Introducing DigitalOcean Functions: A powerful, serverless compute solution

Related

My website is unresponsive! What do I do?
Question
Postfix timing out when sending mail
Question

Question

Expose Kubernetes service over VPC

Hi,

I have 2 Kubernetes clusters in the same VPC. One of those clusters has a database running (let’s call it cluster A). I’d like to access that database from the other cluster (let’s call this one cluster B).

Now, I have service (db-service) on cluster A which exposes the port for the correct deployment. On cluster B, I’d like to connect to that service via the VPC. I don’t want to expose the database to the internet, because of security reasons. But I can’t find a way to accomplish this. I can access the internal IP of the node running the database pod, but these IP’s can change and it’s not a very nice solution when you’re running multiple nodes.

Is there any way to do this?

I’ve also tried a LoadBalancer, but I can’t configure the firewall of the LoadBalancer.

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Purnima Kumari July 22, 2020

Hello @bartv ,

If you would like to communicate via private IP between a managed database and a managed kubernetes cluster, you need to add both of the clusters to the same VPC: https://www.digitalocean.com/docs/networking/vpc/

However, it is not possible to directly communicate between pods in the different clusters even in the same VPC network. You need to make a service setups like LB or NodePort. https://kubernetes.io/docs/concepts/services-networking/service/

Coming to the firewall query, unfortunately, we do not support putting LoadBalancer’s behind our Cloud Firewalls. This is a limitation not of DOKS but of the current LoadBalancer product.

However, there is a way to accomplish this by exposing an ingress controller via LoadBalancer. You could then use the plethora of annotations to determine and handle the traffic. You could tell your ingress controller drop or block traffic before reaching your applications using a whitelist. https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range

I hope this helps!

Best Regards, Purnima Kumari Developer Support Engineer II, DigitalOcean

Tool[NEW] Bandwidth Pricing CalculatorTool

Related

My website is unresponsive! What do I do?
Question
Postfix timing out when sending mail
Question
Tool[NEW] Bandwidth Pricing CalculatorTool