNS records for domains you do not own.
DNS propagation takes time. Do not expect records to be resolvable immediately after service creation.
Multiple External-DNS instances managing the same zone can conflict. Use --txt-owner-id to prevent conflicts.
Deleting a namespace does not always trigger cleanup. Ensure External-DNS has access to watch deletion events.
Review the official documentation before deploying to production to ensure compatibility with your specific environment and requirements.
Start with default settings and customize incrementally. Changing too many configuration options at once makes debugging harder.

Questions fréquentes

Which DNS providers does External-DNS support?+

External-DNS supports AWS Route53, Cloudflare, Google Cloud DNS, Azure DNS, DigitalOcean, Linode, RFC2136 (BIND), and many others. The full list is in the documentation.

Does External-DNS create CNAME or A records?+

It depends on the source. LoadBalancer services with IP addresses create A records. Services with hostnames create CNAME records. You can configure the record type with annotations.

Is External-DNS safe for production?+

Yes. External-DNS is a CNCF project used in production by many organizations. Use domain filters, txt-owner-id, and registry settings to prevent accidental record changes.

Can External-DNS manage records across multiple providers?+

A single External-DNS instance manages one provider. For multiple providers, deploy separate External-DNS instances, each configured for its provider.

How does External-DNS handle record cleanup?+

When a Kubernetes resource is deleted, External-DNS removes the corresponding DNS record. It uses TXT ownership records to track which records it manages, preventing deletion of manually created records.

Sources citées (3)

External-DNS GitHub— External-DNS automatically manages DNS for Kubernetes
External-DNS Docs— External-DNS configuration and provider setup
Kubernetes DNS Docs— Kubernetes networking and DNS concepts

En lien sur TokRepo

DevOps tools Automation tools Featured workflows

Fil de discussion

Connectez-vous pour rejoindre la discussion.

Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

ExternalDNS — Sync Kubernetes Services with DNS Providers

Kubernetes SIG controller that keeps Route 53, Cloudflare, Google Cloud DNS and 30+ other providers in sync with Services, Ingresses, and Gateway API routes.

Skills

AI Open Source

Virtual Kubelet — Run Kubernetes Pods on Serverless and External Backends

Virtual Kubelet implements the Kubernetes kubelet interface as a pluggable provider, allowing pods to be scheduled onto serverless platforms, IoT edge nodes, or any non-traditional compute backend.

Skills

AI Open Source

External Secrets Operator — Sync Secrets from Any Vault to Kubernetes

CNCF operator that pulls secrets from AWS Secrets Manager, Vault, GCP, Azure, 1Password, Doppler, and 25+ other backends into native Kubernetes Secret objects.

Skills

AI Open Source

CloudNativePG — Production-Grade PostgreSQL Operator for Kubernetes

CloudNativePG is a Level V Kubernetes operator that manages PostgreSQL clusters with streaming replication, online backups, point-in-time recovery and rolling upgrades — without any external pgBouncer-like layer.

Skills

AI Open Source