Related

Product Managed Kubernetes on DigitalOcean Product
[NEW] Bandwidth Pricing Calculator Tool
Private networking seems slow when Kubernetes pulls from my private docker registry. Question Question
Any plans for VPC-Native Kubernetes clusters? Question Question

Question

Expose Kubernetes service over VPC

Posted July 10, 2020 171 views
NetworkingKubernetesDigitalOcean Managed Kubernetes

Hi,

I have 2 Kubernetes clusters in the same VPC. One of those clusters has a database running (let’s call it cluster A). I’d like to access that database from the other cluster (let’s call this one cluster B).

Now, I have service (db-service) on cluster A which exposes the port for the correct deployment. On cluster B, I’d like to connect to that service via the VPC. I don’t want to expose the database to the internet, because of security reasons. But I can’t find a way to accomplish this. I can access the internal IP of the node running the database pod, but these IP’s can change and it’s not a very nice solution when you’re running multiple nodes.

Is there any way to do this?

I’ve also tried a LoadBalancer, but I can’t configure the firewall of the LoadBalancer.

Add a comment
bartv
By:
bartv
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
Purnima July 22, 2020

Hello @bartv ,

If you would like to communicate via private IP between a managed database and a managed kubernetes cluster, you need to add both of the clusters to the same VPC: https://www.digitalocean.com/docs/networking/vpc/

However, it is not possible to directly communicate between pods in the different clusters even in the same VPC network. You need to make a service setups like LB or NodePort.
https://kubernetes.io/docs/concepts/services-networking/service/

Coming to the firewall query, unfortunately, we do not support putting LoadBalancer’s behind our Cloud Firewalls. This is a limitation not of DOKS but of the current LoadBalancer product.

However, there is a way to accomplish this by exposing an ingress controller via LoadBalancer. You could then use the plethora of annotations to determine and handle the traffic. You could tell your ingress controller drop or block traffic before reaching your applications using a whitelist. https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range

I hope this helps!

Best Regards,
Purnima Kumari
Developer Support Engineer II, DigitalOcean

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help