Deploying External DNS With AWS EKS

Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) is a managed service that simplifies the deployment, scaling, and management of containerized applications using Kubernetes.

One of the key benefits of EKS is its ability to integrate with other AWS services, such as Route 53, to provide DNS resolution for your Kubernetes clusters.

In this article, we will discuss how to deploy External DNS on AWS EKS to automate the creation and deletion of DNS records for Kubernetes services.

Overview of External DNS:

External DNS is a Kubernetes add-on that automatically creates and deletes DNS records in an external DNS provider based on Kubernetes service and ingress resources.

This enables you to use custom domain names for your Kubernetes services without having to manually create and update DNS records. External DNS supports a variety of DNS providers, including Route 53, Google Cloud DNS, Azure DNS, and more.

Deploying External DNS on AWS EKS:

To deploy External DNS on AWS EKS, you will need to follow the steps below:

Create an IAM policy

First, you need to create an IAM policy that grants External DNS permissions to manage Route 53 resources. You can use the following policy as a starting point:

Save this policy as a JSON file, such as “external-dns-iam-policy.json” and Create a Policy in AWS IAM Dashboard. Now With this page copy the ARN of this Policy as we need to use this in the upcoming command.

Create IAM Service Account with the Policy you just Created

Next, you need to create an IAM Service Account that External DNS can assume to manage Route 53 resources. You can use the following command to create the role:

For that, you need to have eksctl configured in your system.

eksctl create iamserviceaccount --name --namespace --cluster --attach-policy-arn --approve --profile

Please Replace the Values between hyphens <> in this command, Here I had given you Sample Command. Please be sure you are using the same namespace during the whole tutorial.

eksctl create iamserviceaccount --name external-dns --namespace default --cluster demo-cluster --attach-policy-arnarn:aws:iam::012345678901:policy/ExternalDNSPolicy--approve --profile demo-keys

In Backend, this command will create a Cloudformation stack in your was account. so you can check the status and resources created by this command in the AWS cloud formation stack Dashboard.

After Completing this Cloudformation stack, you can check ServiceAccount created in the default namespace.

kubectl get sa -n default

Now We are done with the AWS Side Configurations, Now let’s have some work done for the Kubernetes side to give Cluster access to change the DNS Changes at Route53 Hosted Zone from Kubernetes Files.

Create ClusterRole and ClusterRole Binding:

Let’s Create Cluster Role and Clusterrole binding files so that external-dns-controller can do change to the Route53 DNS.

Now Let’s Create a ClusterRoleBinding.yaml file for the Clusterrole we created.

Now, For the Acess, we have done all the work with Cluster and cluster role binding, Just Apply both files with the command.

kubectl apply -f <filename.yaml>

Now we will create One Deployment File for external-dns-controller which will do all the work for us.

Create a Deployment file for External DNS Controller

This Deployment Managed Pod will deploy the External DNS controller in your Kubernetes cluster. The controller will monitor your Kubernetes services and ingresses and automatically create and delete Route 53 DNS records as necessary.

After Deploying this Deployment File Now Check for the Deployment with 1 Pod is Up And Running.

kubectl get deployments

Also, You can check the Logs of the Pod Created by the Deployment By:

kubectl logs <pod name> -n default

Now, After Full Deployment, you are Ready with the External DNS and you don’t need to add External DNS to all your API Of the Cluster Services. It will automatically add all your Services and Ingresses automatically to the Route53 Hosted Zone.

Configuring External DNS in K8s Files

Once External DNS is deployed, you can configure it to create and manage DNS records for your Kubernetes services. To do this, you can add annotations to your Kubernetes services or ingresses that specify the desired DNS name and DNS provider.

For example, to create a DNS record for a Kubernetes service named “my-service” with a DNS name of “” in Route 53, you can add the following annotation to your service:

Congrats! You have successfully deployed external DNS with AWS EKS. With external DNS, you can now easily expose your Kubernetes services to the internet or other parts of your infrastructure by automatically creating DNS records.

Remember to regularly monitor your DNS records to ensure that they are accurate and up-to-date. You can also customize external DNS to meet your specific needs by modifying the configuration options.

Overall, deploying external DNS with AWS EKS is a straightforward process that can provide significant benefits for your applications. With this guide, you should be well-equipped to get started with external DNS and take advantage of its powerful features.

Did you find this article valuable?

Support Ravi Kyada by becoming a sponsor. Any amount is appreciated!