I am trying to deploy a web application that uses the Django framework, running on a Daphne server on a k8s cluster. I have a couple of services listed below (FYI):
There is an external Microsoft SQL server that our application needs to connect to. The problem is that the server uses IP whitelisting to allow connections. A NGINX Ingress controller handles all the incoming requests and is installed via the 1-click app that DO provides for clusters.
The k8s configuration of the NGINX Ingress can be found below:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nginx-ingress namespace: default annotations: cert-manager.io/cluster-issuer: 'letsencrypt' nginx.ingress.kubernetes.io/from-to-www-redirect: 'true' spec: ingressClassName: nginx tls: - hosts: - XXX secretName: letsencrypt-certificate rules: - host: XXX http: paths: - path: / pathType: Prefix backend: service: name: web-service port: number: 8000
The configuration of the app and the service:
apiVersion: apps/v1 kind: Deployment metadata: name: web namespace: default labels: deployment: web spec: replicas: 1 selector: matchLabels: deployment: web template: metadata: labels: deployment: web spec: containers: - name: hub image: XXX imagePullPolicy: Always command: ['/bin/sh'] args: ['-c', './web/start_web.sh'] envFrom: - secretRef: name: hub-secret ports: - containerPort: 8000 name: daphne imagePullSecrets: - name: XXX --- apiVersion: v1 kind: Service metadata: name: web-service namespace: default spec: selector: deployment: web ports: - protocol: TCP port: 8000 targetPort: 8000
Has anyone found a way to use the NGINX Ingress Load Balancer IP (which won’t change regularly, if at all) for such a DB connection?
I know that there all multiple articles trying to solve this problem
I hope that since the last one was 8 months ago someone has found a solution for such a problem. I think it should be possible using NGINX egress, but I don’t know the specifics. I would be extremely difficult to request another IP whitelist every single time the service is changed.
I will continue searching for a solution, if I find any I will post it here.