Skills2026年4月15日·1 分钟阅读

ExternalDNS — Sync Kubernetes Services with DNS Providers

Kubernetes SIG controller that keeps Route 53, Cloudflare, Google Cloud DNS and 30+ other providers in sync with Services, Ingresses, and Gateway API routes.

AI Open Source
AI Open Source · Community
Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
ExternalDNS
直接安装命令
npx -y tokrepo@latest install 458a67fd-38d7-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

TL;DR
Kubernetes controller that auto-syncs DNS records with 30+ providers based on Services and Ingresses.
§01

What it is

ExternalDNS is a Kubernetes SIG controller that automatically manages DNS records based on your Kubernetes resources. When you create a Service with a hostname annotation or an Ingress with a host rule, ExternalDNS creates the corresponding DNS records in your provider (Route 53, Cloudflare, Google Cloud DNS, Azure DNS, and 30+ others). When you delete the resource, the DNS record is cleaned up.

ExternalDNS targets platform engineers who want DNS management to be declarative and automatic rather than manual. It closes the gap between deploying a service and making it reachable by name.

§02

How it saves time or tokens

Manually creating DNS records for every Kubernetes service is error-prone and slow. ExternalDNS makes DNS a side effect of deploying your application. You annotate your Service or Ingress with the desired hostname, and the controller handles the rest. This eliminates the need for Terraform DNS modules, manual console clicks, or API scripts for routine DNS operations.

§03

How to use

  1. Install ExternalDNS via Helm:
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
helm upgrade --install external-dns external-dns/external-dns \
  --set provider=cloudflare \
  --set cloudflare.apiToken=YOUR_TOKEN \
  --set policy=sync
  1. Annotate a Service with a hostname:
apiVersion: v1
kind: Service
metadata:
  name: my-app
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.example.com
spec:
  type: LoadBalancer
  ports:
    - port: 80
  selector:
    app: my-app
  1. ExternalDNS detects the annotation and creates an A record pointing app.example.com to the LoadBalancer IP.
§04

Example

Using ExternalDNS with an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
    - host: api.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api-service
                port:
                  number: 8080

ExternalDNS reads the host field and creates the DNS record automatically.

§05

Related on TokRepo

§06

Common pitfalls

  • The policy=sync mode deletes DNS records not managed by ExternalDNS; use policy=upsert-only if you have existing manual records you want to preserve
  • Each DNS provider requires specific credentials and permissions; check the ExternalDNS provider documentation for the minimum required IAM policy
  • TXT ownership records are created alongside A/CNAME records; do not delete them or ExternalDNS will lose track of which records it manages

常见问题

Which DNS providers does ExternalDNS support?+

ExternalDNS supports 30+ providers including AWS Route 53, Cloudflare, Google Cloud DNS, Azure DNS, DigitalOcean, Linode, OVH, and many others. Community-maintained providers extend coverage further.

Does ExternalDNS work with Gateway API?+

Yes. ExternalDNS supports Gateway API resources (HTTPRoute, Gateway) in addition to traditional Services and Ingresses. This makes it compatible with modern Kubernetes networking standards.

What happens when I delete a Service?+

If the policy is set to 'sync', ExternalDNS deletes the corresponding DNS record. With 'upsert-only' policy, records are created and updated but never deleted. Choose the policy based on your operational requirements.

Can multiple ExternalDNS instances manage different zones?+

Yes. You can run multiple ExternalDNS deployments, each configured with different domain filters and provider credentials. This is common in multi-team or multi-account setups.

Does ExternalDNS support wildcard records?+

Yes. You can annotate a Service or Ingress with a wildcard hostname like '*.example.com'. ExternalDNS will create the corresponding wildcard DNS record in your provider.

引用来源 (3)
TokRepo 相关
DevOps toolsAutomation toolsFeatured workflows

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

rclone — rsync for Cloud Storage Across 70+ Providers

rclone is a command-line tool to sync, copy, and mount files between any two of 70+ cloud storage providers (S3, GCS, Azure, Dropbox, Google Drive, OneDrive, etc.). The universal file-moving tool every sysadmin should know.

Skills
AI Open Source

External Secrets Operator — Sync Secrets from Any Vault to Kubernetes

CNCF operator that pulls secrets from AWS Secrets Manager, Vault, GCP, Azure, 1Password, Doppler, and 25+ other backends into native Kubernetes Secret objects.

Skills
AI Open Source

Electric — Postgres Sync Engine for Local-First Apps

A sync engine that streams data from Postgres into local apps, browsers, and edge services in real time, enabling local-first architectures with partial replication and CDN-friendly delivery.

Skills
AI Open Source

MicroK8s — Lightweight Zero-Ops Kubernetes from Canonical

Get a fully conformant Kubernetes cluster running in a single command with built-in add-ons for DNS, storage, ingress, GPU support, and Istio.

Skills
AI Open Source
首页🔍搜索👤我的