TECHNICAL DOCS

Connecting to database containers from Kubernetes applications

Create Windocks database connectors and connect to them using the Windocks proxy service. The database container runs outside the cluster on the Windocks machine. The proxy runs as a Kubernetes service in the cluster and orchestrates the creation of the Windocks container outside the cluster and then proxies all traffic to it. The Kubernetes applications that need to connect to the database container simply use the service name of the proxy as the hostname for the database connectivity.

 

 

Create the service YAML

Service yaml
 

 apiVersion: v1
 kind: Service
 metadata:
  name: windocks-sql-proxy-secure
  labels:
   app: sqlproxy-secure
   tier: frontend
 spec:
  sessionAffinity: ClientIP
  type: LoadBalancer
  ports:
  - port: 3087
   name: tcp-proxy-secure-service
   targetPort: 3087
  selector:
   app: sqlproxy-secure
   tier: frontend

 

 

Create the deployment YAML

Deployment yaml

apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: windocks-sql-proxy-secure
  labels:
   app: sqlproxy-secure
 spec:
  replicas: 1
  template:
   metadata:
    labels:
     app: sqlproxy-secure
     tier: frontend
   spec:
    containers:
    - name: sqlproxy-secure-app
     image: windocks/windocks-sql-server-proxy:1.5.0
     imagePullPolicy: Always
     volumeMounts:
     - mountPath: "/usr/src/app/ssl"
      name: proxy-secret-ssl
      readOnly: true
     ports:
     - name: tcp-proxy
      containerPort: 3087
     envFrom:
     - secretRef:
      name: proxy-secrets
     env:
     - name: PROJECT_ID
      value: mystical-timing-242516
     - name: WINDOCKS_REQUIRED_HOSTNAME
      value: "34.220.44.23"
     - name: WINDOCKS_REQUIRED_IMAGE_NAME
      value: "clone"
     - name: WINDOCKS_SQL_PROXY_OPTIONAL_LISTENING_PORT
      value: "3087"
     - name: WINDOCKS_SQL_PROXY_OPTIONAL_LOCAL_HOSTNAME_FOR_TLS
      value: ""
     - name: WINDOCKS_SQL_PROXY_OPTIONAL_TLS
      value: "false"
    volumes:
    - name: proxy-secret-ssl
     secret:
      secretName: proxy-secret-ssl
 

 

 

Create the secret with kubectl

kubectl create secret generic proxy-secrets --from-literal=WINDOCKS_REQUIRED_USERNAME='administrator' --from-literal=WINDOCKS_REQUIRED_PASSWORD='windockspassword' --from-literal=WINDOCKS_REQUIRED_CONTAINER_SAPASSWORD='your sa or admin password'

 

 

Create the SSL key and crt secrets with kubectl

Put your key and crt in the file secret-ssl

apiVersion: v1
data:
 tls.key: Put your key string here
 tls.crt:Put your cert string here
kind: Secret
metadata:
 name: proxy-secret-ssl
type: Opaque

 

Then run
kubectl create -f secret-ssl

 

 

Apply the service and deployment yamls

kubectl apply -f service.yaml

kubectl apply -f deployment.yaml
 

 

 

Connect

Use the service name in the service yaml as the hostname for any Kubernetes applications that want to connect to the database container.

Extend CI/CD to your data layer