Important
Support for the legacy DNS system is going to be discontinued by Hetzner in May 2026. For this reason the legacy DNS provider will be deleted in version v1.0.0, which will be released in June, and only the new Cloud provider will be available.
For the time being no new features will be added to the legacy DNS driver and only important bugfixes will be backported.
Note
The latest version is v0.12.1.
ExternalDNS is a Kubernetes add-on for automatically handling DNS records for Kubernetes services using different providers. By default, Kubernetes manages DNS records internally, but ExternalDNS takes this functionality a step further by delegating the management of DNS records to an external DNS provider such as this one. This webhook allows you to manage your Hetzner domains inside your kubernetes cluster.
This webhook supports both the old DNS API and the new Cloud DNS interface.
Tip
If you are upgrading from previous versions please read the Upgrading from previous versions section.
Please check the documentation website for further information.
This quickstart assumes that you are using the new Cloud API for new installations.
Generate a Read/Write API token in your Hetzner Console.
Substitute <CLOUD_API_TOKEN> with your token:
kubectl create secret generic hetzner-credentials --from-literal=api-key='<CLOUD_API_TOKEN>' -n external-dnsThe simplest way is using Helm.
Skip this step if you already have the ExternalDNS repository added:
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/Update your helm chart repositories:
helm repo updateYou can then create the helm values file, for example
external-dns-hetzner-values.yaml:
namespace: external-dns
policy: sync
provider:
name: webhook
webhook:
image:
repository: ghcr.io/mconfalonieri/external-dns-hetzner-webhook
tag: v0.12.1
env:
- name: HETZNER_API_KEY
valueFrom:
secretKeyRef:
name: hetzner-credentials
key: api-key
livenessProbe:
httpGet:
path: /health
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /ready
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs:
- "--txt-prefix=reg-%{record_type}."And then:
# install external-dns with Helm
helm install external-dns-hetzner external-dns/external-dns -f external-dns-hetzner-values.yaml -n external-dnsThis project is licensed under the Apache License, version 2.0 - see the LICENSE file for details.
This Webhook was forked and modified from the IONOS Webhook to work with Hetzner. It also contains huge parts from DrBu7cher's Hetzner provider.
| Name | Contribution |
|---|---|
| DerQue | local CNAME fix |
| sschaeffner | build configuration for arm64 |
| sgaluza | support for MX records |