1

I'm trying to access my existing RDS instance in the newly created EKS cluster. steps I have followed:

  • Create a VPC peering connection by keeping RDS as requester and EKS as accepter.
  • Add destination Accepter CIDRs with the peering connection. in RDS route table. with Requester CIDRs in EKS route table.
  • Trying to add the EKS security group in the RDS security groups inbound rules. but it's not showing in the dropdown while adding.
  • Added CIDR instead of the EKS

after all this step I'm trying to access the instance:

> kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
/ # nc bh.cvcmxxxxxxnouu.us-west-2.rds.amazonaws.com 3306
^Cpunt!

Note:

  1. In the VPC peering connection, all ClassicLink shows disabled.
  2. I have also enabled DNS resolution && DNS hostnames for RDS and EKS vpc.

Goal: able to access RDS instance inside EKS cluster.

any idea what I'm doing wrong?

Saikat Chakrabortty
  • 121
  • 1
  • 6
  • Hi Saikat, Can you please check if the DNS resolution for your RDS instance is working within the cluster this should be resolving to the private IP of your RDS instance. You can do that by running a test ubuntu container (if you can't use any other pod) and doing a host on the DNS address of your RDS instance. I suspect your cluster is not connecting to the RDS instance using Private IP but is trying to use the Public IP which isn't whitelisted in the security group - inferred from ClassicLinks Disabled. – Piyush Baderia Dec 20 '19 at 11:34
  • So, i have tried to ns with the RDS instace connection URL and it's port. It seems, it's not resolving. Tried inside busybox. – Saikat Chakrabortty Dec 21 '19 at 12:17

1 Answers1

1

Today I was able to solve this issue, by following this question (followed mentioned 6 steps ): here

My problem was: In The EKS VPC, there were 2 route Tables one of them is Main, and by default, I was trying to point the destination route in that. where 2 subnets of the EKS were not attached. Instead, it's attached to the other route table of the same VPC. when adding the destination route in that non-main route table, it works.

If you are a future visitor, I hope the answer might help.

Saikat Chakrabortty
  • 121
  • 1
  • 6