Cette page est affichée en anglais. Une traduction française est en cours.
SkillsApr 15, 2026·3 min de lecture

ExternalDNS — Sync Kubernetes Services with DNS Providers

Kubernetes SIG controller that keeps Route 53, Cloudflare, Google Cloud DNS and 30+ other providers in sync with Services, Ingresses, and Gateway API routes.

AI Open Source
AI Open Source · Community
Prêt pour agents

Installation agent prête

Cet actif peut être installé après choix du runtime, vérification du plan et exécution de la commande adaptée.

Native · 98/100Policy : autoriser
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Single
Confiance
Confiance : Established
Point d'entrée
ExternalDNS
Commande d'installation directe
npx -y tokrepo@latest install 458a67fd-38d7-11f1-9bc6-00163e2b0d79 --target codex

À exécuter après confirmation du plan en dry-run.

TL;DR
Kubernetes controller that auto-syncs DNS records with 30+ providers based on Services and Ingresses.
§01

What it is

ExternalDNS is a Kubernetes SIG controller that automatically manages DNS records based on your Kubernetes resources. When you create a Service with a hostname annotation or an Ingress with a host rule, ExternalDNS creates the corresponding DNS records in your provider (Route 53, Cloudflare, Google Cloud DNS, Azure DNS, and 30+ others). When you delete the resource, the DNS record is cleaned up.

ExternalDNS targets platform engineers who want DNS management to be declarative and automatic rather than manual. It closes the gap between deploying a service and making it reachable by name.

§02

How it saves time or tokens

Manually creating DNS records for every Kubernetes service is error-prone and slow. ExternalDNS makes DNS a side effect of deploying your application. You annotate your Service or Ingress with the desired hostname, and the controller handles the rest. This eliminates the need for Terraform DNS modules, manual console clicks, or API scripts for routine DNS operations.

§03

How to use

  1. Install ExternalDNS via Helm:
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
helm upgrade --install external-dns external-dns/external-dns \
  --set provider=cloudflare \
  --set cloudflare.apiToken=YOUR_TOKEN \
  --set policy=sync
  1. Annotate a Service with a hostname:
apiVersion: v1
kind: Service
metadata:
  name: my-app
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.example.com
spec:
  type: LoadBalancer
  ports:
    - port: 80
  selector:
    app: my-app
  1. ExternalDNS detects the annotation and creates an A record pointing app.example.com to the LoadBalancer IP.
§04

Example

Using ExternalDNS with an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
    - host: api.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api-service
                port:
                  number: 8080

ExternalDNS reads the host field and creates the DNS record automatically.

§05

Related on TokRepo

§06

Common pitfalls

  • The policy=sync mode deletes DNS records not managed by ExternalDNS; use policy=upsert-only if you have existing manual records you want to preserve
  • Each DNS provider requires specific credentials and permissions; check the ExternalDNS provider documentation for the minimum required IAM policy
  • TXT ownership records are created alongside A/CNAME records; do not delete them or ExternalDNS will lose track of which records it manages

Questions fréquentes

Which DNS providers does ExternalDNS support?+

ExternalDNS supports 30+ providers including AWS Route 53, Cloudflare, Google Cloud DNS, Azure DNS, DigitalOcean, Linode, OVH, and many others. Community-maintained providers extend coverage further.

Does ExternalDNS work with Gateway API?+

Yes. ExternalDNS supports Gateway API resources (HTTPRoute, Gateway) in addition to traditional Services and Ingresses. This makes it compatible with modern Kubernetes networking standards.

What happens when I delete a Service?+

If the policy is set to 'sync', ExternalDNS deletes the corresponding DNS record. With 'upsert-only' policy, records are created and updated but never deleted. Choose the policy based on your operational requirements.

Can multiple ExternalDNS instances manage different zones?+

Yes. You can run multiple ExternalDNS deployments, each configured with different domain filters and provider credentials. This is common in multi-team or multi-account setups.

Does ExternalDNS support wildcard records?+

Yes. You can annotate a Service or Ingress with a wildcard hostname like '*.example.com'. ExternalDNS will create the corresponding wildcard DNS record in your provider.

Sources citées (3)
En lien sur TokRepo
DevOps toolsAutomation toolsFeatured workflows

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

rclone — rsync for Cloud Storage Across 70+ Providers

rclone is a command-line tool to sync, copy, and mount files between any two of 70+ cloud storage providers (S3, GCS, Azure, Dropbox, Google Drive, OneDrive, etc.). The universal file-moving tool every sysadmin should know.

Skills
AI Open Source

External Secrets Operator — Sync Secrets from Any Vault to Kubernetes

CNCF operator that pulls secrets from AWS Secrets Manager, Vault, GCP, Azure, 1Password, Doppler, and 25+ other backends into native Kubernetes Secret objects.

Skills
AI Open Source

Electric — Postgres Sync Engine for Local-First Apps

A sync engine that streams data from Postgres into local apps, browsers, and edge services in real time, enabling local-first architectures with partial replication and CDN-friendly delivery.

Skills
AI Open Source

MicroK8s — Lightweight Zero-Ops Kubernetes from Canonical

Get a fully conformant Kubernetes cluster running in a single command with built-in add-ons for DNS, storage, ingress, GPU support, and Istio.

Skills
AI Open Source
Accueil🔍Rechercher👤Moi