Kubernetes on AWS: How to connect to RDS?
Hey there! It’s time to write a new blog post about something really hot, for example — Kubernetes. In order to make this article even more spicy, I want to talks about Kubernetes in terms of AWS and access to a database. So basically this post is for those of you who wants to setup k8s application on Amazon Cloud and configure access to RDS (Postgres / MySQL) from the application. Let’s get started!
A long time ago a software development world was “quaked” by a containerization. Since that time every backend developer should know what is Docker and how to use it. That was only a beginning of something bigger. Today I can definitely say, that containers without proper orchestration and service discovery mechanism are pretty useless. Here is a place where Kubernetes goes out to the scene.
How to access RDS from EKS?
AWS has its own service to run apps in Kubernetes — EKS. It’s definitely not so trivial as GCP alternative, but any way it’s not so hard to setup k8s cluster in Amazon Cloud, especially if you do it by official AWS tutorial. The problem appears when you want to do something more custom, rather than starting a regular k8s cluster. For example when you want to access a database (RDS in terms of AWS). In order to understand this problem more deeply, I want to describe some technicals.
When we create a k8s cluster in EKS, a new VPC with its own CIDR IP is created. The same is true for RDS. VPCs by definition are closed for communication with external world. To overcome this we need to use some hook.
AWS has such a mechanism — peering connection. The first step you need to do, in order to setup an access from the k8s cluster to the database, is to create a peering connection. The connection should be initiated from the RDS VPC to the EKS VPC.
Then routing tables need to be updated for both of VPCs. For the EKS routing table a new route should be created with a destination which corresponds to CIDR IP of RDS VPC, and the peering connection as a target. Similarly you need to create a new route for the RDS routing table.
This step, probably, is the most tricky one.
Next you have to update RDS security group. Add new rule which allows all traffic from EKS CIDR IP.
Finally, go to the peering connection and change its configuration by enabling a dns propagation.
That’s it. After this long way, your app which runs on AWS EKS should be able to access database hosted in RDS. I hope that this article will help you to tackle an issue of accessing RDS from Kubernetes on AWS.
This article is based on my Stackoverflow question.