K
Q

Kubernete have no access from eks pod to rds mysql

1/1/2020

I am trying set up eks with rds mysql. I used eksctl to setup the eks cluster and I did not change any default network configuration. eks and rds are using the same vpc. This is the result in a debugging pod

telnet xx.rds.amazonaws.com 3306
Connected to xx.us-west-2.rds.amazonaws.com
J
8.0.16\#t'Ti1??]Gp^;&Aomysql_native_passwordConnection closed by foreign host
/ # nslookup xxx.us-west-2.rds.amazonaws.com
Server:     10.100.0.10
Address:    10.100.0.10:53

Non-authoritative answer:
xxx.us-west-2.rds.amazonaws.com canonical name = ec2-xx.us-west-2.compute.amazonaws.com
Name:   ec2-xx.us-west-2.compute.amazonaws.com
Address: 192.168.98.108

nc -vz 192.168.98.108 3306
192.168.98.108 (192.168.98.108:3306) open

I used service mesh Istio I created a mysql client pod in a sidecar not enabled namespace I get an error message like following Mysql client pod

 ERROR 2002 (HY000) Can't connect to MySQL sever on xxxxx.us-west-2.rds.amazonaws.com.

enter image description here I am new to vpc. rds and vpc are using the same vpc. they are connected within the private network?

If it says connection refused in my grpc server log, eks grpc server try to connect 192.168.98.108 and that is the private ip of the ads Do I need other configuration in vpc?. Any ideas? cheers

-- Stella
amazon-rds
amazon-web-services
eks
kubernetes

Similar Questions

How to configure ingress to a service in kubernetes hosted on jelastic?
Gatekeeper/OPA constraints on a subset of namespaces without using labels
How do I deploy a react pwa to IBM Cloud Kubernetes cluster?
Nginx Kubernetes Ingress does not serve .ttf or .woff files
How to get all Kubernetes pod IP in each pods?

1 Answer

2/5/2020

I did had the same scenario (RDS in the same VPC as the EKS cluster). What I did is as following:

  1. I've created a Cloudformation template with which I created my custom VPC, 8 subnetes(3 public, 3 private for EKS cluster and 2 private networks for RDS database), internet gateway, NAT Gateway, route tables and routes.

  2. Using eksctl with cluster configuration yaml I created the cluster and the node group. The node group joined my cluster.

  3. Using aws cli, I've created the db-subnet-group (containing the 2 private DB subnet) and I also started and RDS instance. Then I've set up some security group to allow traffic to DB just from the 3 private subnets)

As reference to create my custom cloudformation template I used the template created by eksctl when running the create command with the flag --node-private-networking.

-- florin
Source: StackOverflow