Access Postgres host from Tableau using kubernetes cluster as a kind of router

1/8/2021

Scenario:

  • Tableau application;

  • Postgres on a cloud;

  • Kubernetes on another cloud, running an application based on Alpine image (different cloud than Postgres).

What a I need:

  • Access Postgres from Tableau using Kubernetes as a kind of router; So I need to send a request to my Kubernetes cluster, from tableau, and my Kubernetes cluster need to redirect the requisition to my Postgres host, and Postgres must to answer back to my kubernetes cluster after that my Kubernetes cluster must send de answer from Postgres to Tableau.

Important restrictions:

  • Tableau can access my kubernetes cluster but cannot access my Postgres host directly;

  • My kubernetes cluster can access my Postgres host.


Next steps Now I was able to make it work by using Thomas answer, using the following code:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  ports:
    - port: 5432
      targetPort: 5432
      nodePort: 30004
---
apiVersion: v1
kind: Endpoints
metadata:
  name: my-service 
subsets:
  - addresses:
      - ip: **111.111.111.111** ** < need change this to hostname
    ports:
      - port: 5432

Everything works fine with numerical IP, but I need to put my Postgres DNS instead, something like:

subsets:
  - addresses:
      - ip: mypostgres.com
    ports:
      - port: 5432
-- LuizBuffa
kubernetes
postgresql
tableau-api

1 Answer

1/11/2021

You can achieve this by creating service type object without selectors and then manually creating endpoints for this its. Service needs to expose outside either via NodePort or Loadbalancer type:

apiVersion: v1
kind: Service
metadata:
  name: my-service #Name of the service must match the name of the endpoints
spec:
  type: NodePort
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30007

Services don’t link to pods directly. There is another object in between called endpoints. Because of this you are able to define them manually.

apiVersion: v1
kind: Endpoints
metadata:
  name: my-service #Name of te endpoint must match the name of the service
subsets:
  - addresses:
      - ip: 172.217.212.100 # This is the IP of the endpoints that the service will forward connections to. 
    ports:
      - port: 80

Since you are going to expose your postgres some sort securiy measures has to be taken in order to secure it, e.g. whitelist ip

For more reading please visit /Services without selectors .

-- acid_fuji
Source: StackOverflow