Is possible to connect a DO K8s cluster with a DO Droplet private network?

Posted January 27, 2019 9.8k views

Hi there, folks.

I do have a 3-node-sized DO K8s cluster (for my apps and services), and a DO Droplet that runs my PostgreSQL. I’m planning on connecting them together using a K8s external service pretty much like this article here.

But I don’t want to use a external IP connection to do so, I want to block external IPs from accessing my Postgres, and then connect my K8s cluster and my Postgres using a DO private network.

I know how to setup this network for my Postgres Droplet, but I don’t see such option for my K8s cluster. Is there a way to join my cluster into this network? Any documentation on this subject?

Any help?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

Works for me!

Your database server must be in same region (eg. NYC1) as your kubernetes cluster.

Make sure your database server only listening to the private IP address of your droplet (not public IP).

kind: Service
apiVersion: v1
  name: mysql
    - name: mysql
      port: 3306
      targetPort: 3306

kind: Endpoints
apiVersion: v1
  name: mysql
  - addresses:
      - name: mysql
        port: 3306
  • Hey @alton,

    can you give us some more information about how you got this to work?

    What exactly do you mean by “Make sure your database server only listening to the private IP address of your droplet”? Do you mean the droplet that runs the database?

    Which IP do you use for the mysql database user ‘db-user’@’<IP>’?

    Thank you in advance!

    • yes. i’m talking about the public IP and private IP of the droplet where your database server resides.

      please check the following …

      1. is your database accessible remotely using bind-address= in your mysql configuration?

      2. does your firewall block traffic from entering port 3306 through your public IP address?

      3. does your firewall allow traffic from entering port 3306 through your private IP address?

      4. which region is your database server in? your kubernetes cluster must be in the same region as your database server in order to access port 3306 at your private IP address

  • Hello @alton,

    Might be completely wrong here - didn’t the question say the database server(PostgreSQL) is outside the k8 cluster and is hosted on a DO droplet?

    If it’s outside k8 cluster, how can one create a service said above?


  • this works perfectly.
    is there any way to connect to k8s cluster from a droplet? any ideas?

DO support replied me:

Kubernetes clusters use their own overlay network so it wouldn’t be possible to connect other Droplets to the cluster; you would have to expose a service on the cluster, through a Load Balancer typically, to be able to access the service from outside the cluster.

So I think that answers the question.

  • Did you manage to resolve this after that ticket?
    I’m looking to do the same (connect a small scaled cluster to a seperate droplet hosting db) and running into seemingly the same issues.

    • For what it’s worth, here’s a solution to making your stuff connect through the internal network.

      Create a service of type NodePort that exposes what you’d like to expose – Note that this will expose the port on every IP address of the node itself (including public traffic), so you’ll have to update the firewall rules to block traffic that’s not coming from the internal network (,,

      Remember that NodePorts have to be above 30000.

      If you log on to one of your droplets, you should be able to access the exposed service on the port. If you’re running a single instance, then you may have to figure out which node it’s running on (use kubectl describe <podname> to get the node’s internal IP). At this point, depending on what the service is, you can choose to set it up as a daemon set, or some of the sort, if it’s appropriate.

      In theory, you could setup a box within the cluster to act as an SSH proxy, and port forward accordingly, as if you were in the network, all the time. This approach for exposing microservices or APIs within the cluster, to the rest of your private network.

      Hope that helps.

I just made this this weekend. We don’t need any extra stuff here, for connecting pods to a droplet database.

Ensure the k8s cluster is in the same region of the droplets you want to connect.

Ensure that the firewall of the DB droplet is well configured.

The issue i was having was because, the pool of nodes for k8s cluster was not having the tag it should have to pass the firewall.

Once i added the tag to the pool, all nodes of that pool inherit the tag, and the private connections started to work.