Use the STACKIT DNS extension with your cluster

Zuletzt aktualisiert am 1. Juni 2026

This tutorial guides you through the necessary steps to enable the STACKIT DNS extension on your STACKIT Kubernetes Engine (SKE) cluster. Activating this extension allows for the automatic synchronization of your Kubernetes Services and Ingress controllers with your managed DNS zones in STACKIT DNS, removing the need for manual record keeping.

What is the STACKIT DNS extension?

STACKIT DNS is a managed service for hosting external DNS zones. It allows you to create resource records that are globally distributed automatically by leveraging Anycast DNS. To get started with STACKIT DNS, see “Create your first DNS zone and query it”.

The STACKIT DNS extension bridges the gap between SKE and STACKIT DNS. When exposing your Services and Ingress controllers you likely want to make them discoverable via DNS. It can be tedious to keep your exposed IPs and DNS records in sync. This is where STACKIT DNS extension comes into play. By deploying a fully managed ExternalDNS deployment in your cluster’s control plane all required DNS records are created, updated and cleaned up for you to make your deployments available via DNS.

Learn more on how ExternalDNS works or get started with the STACKIT DNS extension in the section below.

How to use the STACKIT DNS extension

To benefit from automation provided by the STACKIT DNS extension follow these steps:

Create a primary STACKIT DNS zone.
Activate the STACKIT DNS extension on your SKE cluster.
Expose an application via Service, Ingress, or Gateway API.

Create a primary STACKIT DNS zone

You need a primary STACKIT DNS zone for the extension to work, which can be provisioned via the Portal. To learn how to achieve this, refer to the STACKIT DNS documentation.

Activate the STACKIT DNS extension on your SKE cluster

You can activate the STACKIT DNS extension using the SKE API.

Once you are prepared to use the SKE API, use the following endpoint to activate the extension:

PUT v2/projects/{projectId}/clusters/{clusterName}

In the request body configure the following section:

...
"extensions":
{
    ...
    "dns":
    {
        "enabled": true,
        "gatewayApi": true,
        "zones":
            [
                "<your-domain>.runs.onstackit.cloud"
            ]
    }
    ...
},

The field gatewayApi is optional and set to false by default. After deploying the CRDs, the cluster must be reconciled to have external-dns watch the Gateway API *Route resources.

Expose an application via service or ingress or Gateway

ExternalDNS will pick up any Service with type=LoadBalancer, type=ExternalName or type=NodePort, and all hostnames defined in Ingress or Gateway API routing rules.

Services: ExternalDNS will look for the external-dns.alpha.kubernetes.io/hostname annotation.
Ingress: All hosts defined in the rules are used.
Gateway API: Hostnames defined in your HTTPRoute, TLSRoute, GRPCRoute, TCPRoute or UDPRoute listeners are used.

For more details refer to the ExternalDNS documentation.

Example

Take the following example as a showcase.

Create a primary DNS zone. You can use a free <your-domain>.runs.onstackit.cloud.
Activate the extension via the SKE API, defining:

...
"extensions":
{
    ...
    "dns":
    {
        "enabled": true,
        "zones":
            [
                "<your-domain>.runs.onstackit.cloud"
            ]
    }
    ...
},

Make the following change to your deployment and apply it:

apiVersion: v1
kind: Service
metadata:
  name: wordpress
  labels:
    app: wordpress
  annotations:
    external-dns.alpha.kubernetes.io/hostname: wp.<your-domain>.runs.onstackit.cloud
spec:
  type: LoadBalancer
  ports:
    - name: wordpress
      port: 80
  selector:
    app: wordpress

After a short time your site can be reached via wp.<your-domain>.runs.onstackit.cloud.