“Hello There”,
I am trying to deploy a web application that uses the Django framework, running on a Daphne server on a k8s cluster. I have a couple of services listed below (FYI):
Celery
Celery Beat
Redis
Django
There is an external Microsoft SQL server that our application needs to connect to. The problem is that the server uses IP whitelisting to allow connections. A NGINX Ingress controller handles all the incoming requests and is installed via the 1-click app that DO provides for clusters.
The k8s configuration of the NGINX Ingress can be found below:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: default
annotations:
cert-manager.io/cluster-issuer: 'letsencrypt'
nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- XXX
secretName: letsencrypt-certificate
rules:
- host: XXX
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 8000
The configuration of the app and the service:
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
namespace: default
labels:
deployment: web
spec:
replicas: 1
selector:
matchLabels:
deployment: web
template:
metadata:
labels:
deployment: web
spec:
containers:
- name: hub
image: XXX
imagePullPolicy: Always
command: ['/bin/sh']
args: ['-c', './web/start_web.sh']
envFrom:
- secretRef:
name: hub-secret
ports:
- containerPort: 8000
name: daphne
imagePullSecrets:
- name: XXX
---
apiVersion: v1
kind: Service
metadata:
name: web-service
namespace: default
spec:
selector:
deployment: web
ports:
- protocol: TCP
port: 8000
targetPort: 8000
Has anyone found a way to use the NGINX Ingress Load Balancer IP (which won’t change regularly, if at all) for such a DB connection?
I know that there all multiple articles trying to solve this problem
nat-gateway-for-database-connections
is-it-possible-to-have-a-static-outgoing-ip-in-kubernetes
I hope that since the last one was 8 months ago someone has found a solution for such a problem. I think it should be possible using NGINX egress, but I don’t know the specifics. I would be extremely difficult to request another IP whitelist every single time the service is changed.
I will continue searching for a solution, if I find any I will post it here.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!