-1

Situation:

I work at big company and we have a k8s cluster.

We also have a database that is hosted somewhere else outside of the cluster.

The database IP-Adress and the Cluster have a bi-directional FW Clearance.

So applications that are hosted inside the cluster can connect to the database.

My machine does not have any clearance to the Database. I cannot test my app, write queries and so on. That slows me down and forces me to go to work, if any database-operations are required for it.

Question:

Since I can connect and deploy on the cluster. Could I deploy a NodePort/Service/etc to a service which forwards it directly to the database?

In this way it would "fool" the Database that the request comes from the cluster. But instead it comes from my machine at home.

Has anybody tried something like that?

Thanks in advance

TheGoldBerg
  • 21
  • 3

2 Answers2

2

you won't be able to set up a proxy that way. If you have an application that receives requests and forwards them to your database.

An easier solution would be to deploy your app to the cluster (if possible) or deploy a test pod to the cluster (using a base image like debian, busybox, or alpine linux; which ever image serves your needs). You can then connect to the pod (kubectl exec -it podname).

Patrick W
  • 4,603
  • 1
  • 12
  • 26
  • Or deploy container with reverse proxy, such as https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ – miroB Feb 06 '20 at 23:49
1

You could try to use NodePort service without selector and define your own endpoint pointing to database IP address.

For instance:

vagrant@k8sMaster:~$ nslookup google.fr
Name:   google.fr
Address: 216.58.207.131

echo '
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  ports:
    - protocol: TCP
      port: 443
      targetPort: 443
' >> svc-no-sel.yaml
echo '
apiVersion: v1
kind: Endpoints
metadata:
  name: my-service
subsets:
  - addresses:
      - ip: 216.58.207.131
    ports:
      - port: 443
' >> ep-no-sel.yaml

k apply -f svc-no-sel.yaml
k apply -f ep-no-sel.yaml

Where you replace google IP/Port by your database IP/Port.

Then in the given example you can target the service by doing

curl -k https://<node-ip>:<node-port>

Documentation on service without selector here: https://kubernetes.io/docs/concepts/services-networking/service/#services-without-selectors

scoulomb
  • 630
  • 2
  • 7
  • 19