1. Answers
  2. Connect EKS to databases in another VPC

How do I connect EKS to databases in another VPC?

In this guide, we will demonstrate how to connect an Amazon EKS cluster to databases located in another VPC using Pulumi. We will create an EKS cluster, establish peering between the VPCs, and configure the necessary route tables and security groups to allow communication between the cluster and the database.

import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";

// Create a VPC for the EKS cluster
const eksVpc = new aws.ec2.Vpc("eksVpc", {
    cidrBlock: "10.0.0.0/16",
    enableDnsHostnames: true,
    enableDnsSupport: true,
    tags: { Name: "eksVpc" },
});

// Create subnets for the EKS cluster
const eksSubnet1 = new aws.ec2.Subnet("eksSubnet1", {
    vpcId: eksVpc.id,
    cidrBlock: "10.0.1.0/24",
    availabilityZone: "us-west-2a",
    tags: { Name: "eksSubnet1" },
});

const eksSubnet2 = new aws.ec2.Subnet("eksSubnet2", {
    vpcId: eksVpc.id,
    cidrBlock: "10.0.2.0/24",
    availabilityZone: "us-west-2b",
    tags: { Name: "eksSubnet2" },
});

// Create a VPC for the database
const dbVpc = new aws.ec2.Vpc("dbVpc", {
    cidrBlock: "10.1.0.0/16",
    enableDnsHostnames: true,
    enableDnsSupport: true,
    tags: { Name: "dbVpc" },
});

// Create subnets for the database
const dbSubnet1 = new aws.ec2.Subnet("dbSubnet1", {
    vpcId: dbVpc.id,
    cidrBlock: "10.1.1.0/24",
    availabilityZone: "us-west-2a",
    tags: { Name: "dbSubnet1" },
});

const dbSubnet2 = new aws.ec2.Subnet("dbSubnet2", {
    vpcId: dbVpc.id,
    cidrBlock: "10.1.2.0/24",
    availabilityZone: "us-west-2b",
    tags: { Name: "dbSubnet2" },
});

// Create a VPC peering connection between the EKS VPC and the database VPC
const vpcPeeringConnection = new aws.ec2.VpcPeeringConnection("vpcPeeringConnection", {
    vpcId: eksVpc.id,
    peerVpcId: dbVpc.id,
    autoAccept: true,
});

// Update the route tables to allow traffic between the VPCs
const eksRouteTable = new aws.ec2.RouteTable("eksRouteTable", {
    vpcId: eksVpc.id,
    routes: [{
        cidrBlock: dbVpc.cidrBlock,
        vpcPeeringConnectionId: vpcPeeringConnection.id,
    }],
    tags: { Name: "eksRouteTable" },
});

const dbRouteTable = new aws.ec2.RouteTable("dbRouteTable", {
    vpcId: dbVpc.id,
    routes: [{
        cidrBlock: eksVpc.cidrBlock,
        vpcPeeringConnectionId: vpcPeeringConnection.id,
    }],
    tags: { Name: "dbRouteTable" },
});

new aws.ec2.RouteTableAssociation("eksSubnet1RouteTableAssociation", {
    subnetId: eksSubnet1.id,
    routeTableId: eksRouteTable.id,
});

new aws.ec2.RouteTableAssociation("eksSubnet2RouteTableAssociation", {
    subnetId: eksSubnet2.id,
    routeTableId: eksRouteTable.id,
});

new aws.ec2.RouteTableAssociation("dbSubnet1RouteTableAssociation", {
    subnetId: dbSubnet1.id,
    routeTableId: dbRouteTable.id,
});

new aws.ec2.RouteTableAssociation("dbSubnet2RouteTableAssociation", {
    subnetId: dbSubnet2.id,
    routeTableId: dbRouteTable.id,
});

// Create an EKS cluster
const cluster = new eks.Cluster("eksCluster", {
    vpcId: eksVpc.id,
    subnetIds: [eksSubnet1.id, eksSubnet2.id],
    instanceType: "t3.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    nodeAssociatePublicIpAddress: false,
    tags: { Name: "eksCluster" },
});

// Security group to allow EKS nodes to communicate with the database
const dbSecurityGroup = new aws.ec2.SecurityGroup("dbSecurityGroup", {
    vpcId: dbVpc.id,
    description: "Allow EKS nodes to communicate with the database",
    ingress: [{
        protocol: "tcp",
        fromPort: 3306, // MySQL port
        toPort: 3306,
        cidrBlocks: [eksVpc.cidrBlock],
    }],
    egress: [{
        protocol: "-1",
        fromPort: 0,
        toPort: 0,
        cidrBlocks: ["0.0.0.0/0"],
    }],
    tags: { Name: "dbSecurityGroup" },
});

// Export the kubeconfig
export const kubeconfig = cluster.kubeconfig;

Key Points:

  • We created two VPCs: one for the EKS cluster and one for the database.
  • We established a VPC peering connection between the two VPCs.
  • We configured route tables to allow traffic between the VPCs.
  • We created an EKS cluster in the first VPC.
  • We set up a security group to allow the EKS nodes to communicate with the database in the second VPC.

Summary:

This guide demonstrated how to connect an Amazon EKS cluster to databases located in another VPC using Pulumi. By creating VPCs, establishing a peering connection, configuring route tables, and setting up security groups, we enabled communication between the EKS cluster and the database.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up