Connecting to database containers from Kubernetes applications
Create Windocks database connectors and connect to them using the Windocks proxy service. The database container runs outside the cluster on the Windocks machine. The proxy runs as a Kubernetes service in the cluster and orchestrates the creation of the Windocks container outside the cluster and then proxies all traffic to it. The Kubernetes applications that need to connect to the database container simply use the service name of the proxy as the hostname for the database connectivity.
Create the service YAML
Service yaml apiVersion: v1
kind: Service
metadata:
name: windocks-sql-proxy-secure
labels:
app: sqlproxy-secure
tier: frontend
spec:
sessionAffinity: ClientIP
type: LoadBalancer
ports:
- port: 3087
name: tcp-proxy-secure-service
targetPort: 3087
selector:
app: sqlproxy-secure
tier: frontend
Create the deployment YAML
Deployment yaml
kind: Deployment
metadata:
name: windocks-sql-proxy-secure
labels:
app: sqlproxy-secure
spec:
replicas: 1
template:
metadata:
labels:
app: sqlproxy-secure
tier: frontend
spec:
containers:
- name: sqlproxy-secure-app
image: windocks/windocks-sql-server-proxy:1.5.0
imagePullPolicy: Always
volumeMounts:
- mountPath: "/usr/src/app/ssl"
name: proxy-secret-ssl
readOnly: true
ports:
- name: tcp-proxy
containerPort: 3087
envFrom:
- secretRef:
name: proxy-secrets
env:
- name: PROJECT_ID
value: mystical-timing-242516
- name: WINDOCKS_REQUIRED_HOSTNAME
value: "34.220.44.23"
- name: WINDOCKS_REQUIRED_IMAGE_NAME
value: "clone"
- name: WINDOCKS_SQL_PROXY_OPTIONAL_LISTENING_PORT
value: "3087"
- name: WINDOCKS_SQL_PROXY_OPTIONAL_LOCAL_HOSTNAME_FOR_TLS
value: ""
- name: WINDOCKS_SQL_PROXY_OPTIONAL_TLS
value: "false"
volumes:
- name: proxy-secret-ssl
secret:
secretName: proxy-secret-ssl
Create the secret with kubectl
kubectl create secret generic proxy-secrets --from-literal=WINDOCKS_REQUIRED_USERNAME='administrator' --from-literal=WINDOCKS_REQUIRED_PASSWORD='windockspassword' --from-literal=WINDOCKS_REQUIRED_CONTAINER_SAPASSWORD='your sa or admin password'
Create the SSL key and crt secrets with kubectl
Put your key and crt in the file secret-ssl
apiVersion: v1
data:
tls.key: Put your key string here
tls.crt:Put your cert string here
kind: Secret
metadata:
name: proxy-secret-ssl
type: Opaque
Then run
kubectl create -f secret-ssl
Apply the service and deployment yamls
kubectl apply -f service.yamlkubectl apply -f deployment.yaml
Connect
Use the service name in the service yaml as the hostname for any Kubernetes applications that want to connect to the database container.