Is possible to connect a DO K8s cluster with a DO Droplet private network?

January 27, 2019 855 views
Kubernetes Networking DigitalOcean PostgreSQL

Hi there, folks.

I do have a 3-node-sized DO K8s cluster (for my apps and services), and a DO Droplet that runs my PostgreSQL. I'm planning on connecting them together using a K8s external service pretty much like this article here.

But I don't want to use a external IP connection to do so, I want to block external IPs from accessing my Postgres, and then connect my K8s cluster and my Postgres using a DO private network.

I know how to setup this network for my Postgres Droplet, but I don't see such option for my K8s cluster. Is there a way to join my cluster into this network? Any documentation on this subject?

Any help?
Thanks!

2 Answers

Works for me!

Your database server must be in same region (eg. NYC1) as your kubernetes cluster.

Make sure your database server only listening to the private IP address of your droplet (not public IP).

---
kind: Service
apiVersion: v1
metadata:
  name: mysql
spec:
  ports:
    - name: mysql
      port: 3306
      targetPort: 3306

---
kind: Endpoints
apiVersion: v1
metadata:
  name: mysql
subsets:
  - addresses:
      - ip: PRIVATE.IP.OF.DATABASE.DROPLET
    ports:
      - name: mysql
        port: 3306
  • Hey @alton,

    can you give us some more information about how you got this to work?

    What exactly do you mean by "Make sure your database server only listening to the private IP address of your droplet"? Do you mean the droplet that runs the database?

    Which IP do you use for the mysql database user 'db-user'@'<IP>'?

    Thank you in advance!

    • yes. i'm talking about the public IP and private IP of the droplet where your database server resides.

      please check the following ...

      1. is your database accessible remotely using bind-address=0.0.0.0 in your mysql configuration?

      2. does your firewall block traffic from entering port 3306 through your public IP address?

      3. does your firewall allow traffic from entering port 3306 through your private IP address?

      4. which region is your database server in? your kubernetes cluster must be in the same region as your database server in order to access port 3306 at your private IP address

      • I forgot to open the firewall for traffic through the private IP of the worker node(s).

        Thank you so much! Saved me hours!

DO support replied me:

Kubernetes clusters use their own overlay network so it wouldn't be possible to connect other Droplets to the cluster; you would have to expose a service on the cluster, through a Load Balancer typically, to be able to access the service from outside the cluster.

So I think that answers the question.

  • Did you manage to resolve this after that ticket?
    I'm looking to do the same (connect a small scaled cluster to a seperate droplet hosting db) and running into seemingly the same issues.

Have another answer? Share your knowledge.