Question

Outgoing Traffic From Back-end Pod Through NGINX Ingress IP

“Hello There”,

I am trying to deploy a web application that uses the Django framework, running on a Daphne server on a k8s cluster. I have a couple of services listed below (FYI):

  • Celery

  • Celery Beat

  • Redis

  • Django

There is an external Microsoft SQL server that our application needs to connect to. The problem is that the server uses IP whitelisting to allow connections. A NGINX Ingress controller handles all the incoming requests and is installed via the 1-click app that DO provides for clusters.

The k8s configuration of the NGINX Ingress can be found below:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: default
  annotations:
    cert-manager.io/cluster-issuer: 'letsencrypt'
    nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - XXX
    secretName: letsencrypt-certificate
  rules:
    - host: XXX
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-service
                port:
                  number: 8000

The configuration of the app and the service:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
  namespace: default
  labels:
    deployment: web
spec:
  replicas: 1
  selector:
    matchLabels:
      deployment: web
  template:
    metadata:
      labels:
        deployment: web
    spec:
      containers:
        - name: hub
          image: XXX
          imagePullPolicy: Always
          command: ['/bin/sh']
          args: ['-c', './web/start_web.sh']
          envFrom:
          - secretRef:
              name: hub-secret
          ports:
            - containerPort: 8000
              name: daphne
      imagePullSecrets:
        - name: XXX

---

apiVersion: v1
kind: Service
metadata:
  name: web-service
  namespace: default
spec:
  selector:
    deployment: web
  ports:
      - protocol: TCP
        port: 8000
        targetPort: 8000

Has anyone found a way to use the NGINX Ingress Load Balancer IP (which won’t change regularly, if at all) for such a DB connection?

I know that there all multiple articles trying to solve this problem

nat-gateway-for-database-connections

is-it-possible-to-have-a-static-outgoing-ip-in-kubernetes

I hope that since the last one was 8 months ago someone has found a solution for such a problem. I think it should be possible using NGINX egress, but I don’t know the specifics. I would be extremely difficult to request another IP whitelist every single time the service is changed.

I will continue searching for a solution, if I find any I will post it here.

Show comments
Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer