K
Q

EKS pods multi tenant with RDS

7/23/2019

I have an EKS cluster with ASG. I want to restrict pods that are in the specific name space to connect to specific RDS services.

Is this available in AWS, is there any suggestions how to do so?

Looking for best practices that are already running in production.

-- Mickey Hovel
aws-eks
eks
kubernetes
rds

Similar Questions

How to define PVC for specific path in a single node in kubernetes
Is it possible to have isolated networks in a Kubernetes cluster?
Kubernetes Controllers - ReplicaSet vs Replication Controllers etc
kubectl: how to display pod logs without specyfing the pod name explicitly?
How to use WebRTC with RTCPeerConnection on Kubernetes?

1 Answer

7/23/2019

I don’t believe there is a way to whitelist just a single namespace in order to access your RDS instance. This is mainly because clusters are shared and AWS services don’t really understand what kubernetes namespace is.

In order to achieve connectivity you can have a private vpc peering or a publicly available RDS on which you are going to whitelist elastic IP attached to VPC NAT gateway. I would strongly advise you use private vpc peering and then you at least know that connections are private.

Finally, RDS access is going to be allowed for entire cluster as you can’t really limit it to a single set of resources. However, because your RDS requires user credentials to access any data inside I don’t believe that it is such a big issue to have your cluster whitelisted against RDS.

-- marcincuber
Source: StackOverflow