Wajid.Pro
Wajid.Pro
AboutContact
RDS connect EKS

RDS connect EKS

1. Set Up the Amazon RDS Instance
  • Database Configuration:
    • Choose a supported RDS engine (e.g., MySQL, PostgreSQL, or Aurora).
    • Configure the database parameters, including security groups, instance class, and storage.
  • Network Access:
    • Ensure the RDS instance is deployed in the same VPC or a VPC peered with your EKS cluster.
    • Place the RDS instance in private subnets for security.
2. Configure Network and Security
  • Security Group Rules:
    • Create a security group for the RDS instance.
    • Allow inbound traffic from the security group attached to the worker nodes in your EKS cluster.
    • Use the database port (e.g., 3306 for MySQL) for the inbound rule.
  • Subnet and Route Tables:
    • Ensure your EKS nodes and RDS instance share connectivity via appropriate subnets and route tables.
    • If in different VPCs, ensure VPC peering or Transit Gateway is set up correctly.
3. Add RDS Connection Details to Kubernetes
  • Secrets Management:
    • Store the RDS credentials (e.g., username and password) in a Kubernetes Secret:
        • apiVersion: v1
kind: Secret
metadata:
  name: rds-credentials
type: Opaque
data:
  username: <base64-encoded-username>
  password: <base64-encoded-password>
  • RDS Endpoint:
    • Retrieve the RDS instance endpoint from the AWS Management Console or CLI.
    • Use this endpoint as part of the database connection string.
4. Update the Application Configuration
  • Environment Variables:
    • Pass the RDS endpoint and credentials to your application using a ConfigMap or Secret:
        • apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  DATABASE_HOST: "<rds-endpoint>"
  DATABASE_PORT: "3306"
  DATABASE_NAME: "mydatabase"
        Attach this ConfigMap and Secret to your deployment:
        env:
  - name: DATABASE_HOST
    valueFrom:
      configMapKeyRef:
        name: app-config
        key: DATABASE_HOST
  - name: DATABASE_USERNAME
    valueFrom:
      secretKeyRef:
        name: rds-credentials
        key: username
  - name: DATABASE_PASSWORD
    valueFrom:
      secretKeyRef:
        name: rds-credentials
        key: password
5. Test the Connection
  • Deploy the application pod in the EKS cluster.
  • Check the application logs to ensure it successfully connects to the RDS instance.
To connect an EKS application to an already-created RDS instance, I follow these steps:
  1. Network and Security:
      • I ensure the RDS instance and EKS nodes are in the same VPC or a peered VPC.
      • I configure the RDS security group to allow inbound traffic on the database port (e.g., 3306) from the security group of the EKS worker nodes.
  1. Manage Secrets:
      • I store the database credentials securely in Kubernetes Secrets.
      • The RDS endpoint and credentials are passed as environment variables to the application pods using a ConfigMap and Secret.
  1. Update Application Configuration:
      • The application is updated to use these environment variables for database connectivity.
  1. Secure the Connection:
      • I ensure SSL/TLS is enabled for the connection and restrict the RDS security group to EKS nodes only.
  1. Validation:
      • After deployment, I verify the connection by checking application logs and running database queries.