1. Answers
  2. Set up Kubernetes with Postgres on AWS private subnet

How do I set up Kubernetes with Postgres on an AWS private subnet?

This guide will walk you through setting up a Kubernetes cluster with an Amazon RDS Postgres database on an AWS private subnet using Pulumi. We will create an EKS cluster, a VPC with private subnets, and an RDS Postgres instance.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";

// Create a VPC
const vpc = new aws.ec2.Vpc("my-vpc", {
    cidrBlock: "10.0.0.0/16",
    enableDnsHostnames: true,
    enableDnsSupport: true,
    tags: {
        Name: "my-vpc",
    },
});

// Create subnets
const privateSubnet1 = new aws.ec2.Subnet("private-subnet-1", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
    availabilityZone: "us-west-2a",
    tags: {
        Name: "private-subnet-1",
    },
});

const privateSubnet2 = new aws.ec2.Subnet("private-subnet-2", {
    vpcId: vpc.id,
    cidrBlock: "10.0.2.0/24",
    availabilityZone: "us-west-2b",
    tags: {
        Name: "private-subnet-2",
    },
});

// Create an EKS cluster
const cluster = new eks.Cluster("my-cluster", {
    vpcId: vpc.id,
    subnetIds: [privateSubnet1.id, privateSubnet2.id],
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
    nodeAssociatePublicIpAddress: false,
    tags: {
        Name: "my-cluster",
    },
});

// Export the cluster's kubeconfig
export const kubeconfig = cluster.kubeconfig;

// Create a security group for the RDS instance
const rdsSecurityGroup = new aws.ec2.SecurityGroup("rds-security-group", {
    vpcId: vpc.id,
    description: "Allow access to RDS",
    ingress: [
        {
            protocol: "tcp",
            fromPort: 5432,
            toPort: 5432,
            cidrBlocks: ["10.0.0.0/16"],
        },
    ],
    egress: [
        {
            protocol: "-1",
            fromPort: 0,
            toPort: 0,
            cidrBlocks: ["0.0.0.0/0"],
        },
    ],
    tags: {
        Name: "rds-security-group",
    },
});

// Create an RDS Postgres instance
const db = new aws.rds.Instance("my-postgres", {
    engine: "postgres",
    instanceClass: "db.t2.micro",
    allocatedStorage: 20,
    dbSubnetGroupName: new aws.rds.SubnetGroup("rds-subnet-group", {
        subnetIds: [privateSubnet1.id, privateSubnet2.id],
        tags: {
            Name: "rds-subnet-group",
        },
    }).name,
    vpcSecurityGroupIds: [rdsSecurityGroup.id],
    name: "mydatabase",
    username: "myusername",
    password: "mypassword",
    skipFinalSnapshot: true,
    tags: {
        Name: "my-postgres",
    },
});

// Export the RDS endpoint and database name
export const dbEndpoint = db.endpoint;
export const dbName = db.name;

Key Points

  • VPC and Subnets: We created a VPC with private subnets to host the EKS cluster and RDS instance.
  • EKS Cluster: We set up an EKS cluster using the private subnets.
  • RDS Postgres: We provisioned an RDS Postgres instance within the private subnets and secured it with a security group.

Conclusion

We have successfully set up a Kubernetes cluster with an Amazon RDS Postgres database on an AWS private subnet using Pulumi. This setup ensures that both the Kubernetes cluster and the database are isolated within a private network for enhanced security.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up