“Hello There”,
I am trying to deploy a web application that uses the Django framework, running on a Daphne server on a k8s cluster. I have a couple of services listed below (FYI):
-
Celery
-
Celery Beat
-
Redis
-
Django
There is an external Microsoft SQL server that our application needs to connect to. The problem is that the server uses IP whitelisting to allow connections. A NGINX Ingress controller handles all the incoming requests and is installed via the 1-click app that DO provides for clusters.
The k8s configuration of the NGINX Ingress can be found below:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: default
annotations:
cert-manager.io/cluster-issuer: 'letsencrypt'
nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- XXX
secretName: letsencrypt-certificate
rules:
- host: XXX
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 8000
The configuration of the app and the service:
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
namespace: default
labels:
deployment: web
spec:
replicas: 1
selector:
matchLabels:
deployment: web
template:
metadata:
labels:
deployment: web
spec:
containers:
- name: hub
image: XXX
imagePullPolicy: Always
command: ['/bin/sh']
args: ['-c', './web/start_web.sh']
envFrom:
- secretRef:
name: hub-secret
ports:
- containerPort: 8000
name: daphne
imagePullSecrets:
- name: XXX
---
apiVersion: v1
kind: Service
metadata:
name: web-service
namespace: default
spec:
selector:
deployment: web
ports:
- protocol: TCP
port: 8000
targetPort: 8000
Has anyone found a way to use the NGINX Ingress Load Balancer IP (which won’t change regularly, if at all) for such a DB connection?
I know that there all multiple articles trying to solve this problem
nat-gateway-for-database-connections
is-it-possible-to-have-a-static-outgoing-ip-in-kubernetes
I hope that since the last one was 8 months ago someone has found a solution for such a problem. I think it should be possible using NGINX egress, but I don’t know the specifics. I would be extremely difficult to request another IP whitelist every single time the service is changed.
I will continue searching for a solution, if I find any I will post it here.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hey,
Just revisiting this thread in case others land here too, DigitalOcean recently introduced a DOKS Routing Agent that might solve this exact problem.
You can now configure static egress IPs for your Kubernetes workloads by routing outbound traffic through a gateway Droplet (with a reserved IP). This helps if you need to connect to external services like your Microsoft SQL Server that rely on IP whitelisting.
It wasn’t possible back when this question was asked without some heavy lifting, but now it’s a managed feature with support for custom routes, ECMP, default route overrides, and node selectors.
More info: https://www.digitalocean.com/blog/introducing-doks-routing-agent
Worth checking out.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.