Introduction: The Challenge of Connecting Kubernetes Clusters to AWS Databases

As organizations increasingly adopt Kubernetes for container orchestration, managing secure connections between Kubernetes clusters and AWS databases, such as MySQL on RDS, becomes critical. Ensuring safe and efficient communication between your Amazon Elastic Kubernetes Service (EKS) cluster and a MySQL database requires careful configuration of network settings and security rules. This guide will walk you through connecting your EKS cluster to a MySQL database while maintaining robust security.

Identifying Public IPs for EKS Cluster Nodes

Navigating the AWS Console to Locate Your EKS Cluster

The first step in configuring secure access is identifying the public IPs of your EKS cluster nodes. Here’s how you can do it:

  1. Login to AWS Management Console: Open the AWS Management Console and navigate to the EKS section.
  2. Select Your Cluster: Click on the EKS cluster you want to connect to your MySQL database.
  3. View Nodes: In the cluster details, select the “Compute” tab to view the nodes associated with your cluster.

Extracting Node Information and Mapping to Public IPs

  1. Identify Node Instances: Note down the instance IDs of the nodes.
  2. Navigate to EC2 Dashboard: Go to the EC2 dashboard in the AWS Console.
  3. Locate Instances: Search for the instance IDs of your EKS nodes.
  4. Public IP Address: Find and note the public IP addresses of these instances. You will use these IP addresses to configure inbound rules for your MySQL database.

Configuring Inbound Traffic Rules for Your MySQL Database

Accessing the Relational Database Service (RDS)

With the public IP addresses of your EKS nodes identified, the next step is to configure the MySQL database to accept connections from these IPs.

  1. Navigate to RDS Dashboard: Open the RDS section in the AWS Management Console.
  2. Select Your Database: Click on the MySQL database instance you want to connect to your EKS cluster.

Locating Your Database and Managing Security Groups

  1. View Security Groups: In the database details, locate the “Security Groups” section. These security groups control the inbound and outbound traffic for your database.

Adding Rules to Allow Traffic from Specific IP Addresses

  1. Edit Security Groups: Click on the security group associated with your database to edit the inbound rules.
  2. Add Rule: Add a new rule to allow traffic from the public IP addresses of your EKS nodes. Set the type to MySQL/Aurora (port 3306) and specify the IP addresses in the source field.
  3. Save Rules: Save the changes to update the security group settings.

Conclusion: A Simplified Approach to Database Security in AWS

Connecting your AWS EKS cluster to a MySQL database securely involves identifying the public IPs of your EKS nodes and configuring the necessary inbound traffic rules in your RDS security groups. Following the steps outlined in this guide, you can ensure a secure and efficient connection between your Kubernetes clusters and AWS databases, maintaining robust security while enabling seamless communication.

References

Creating and connecting to a MySQL DB instance

Using IAM database authentication with workloads running on Amazon EKS