Kubernetes: Have no access from EKS pod to RDS Postgres

问题

I'm trying to setup kubernetes on AWS. For this I created an EKS cluster with 3 nodes (t2.small) according to official AWS tutorial. Then I want to run a pod with some app which communicates with Postgres (RDS in different VPC).

But unfortunately the app doesn't connect to the database.

What I have:

1. EKS cluster with its own VPC (CIDR: 192.168.0.0/16)
2. RDS (Postgres) with its own VPC (CIDR: 172.30.0.0/16)
3. Peering connection initiated from the RDS VPC to the EKS VPC
4. Route table for 3 public subnets of EKS cluster is updated: route with destination 172.30.0.0/16 and target — peer connection from the step #3 is added.
5. Route table for the RDS is updated: route with destination 192.168.0.0/16 and target — peer connection from the step #3 is added.
6. The RDS security group is updated, new inbound rule is added: all traffic from 192.168.0.0/16 is allowed

After all these steps I execute kubectl command:

kubectl exec -it my-pod-app-6vkgm nslookup rds-vpc.unique_id.us-east-1.rds.amazonaws.com
nslookup: can't resolve '(null)': Name does not resolve

Name:      rds-vpc.unique_id.us-east-1.rds.amazonaws.com
Address 1: 52.0.109.113 ec2-52-0-109-113.compute-1.amazonaws.com

Then I connect to one of the 3 nodes and execute a command:

getent hosts rds-vpc.unique_id.us-east-1.rds.amazonaws.com
52.0.109.113    ec2-52-0-109-113.compute-1.amazonaws.com rds-vpc.unique_id.us-east-1.rds.amazonaws.com

What I missed in EKS setup in order to have access from pods to RDS?

UPDATE:

I tried to fix the problem by Service:

apiVersion: v1
kind: Service
metadata:
  name: postgres-service
spec:
  type: ExternalName
  externalName: rds-vpc.unique_id.us-east-1.rds.amazonaws.com

So I created this service in EKS, and then tried to refer to postgres-service as DB URL instead of direct RDS host address.

This fix does not work :(

回答1:

Have you tried to enable "dns propagation" in the peering connection? It looks like you are not getting the internally routable dns. You can enable it by going into the setting for the peering connection and checking the box for dns propagation. I generally do this will all of the peering connections that I control.

回答2:

The answer I provided here may actually apply to your case, too.

It is about using Services without selectors. Look also into ExternalName Services.

来源：https://stackoverflow.com/questions/53571908/kubernetes-have-no-access-from-eks-pod-to-rds-postgres