loading...

Create a simple VPC Peer between Kubernetes and RDS(postgres)

hayderimran7 profile image Imran Hayder ・2 min read

Create a VPC Peering connection between EKS Kubernetes and RDS Postgres

Note: this script assumes your resources names are created as $EKS_CLUSTER/<NAME_OF_RESOURCE> so EKS VPC is $EKS_CLUSTER/VPC
please fix this script according to your naming convention


Set some basic information like EKS names / VPC Names

Setting variables for EKS cluster:

EKS_CLUSTER="name_of_EKS_cluster_goes_here"
EKS_VPC="$EKS_CLUSTER"/VPC
EKS_PUBLIC_ROUTING_TABLE="$EKS_CLUSTER"/PublicRouteTable

and for RDS:

RDS_NAME="name_of_RDS_goes_here"
RDS_VPC="$RDS_NAME"/VPC
RDS_PRIVATE_ROUTING_TABLE="$RDS_NAME"/RDSPrivateRoutingTable
RDS_DB_NAME="Name_of_RDS_instance"

Get VPC ID of acceptor i.e. RDS

echo "getting the VPC ID and CIDR of acceptor(RDS instance)"
ACCEPT_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].VpcId --output text)
ACCEPT_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

Get VPC ID of requestor i.e. EKS

REQUEST_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].VpcId --output text)
REQUEST_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

get Public Route table ID of requestor and acceptor

REQ_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$EKS_PUBLIC_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)
ACCEPT_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$RDS_PRIVATE_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)

Create Peering Connection

peerVPCID=$(aws $DRY_RUN ec2 create-vpc-peering-connection --vpc-id $REQUEST_VPC_ID --peer-vpc-id $ACCEPT_VPC_ID --query VpcPeeringConnection.VpcPeeringConnectionId --output text)
aws $DRY_RUN ec2 accept-vpc-peering-connection --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-tags --resources "$peerVPCID" --tags 'Key=Name,Value=eks-peer-rds'

Adding the private VPC CIDR block to our public VPC route table as destination

aws $DRY_RUN ec2 create-route --route-table-id "$REQ_ROUTE_ID" --destination-cidr-block "$ACCEPT_CIDR" --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-route --route-table-id "$ACCEPT_ROUTE_ID" --destination-cidr-block "$REQUEST_CIDR" --vpc-peering-connection-id "$peerVPCID"

Add a rule that allows inbound RDS (from our Public Instance source)

RDS_VPC_SECURITY_GROUP_ID=$(aws rds describe-db-instances --db-instance-identifier $RDS_DB_NAME --query=DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId --output text)
aws ec2 authorize-security-group-ingress --group-id ${RDS_VPC_SECURITY_GROUP_ID} --protocol tcp --port 5432 --cidr "$REQUEST_CIDR"

TESTING CONNECTIONS

  1. Run postgresql container :

    kubectl run -i --tty --rm postgresdebug --image=alpine:3.5 -- 
     restart=Never -- sh
    
  2. install postgresql:

    apk update
    apk add postgresql
    
  3. Run PSQL:

    psql -h <HOST> -U <USER>
    Password for user <USER>:
    psql (9.6.10, server 9.6.15)
    SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM- 
    SHA384, bits: 256, compression: off)
    Type "help" for help.
    <DB_NAME>=
    

Posted on by:

hayderimran7 profile

Imran Hayder

@hayderimran7

Software engineer focusing on CI/CD with Jenkins, Kubernetes

Discussion

pic
Editor guide