ExternalDNS configuration reference for Lokomotive


    ExternalDNS is a Kubernetes addon that synchronizes exposed Kubernetes Services and Ingresses with DNS providers to make them discoverable.


    • A Lokomotive cluster accessible via kubectl.

    • An ingress controller such as Contour for HTTP ingress.


    ExternalDNS component with Contour supports managing DNS records for Services of type LoadBalancer only. More information on this limitation is explained in this issue .

    ExternalDNS component currently supports AWS Route53 DNS provider.

    ExternalDNS component configuration example:

    component "external-dns" {
      # Required arguments.
      aws {
        # Required arguments
        zone_type = "public"
        zone_id = "ZQXH02G1EPZ6R"
        # Optional arguments.
        aws_access_key_id = ""
        aws_secret_access_key = ""
      # Optional arguments.
      sources = ["ingress"]
      namespace = "external-dns"
      policy = "upsert-only"
      metrics = false

    Attribute reference

    Table of all the arguments accepted by the component.

    Argument Description Default Type Required
    sources Kubernetes resources type to be observed for new DNS entries by ExternalDNS. [“ingress”] list(string) false
    namespace Namespace to install ExternalDNS. “external-dns” string false
    policy Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only). “upsert-only” string false
    metrics Enable metrics collection by Prometheus. Needs Prometheus Operator component installed. false bool false
    owner_id A name that identifies this instance of ExternalDNS. Set it to a unique value across the DNS zone that doesn’t change for the lifetime of the cluster. - string true
    aws Configuration block for AWS Route53 DNS provider. - object true
    aws.zone_type Filter for zones of this type (options: public, private). “public” string false
    aws.zone_id ID of the DNS zone. - string true
    aws.aws_access_key_id AWS access key ID for AWS credentials. Use environment variable AWS_ACCESS_KEY_ID instead. - string false
    aws.aws_secret_access_key AWS secret access key for AWS credentials. Use environment variable AWS_SECRET_ACCESS_KEY instead. - string false


    To apply the ExternalDNS component:

    lokoctl component apply external-dns


    To destroy the component:

    lokoctl component delete external-dns --delete-namespace