How do I set up Kubernetes with Postgres on an AWS private subnet?
This guide will walk you through setting up a Kubernetes cluster with an Amazon RDS Postgres database on an AWS private subnet using Pulumi. We will create an EKS cluster, a VPC with private subnets, and an RDS Postgres instance.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
// Create a VPC
const vpc = new aws.ec2.Vpc("my-vpc", {
cidrBlock: "10.0.0.0/16",
enableDnsHostnames: true,
enableDnsSupport: true,
tags: {
Name: "my-vpc",
},
});
// Create subnets
const privateSubnet1 = new aws.ec2.Subnet("private-subnet-1", {
vpcId: vpc.id,
cidrBlock: "10.0.1.0/24",
availabilityZone: "us-west-2a",
tags: {
Name: "private-subnet-1",
},
});
const privateSubnet2 = new aws.ec2.Subnet("private-subnet-2", {
vpcId: vpc.id,
cidrBlock: "10.0.2.0/24",
availabilityZone: "us-west-2b",
tags: {
Name: "private-subnet-2",
},
});
// Create an EKS cluster
const cluster = new eks.Cluster("my-cluster", {
vpcId: vpc.id,
subnetIds: [privateSubnet1.id, privateSubnet2.id],
instanceType: "t2.medium",
desiredCapacity: 2,
minSize: 1,
maxSize: 2,
nodeAssociatePublicIpAddress: false,
tags: {
Name: "my-cluster",
},
});
// Export the cluster's kubeconfig
export const kubeconfig = cluster.kubeconfig;
// Create a security group for the RDS instance
const rdsSecurityGroup = new aws.ec2.SecurityGroup("rds-security-group", {
vpcId: vpc.id,
description: "Allow access to RDS",
ingress: [
{
protocol: "tcp",
fromPort: 5432,
toPort: 5432,
cidrBlocks: ["10.0.0.0/16"],
},
],
egress: [
{
protocol: "-1",
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
},
],
tags: {
Name: "rds-security-group",
},
});
// Create an RDS Postgres instance
const db = new aws.rds.Instance("my-postgres", {
engine: "postgres",
instanceClass: "db.t2.micro",
allocatedStorage: 20,
dbSubnetGroupName: new aws.rds.SubnetGroup("rds-subnet-group", {
subnetIds: [privateSubnet1.id, privateSubnet2.id],
tags: {
Name: "rds-subnet-group",
},
}).name,
vpcSecurityGroupIds: [rdsSecurityGroup.id],
name: "mydatabase",
username: "myusername",
password: "mypassword",
skipFinalSnapshot: true,
tags: {
Name: "my-postgres",
},
});
// Export the RDS endpoint and database name
export const dbEndpoint = db.endpoint;
export const dbName = db.name;
Key Points
- VPC and Subnets: We created a VPC with private subnets to host the EKS cluster and RDS instance.
- EKS Cluster: We set up an EKS cluster using the private subnets.
- RDS Postgres: We provisioned an RDS Postgres instance within the private subnets and secured it with a security group.
Conclusion
We have successfully set up a Kubernetes cluster with an Amazon RDS Postgres database on an AWS private subnet using Pulumi. This setup ensures that both the Kubernetes cluster and the database are isolated within a private network for enhanced security.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.