0

can i connect k8's POD with non container application ,where my kubernetes POD is running on 10.200.x.x subnet and my mysql is running on simple linux server other than container how can i connect with the database ? As im working in a organization where there are so many network restrictions and i have to open ports and IPs to access do i have possibility to connect container application with non container database as subnet masks are different too

Khurram Shahzad
  • 1
  • 2
  • Try to get some kind of network "ping" tool installed in your container...to try and trouble shoot. see https://www.cyberciti.biz/faq/ping-test-a-specific-port-of-machine-ip-address-using-linux-unix/ and here is a apt install (you may not need curl, but shows apt install tips) see https://stackoverflow.com/questions/34571711/cant-run-curl-command-inside-my-docker-container/54363500#54363500 for Curl. – granadaCoder Jun 12 '20 at 12:23
  • thanks brother for comment , just for clarification , i had checked , i was unable to connect to JDBC due to network issue , but just need to confirm to i need to allow container IP with DB or the machine IP where the container is running ? – Khurram Shahzad Jun 12 '20 at 12:30
  • kubernetes container IP's are all over the place. You need to learn how to expose your containers as a service......with a more dedicated IP. https://kubernetes.io/docs/concepts/services-networking/service/ "Kubernetes Pods are mortal. They are born and when they die, they are not resurrected." – granadaCoder Jun 12 '20 at 12:33
  • That will get you going. I'm not a k8 expert. But I do know that little part of it. – granadaCoder Jun 12 '20 at 12:34

1 Answers1

0

If you can reach mysql from worker node then you should also be able to reach it from pod running on this node.

Check you company firewall and make sure that packets from worker node can reach the instance with mysql running. Also make sure that these networks are not separated in some other way.

Usually packets sent from your application pod to mysql instance will have source ip set to worker nodes ip (so you want to allow for traffic from k8s nodes to mysql instance). This is due to fact that k8s network (with most CNIs) is sort of a virtual network that only k8s nodes aware of and for external traffic to by able to come back to the pod, routers in your network need to know where to route the traffic to. This is why pod traffic going outside of k8s network is NATed.

This is true for most CNIs that encapsulate internal traffic in k8s but remeber that there are also some CNIs that don't encapsulate traffic and it makes possible to access pods directly from anywhere inside of a private network and not only from k8s nodes (e.g Azure CNI).

In first case with NATed network make sure that you enable access to mysql instance from all worker nodes, not just one because when this one specific node goes down and pod gets rescheduled to other node it wont be able to connect to the database.

In second case where you are using CNI that is using direct netwoking (without NAT) its more complicated because when pod gets rescheduled it gets different ip every time and I can't help you with that as it all depends on specific CNI.

Matt
  • 7,419
  • 1
  • 11
  • 22
  • thanks for details , how do i know which CNI i am using let me share the details below my POD network is of 10.200.0.0/16 , where as my mysql server is on different subnet that is 10.172.0.56 ? so can you please guide me , what should i do to access MYSQL from PODS , my worker node ip is 10.172.0.66 – Khurram Shahzad Jun 18 '20 at 09:13
  • on top of that i can connect successfully from my worker node to Mysql DB , but giving error from worker node POD having IP 10.200.1.39 telnet 10.172.11.55 3306 Trying 10.172.11.55... Connected to 10.172.11.55. Escape character is '^]'. – Khurram Shahzad Jun 18 '20 at 09:44
  • No its run from the worker node where pod is running , not from inside the POD – Khurram Shahzad Jun 18 '20 at 10:24
  • Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server. at com.mysql.cj.jdbc.exceptions.SQLError.createCommunicationsException(SQLError.java:174) at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:64) at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:835) – Khurram Shahzad Jun 18 '20 at 11:30
  • "how do i know which CNI i am using?" - you should know if you created the cluster beacause you need to explicitly install it. If not then ask someone how did. Also, how did you setup your cluster? – Matt Jun 18 '20 at 12:51
  • i have installed cluster using kubeadm , moreover i have installed CNI add-ons - flannel wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml – Khurram Shahzad Jun 18 '20 at 15:54
  • In flannel.yaml file please notice that `net-conf.json: | { "Network": "10.244.0.0/16"}` is different than the pod network you mentioned: `my POD network is of 10.200.0.0/16`. Did you adjust it correctly? Or just installed it as it is? – Matt Jun 23 '20 at 13:48