K
Q

Helm Deployment: Connecting Kubernetes to Postgres DB in Cloud SQL

7/22/2019

So I am deploying my spring boot app using helm. I am following a pre-existing formula used by our company to try and accomplish this task, but for some reason I am unable.

my postgresql-secrets.yml file contains the following

apiVersion: v1
kind: Secret
metadata:
  name: {{ template "codes-chart.fullname" . }}-postgresql
  labels:
    app: {{ template "codes-chart.name" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
data:
  SPRING_DATASOURCE_URL: {{ .Values.secrets.springDatasourceUrl | b64enc }}
  SPRING_DATASOURCE_USERNAME: {{ .Values.secrets.springDatasourceUsername | b64enc}}
  SPRING_DATASOURCE_PASSWORD: {{ .Values.secrets.springDatasourcePassword | b64enc}}

This picks up the values in the values.yaml file

secrets:
   springDatasourceUrl: PLACEHOLDER
   springDatasourceUsername: PLACEHOLDER
   springDatasourcePassword: PLACEHOLDER

The place holders are being overwritten in helm using a variable override in the environment.

the secrets are referenced in the envFrom: of the codes-deployment.yaml

          envFrom:
            - configMapRef:
              name: {{ template "codes-chart.fullname" . }}-application

            - secretRef:
              name: {{ template "codes-chart.fullname" . }}-postgresql

my helm file structure is as follows:

|helm
|-codes
|--configmaps
|---manifest
|----manifest-codes-configmap.yaml
|--templates
|---application-deploy-job.yaml
|---application-manifest-configmap.yaml
|---application-register-job.yaml
|---application-unregister-job.yaml
|---codes-application-configmap.yaml
|---codes-deployment.yaml
|---codes-hpa.yaml
|---codes-ingress.yaml
|---codes-service.yaml
|---postgresql-secret.yaml
|--values.yaml
|--Chart.yaml

The issues seems to be with the SPRING_DATASOURCE_URL: if i use the private ip of the cloudsql db, then it says it is not accepting connections

if i use the jdbc url format:

ex: (jdbc:postgresql://google/<DATABASE_NAME>?cloudSqlInstance=<INSTANCE_CONNECTION_NAME>&socketFactory=com.google.cloud.sql.postgres.SocketFactory&user=<POSTGRESQL_USER_NAME>&password=<POSTGRESQL_USER_PASSWORD>)

then I get an 403 authentication error.

What am I doing wrong?

-- jmagi98
google-cloud-sql
kubernetes
kubernetes-helm
postgresql
spring-boot

Similar Questions

How to route the traffic using the weights among the internal service pods for canary release?
How would I use my custom ingress-default-backend?
How to manage deployment configs(yaml files) for kubernetes service deployment
About : CreateContainerError
Error while proxying request kubectl proxy
How to create a HTTPS Ingress of NGINX for Kubernetes

1 Answer

7/22/2019

403 Forbidden:

The server understood the request, but is refusing to fulfill it. The 403 for authenticated users with insufficient permissions.

403 indicates that the resource can not be provided. This may be because it is known that no level of authentication is sufficient, but it may be because the user is already authenticated and does not have authority.

Let me add some examples:

https://www.baeldung.com/kubernetes-helm

https://medium.com/zoom-techblog/from-zero-to-kubernetes-4fd354423e6a

-- guillermo rojas
Source: StackOverflow