Question

Outgoing Traffic From Back-end Pod Through NGINX Ingress IP

“Hello There”,

I am trying to deploy a web application that uses the Django framework, running on a Daphne server on a k8s cluster. I have a couple of services listed below (FYI):

  • Celery

  • Celery Beat

  • Redis

  • Django

There is an external Microsoft SQL server that our application needs to connect to. The problem is that the server uses IP whitelisting to allow connections. A NGINX Ingress controller handles all the incoming requests and is installed via the 1-click app that DO provides for clusters.

The k8s configuration of the NGINX Ingress can be found below:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: default
  annotations:
    cert-manager.io/cluster-issuer: 'letsencrypt'
    nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - XXX
    secretName: letsencrypt-certificate
  rules:
    - host: XXX
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-service
                port:
                  number: 8000

The configuration of the app and the service:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
  namespace: default
  labels:
    deployment: web
spec:
  replicas: 1
  selector:
    matchLabels:
      deployment: web
  template:
    metadata:
      labels:
        deployment: web
    spec:
      containers:
        - name: hub
          image: XXX
          imagePullPolicy: Always
          command: ['/bin/sh']
          args: ['-c', './web/start_web.sh']
          envFrom:
          - secretRef:
              name: hub-secret
          ports:
            - containerPort: 8000
              name: daphne
      imagePullSecrets:
        - name: XXX

---

apiVersion: v1
kind: Service
metadata:
  name: web-service
  namespace: default
spec:
  selector:
    deployment: web
  ports:
      - protocol: TCP
        port: 8000
        targetPort: 8000

Has anyone found a way to use the NGINX Ingress Load Balancer IP (which won’t change regularly, if at all) for such a DB connection?

I know that there all multiple articles trying to solve this problem

nat-gateway-for-database-connections

is-it-possible-to-have-a-static-outgoing-ip-in-kubernetes

I hope that since the last one was 8 months ago someone has found a solution for such a problem. I think it should be possible using NGINX egress, but I don’t know the specifics. I would be extremely difficult to request another IP whitelist every single time the service is changed.

I will continue searching for a solution, if I find any I will post it here.

Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up