Last updated: 14 Jan 2026

govuk-infrastructure: 9. Use `external-dns` for DNS record management

Date: 2021-08-27

Status

Accepted

Context

We want to be able to manage DNS records for Kubernetes Ingress and Service type=Loadbalancer resources declaratively with Kubernetes resources, so that we avoid the overhead and brittleness of manual DNS management with Terraform.

external-dns is the primary project in this space and gives us everything we need; Route53 integration, support for all AWS load balancer types, integration with alb-ingress-controller and IAM Roles for Service Accounts support.

Decision

Use external-dns.

Consequences

We can install it with a Helm chart.

Ingress and Service resources can configure a DNS record with a simple annotation:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: foo.test.govuk.digital