Reputation: 2978
Kubernetes: Connect to Azure SQL
I have hosted my SQL on Azure SQL.
From my AKS, each of the pods, I found out it is not able to connect to Azure SQL.
DB Connection:
Data Source=tcp:dbname.database.windows.net,1433;Initial Catalog=dbname;User Id={account};Password={password}
In Azure Portal > I have enable this below
I double checked the connection string and is able to connect from my local machine, but inside the kubenetes pod, I try to perform telnet to the server it responds
Connection closed by foreign host.
May I know what going wrong on this.
Upvotes: 5
Views: 15650
Answers (3)
Reputation: 25389
Sadhus answer is correct and secure. But first you can quickly check by enabling the traffic as follows.
- First select your server from your resource group.
- Now in your sql server enable "Allow Azure services and resources to access this serve"
Upvotes: 0
Reputation: 2978
I have found the issue, basically the Issue is on the AKS getting the wrong configuration, For the Identity, It doesn't read the proper appsettings.json, which it should be point to /secrets/*.json
AddEntityFrameworkStores()
I change the code to retrieve the information from the correct secret, the apps is work now.
Upvotes: 1
Reputation: 44569
Azure provides two options for pods running on an AKS worker nodes to access a MySQL or PostgreSQL DB instance:
Create a firewall rule on the Azure DB Server with a range of IP addresses that encompasses all IPs of the AKS Cluster nodes (this can be a very large range if using node auto-scaling).
Create a VNet Rule on the Azure DB Server that allows access from the subnet the AKS nodes are in. This is used in conjunction with the Microsoft.Sql VNet Service Endpoint enabled on the cluster subnet.
VNet Rules are recommended and preferable in this situation for several reasons. Nodes are often configured with dynamic IP addresses that can change when a node is restarted resulting in broken firewall rules that reference specific IPs. Nodes can be added to a cluster which would require updating the firewall rule to add additional IPs. VNet Rules avoid these issues by granting access to an entire subnet of AKS nodes.
Manual steps
Configuring a secure networking environment for AKS and Azure DB requires the following:
- AKS cluster setup
ResourceGroup: a logical grouping a resources required for all resources.
VNet: creates a virtual network for the AKS cluster nodes.
Subnet has a range of private IPs for AKS cluster nodes
Create an AKS cluster using the above resources.
- Configure managed service access
VNet Service Endpoint: update the cluster subnet above with a service endpoint for Microsoft.Sql to enable connectivity for new Azure DB service resource.
- Provision managed services with private IPs on the cluster’s network
Provision managed Azure DB service instances: PostgreSQL, MySQL.
VNet Rule for each managed service instance to allow traffic from all nodes in the cluster subnet to a given Azure DB service instance (PostgreSQL, MySQL).
Upvotes: 4
Related Questions
- Access SQL Server database from Kubernetes Pod
- How to Connect to Cloud SQL Through Kubernetes
- Not able to connect to SQL container using service sqlservice. Not able to figure out problem. Everything looks fine
- Azure pods app connect to MSSQL server installed in Azure VM
- How do I connect a kubernetes cluster to an external SQL Server database using docker desktop?
- how to connect a cloud sql instance to an sql cluster?
- Cannot connect to Google Cloud SQL from Kubernetes Engine
- Kubernetes and get data from SQL into a different server
- dotnet core pod in Kubernetes connect to local SQL Server
- How to connect to your Cloud SQL instance with a kubernetes service?