By bartv
Hi,
I have 2 Kubernetes clusters in the same VPC. One of those clusters has a database running (let’s call it cluster A). I’d like to access that database from the other cluster (let’s call this one cluster B).
Now, I have service (db-service) on cluster A which exposes the port for the correct deployment. On cluster B, I’d like to connect to that service via the VPC. I don’t want to expose the database to the internet, because of security reasons. But I can’t find a way to accomplish this. I can access the internal IP of the node running the database pod, but these IP’s can change and it’s not a very nice solution when you’re running multiple nodes.
Is there any way to do this?
I’ve also tried a LoadBalancer, but I can’t configure the firewall of the LoadBalancer.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello @bartv ,
If you would like to communicate via private IP between a managed database and a managed kubernetes cluster, you need to add both of the clusters to the same VPC: https://www.digitalocean.com/docs/networking/vpc/
However, it is not possible to directly communicate between pods in the different clusters even in the same VPC network. You need to make a service setups like LB or NodePort. https://kubernetes.io/docs/concepts/services-networking/service/
Coming to the firewall query, unfortunately, we do not support putting LoadBalancer’s behind our Cloud Firewalls. This is a limitation not of DOKS but of the current LoadBalancer product.
However, there is a way to accomplish this by exposing an ingress controller via LoadBalancer. You could then use the plethora of annotations to determine and handle the traffic. You could tell your ingress controller drop or block traffic before reaching your applications using a whitelist. https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#whitelist-source-range
I hope this helps!
Best Regards, Purnima Kumari Developer Support Engineer II, DigitalOcean
Hey everyone! 👋
Just a quick update here to this thread: as of October 15, DigitalOcean has introduced VPC-native networking for all Managed Kubernetes clusters!
This means you can now route traffic directly between your DOKS pods, services, and other resources within your VPC network (such as Droplets and managed databases) without going through public IPs. It’s a great way to keep your traffic secure and minimize latency.
For more details, check out the DOKS Features page here: DigitalOcean VPC-Native Networking.
- Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.