From 1b8d2efce444d8461c9340f7a9fa806029e0d116 Mon Sep 17 00:00:00 2001
From: as51340 <andi8647@gmail.com>
Date: Tue, 31 Mar 2026 07:51:59 +0200
Subject: [PATCH] Add per-instance external access annotations to HA K8s docs

Document the new externalAccessAnnotations parameter for data and
coordinator instances in the HA Helm chart, which allows setting
unique annotations (e.g. external-dns hostnames) per instance.
Based on memgraph/helm-charts#215.
---
 .../setup-ha-cluster-k8s.mdx                  | 44 ++++++++++++++++++-
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/pages/clustering/high-availability/setup-ha-cluster-k8s.mdx b/pages/clustering/high-availability/setup-ha-cluster-k8s.mdx
index 64c7e186d..438d1dff4 100644
--- a/pages/clustering/high-availability/setup-ha-cluster-k8s.mdx
+++ b/pages/clustering/high-availability/setup-ha-cluster-k8s.mdx
@@ -272,6 +272,45 @@ Envoy Gateway controller with Memgraph HA cluster, see [Use Memgraph HA chart wi
 
 By default, the chart does **not** expose any external network services.
 
+{<h4 className="custom-header"> Per-instance external access annotations </h4>}
+
+When using `LoadBalancer` or `NodePort` external access, you can set annotations
+globally via `externalAccessConfig.dataInstance.annotations` and
+`externalAccessConfig.coordinator.annotations`. These apply to every external
+Service of that type.
+
+If you need different annotations per instance — for example, to assign unique
+DNS hostnames via `external-dns` — use the `externalAccessAnnotations` field on
+individual entries in `data[]` or `coordinators[]`. Per-instance annotations are
+merged with the global annotations, and **per-instance values take precedence**
+when the same key appears in both.
+
+```yaml
+externalAccessConfig:
+  dataInstance:
+    serviceType: "LoadBalancer"
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
+
+data:
+  - id: "0"
+    externalAccessAnnotations:
+      external-dns.alpha.kubernetes.io/hostname: "data-0.memgraph.example.com"
+    args:
+      - "--management-port=10000"
+      - "--bolt-port=7687"
+  - id: "1"
+    externalAccessAnnotations:
+      external-dns.alpha.kubernetes.io/hostname: "data-1.memgraph.example.com"
+    args:
+      - "--management-port=10000"
+      - "--bolt-port=7687"
+```
+
+In this example, each data instance's external Service gets the shared
+`aws-load-balancer-scheme` annotation plus its own unique `external-dns`
+hostname.
+
 ### Node affinity
 
 Memgraph HA deploys multiple pods, and you can control pod placement with
@@ -693,9 +732,9 @@ and their default values.
 | `storage.logStorageClassName`                              | The name of the storage class used for storing logs.                                                         | `""`                           |
 | `storage.logStorageAccessMode`                             | Access mode used for log storage.                                                                            | `ReadWriteOnce`                |
 | `externalAccess.coordinator.serviceType`                   | IngressNginx, NodePort, CommonLoadBalancer or LoadBalancer. By default, no external service will be created. | `""`                           |
-| `externalAccess.coordinator.annotations`                   | Annotations for external services attached to coordinators.                                                  | `{}`                           |
+| `externalAccess.coordinator.annotations`                   | Annotations applied to all coordinators' external services.                                                  | `{}`                           |
 | `externalAccess.dataInstance.serviceType`                  | IngressNginx, NodePort or LoadBalancer. By default, no external service will be created.                     | `""`                           |
-| `externalAccess.dataInstance.annotations`                  | Annotations for external services attached to data instances.                                                | `{}`                           |
+| `externalAccess.dataInstance.annotations`                  | Annotations applied to all data instances' external services.                                                | `{}`                           |
 | `headlessService.enabled`                                  | Specifies whether headless services will be used inside K8s network on all instances.                        | `false`                        |
 | `ports.boltPort`                                           | Bolt port used on coordinator and data instances.                                                            | `7687`                         |
 | `ports.managementPort`                                     | Management port used on coordinator and data instances.                                                      | `10000`                        |
@@ -767,6 +806,7 @@ following parameters:
 | Parameter                                   | Description                                                                                         | Default                                 |
 |---------------------------------------------|-----------------------------------------------------------------------------------------------------|-----------------------------------------|
 | `id`                                        | ID of the instance                                                                                  | `0` for data, `1` for coordinators      |
+| `externalAccessAnnotations`                 | Per-instance annotations for the external access Service, merged with global annotations.           | `{}`                                    |
 | `args`                                      | List of arguments for the instance                                                                  | See `args` section                      |
 
 The `args` section contains a list of arguments for the instance.