Skip to content

livelink/terraform-kubernetes-external-dns

BranchesTags

Repository files navigation

Terraform Kubernetes External DNS Module

This module replicates the official external-dns Helm chart with focus on Google Cloud and some additions:

  • Create Kubernetes namespace
  • Create GKE workload identity
  • Bind cross-project Cloud DNS managed zone IAM role

The work has been inspired by ExternalDNS GKE and Cloud DNS integration official guide.

TODO

Controller configuration

Registry (TXT)

Double TXT records

When external-dns creates records now, it creates 2 TXT records instead of 1. Each record has the same --txt-prefix, however the other one has an a at the end:

txt-prefix-example.com
txt-prefix-a-example.com

GitHub issue #3167

Policy

The default policy for DNS records management is sync which allows ExternalDNS to create, update, and delete DNS records. You can change the policy by setting the policy input variable to create-only, upsert-only or delete-only value.

TTL

apiVersion: v1
kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.acme.com.
    external-dns.alpha.kubernetes.io/ttl: "60"

Prerequisites

Google APIs are expected to be activated:

  • dns.googleapis.com Cloud DNS API
  • container.googleapis.com GKE API
  • iam.googleapis.com IAM API

Usage

module "example" {
  source = "git::git@github.com:livelink/terraform-kubernetes-external-dns.git?ref=v0.3.0"

  project_id            = "com-livelinklabs-4-3"
  dns_project_id        = "com-livelinklabs-dns"
  dns_managed_zone_name = "dice"
  dns_zones             = ["dice.livelinklabs.com"]
  txt_owner_id          = "livelink-test-external-dns"
}

Requirements

Name Version
terraform >= 1.7.0
google ~> 5.0
kubernetes ~> 2.0

Providers

Name Version
google.dns ~> 5.0
kubernetes ~> 2.0

Modules

Name Source Version
runtime_identity terraform-google-modules/kubernetes-engine/google//modules/workload-identity 31.0.0

Resources

Name Type
google_project_iam_member.default resource
kubernetes_cluster_role.default resource
kubernetes_cluster_role_binding.default resource
kubernetes_deployment.default resource
kubernetes_namespace.default resource

Inputs

Name Description Type Default Required
dns_project_id GCP project ID where DNS zones are hosted string n/a yes
dns_zones DNS zones: example.com, acme.com list(string) n/a yes
image Docker image string "registry.k8s.io/external-dns/external-dns:v0.14.2" no
interval Interval for DNS sync string "1m" no
name Global name string "external-dns" no
namespace Kubernetes namespace string "external-dns" no
policy Policy for DNS records: sync, create-only, upsert-only, delete-only string "sync" no
project_id GCP project ID where GKE cluster is deployed string n/a yes
resources Kubernetes deployment container resources 
object({
    requests = object({
      cpu    = string
      memory = string
    })
    limits = object({
      cpu    = string
      memory = string
    })
  })
 
{
  "limits": {
    "cpu": null,
    "memory": null
  },
  "requests": {
    "cpu": "100m",
    "memory": "50Mi"
  }
}
 no
txt_owner_id Registry TXT Owner ID string "" no
txt_prefix Registry TXT Prefix string "external-dns-" no

Outputs

No outputs.

Development

MacOS

brew install pre-commit tswitch terraform-docs tflint tfsec
pre-commit install --install-hooks

About

Kubernetes external-dns Helm chart replica with Google Cloud specific

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 4

v0.3.0 Latest
Jul 21, 2025
+ 3 releases

Languages