Kubernetes on AWS: How to Connect to RDS

Hey there! It’s time to write a new blog post about something really hot — Kubernetes. In order to make this article even spicier, I want to talk about Kubernetes in terms of AWS and access to a database. So basically this post is for those of you who want to set up a Kubernetes application on Amazon Cloud and configure access to RDS (Postgres/MySQL) from the application. Let’s get started!

A long time ago, the software development world was taken by storm with the concept of containerization. Since that time, every backend developer should know what is Docker and how to use it. That was only the beginning of something bigger. Today, I can definitely say that containers without proper orchestration and service discovery mechanism are pretty useless. Here is where Kubernetes comes in.

How to Access RDS from EKS

AWS has its own service to run apps in Kubernetes — EKS. It’s definitely not as easy as its GCP alternative, but it’s not so hard to set up a K8s cluster in Amazon Cloud, especially if you do it with the official AWS tutorial. The problem appears when you want to do something more custom, rather than starting a regular K8s cluster. One example is when you want to access a database (RDS in terms of AWS). In order to understand this problem more deeply, I want to describe some technicals.

When we create a K8s cluster in EKS, a new VPC with its own CIDR IP is created. The same is true for RDS. VPCs by definition are closed for communication with the external world. To overcome this we need to use some hook.

AWS has such a mechanism — peering connection. The first step you need to do in order to set up access from the K8s cluster to the database, is to create a peering connection. The connection should be initiated from the RDS VPC to the EKS VPC.

Then routing tables need to be updated for both of VPCs. For the EKS routing table a new route should be created with a destination which corresponds to CIDR IP of RDS VPC, and the peering connection as a target. Similarly, you need to create a new route for the RDS routing table. This step, probably, is the most tricky one.

Next, you have to update the RDS security group. Add a new rule which allows all traffic from EKS CIDR IP.

Finally, go to the peering connection and change its configuration by enabling a DNS propagation.

That’s it. After this long way, your app which runs on AWS EKS should be able to access a database hosted in RDS. I hope that this article will help you to tackle an issue of accessing RDS from Kubernetes on AWS.

This article is based on my Stackoverflow question.