OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

How to connect AKS to Postgres flexible server

  • Thread starter Thread starter Brenwell
  • Start date Start date
B

Brenwell

Guest
I have provisioned an AKS cluster and an Postgres Flexible server. I am able to schedule a deployment from my ACR however I am unable to connect to my DB from my Pod. What am I missing? I am trying to connect via myname.postgres.database.azure.com. I think both AKS and PG are on the same vnet. I am not sure exactly how the privatelink thing is meant to work, this could be the source of my confusion.

Code:
│ 2024/06/12 09:28:06 Unable to connect to database: failed to connect to `host=myname-server.postgres.database.azure.com user=user database=database`: hostname resolving error (lookup myname.postgres.database.azure.com on 10.0.0.10:53: no such host)

Core network module

Code:
# Resource Group
resource "azurerm_resource_group" "default" {
  name     = "${var.prefix}_rg"
  location = var.location
}

resource "azurerm_virtual_network" "default" {
  name                = "${var.prefix}-vnet"
  location            = var.location
  resource_group_name = azurerm_resource_group.default.name
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_network_security_group" "default" {
  name                = "${var.prefix}-nsg"
  location            = azurerm_resource_group.default.location
  resource_group_name = azurerm_resource_group.default.name

  security_rule {
    name                       = "test123"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "*"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}

resource "azurerm_subnet" "default" {
  name                 = "${var.prefix}-subnet"
  virtual_network_name = azurerm_virtual_network.default.name
  resource_group_name  = azurerm_resource_group.default.name
  address_prefixes     = ["10.0.2.0/24"]
  service_endpoints    = ["Microsoft.Storage"]

  delegation {
    name = "fs"

    service_delegation {
      name = "Microsoft.DBforPostgreSQL/flexibleServers"

      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

resource "azurerm_subnet_network_security_group_association" "default" {
  subnet_id                 = azurerm_subnet.default.id
  network_security_group_id = azurerm_network_security_group.default.id
}

resource "azurerm_private_dns_zone" "default" {
  name                = "${var.prefix}-pdz.postgres.database.azure.com"
  resource_group_name = azurerm_resource_group.default.name

  depends_on = [azurerm_subnet_network_security_group_association.default]
}

resource "azurerm_private_dns_zone_virtual_network_link" "default" {
  name                  = "${var.prefix}-pdzvnetlink.com"
  private_dns_zone_name = azurerm_private_dns_zone.default.name
  virtual_network_id    = azurerm_virtual_network.default.id
  resource_group_name   = azurerm_resource_group.default.name
}

resource "azurerm_postgresql_flexible_server" "default" {
  name                   = "${var.prefix}-server"
  resource_group_name    = azurerm_resource_group.default.name
  location               = azurerm_resource_group.default.location
  version                = "13"
  delegated_subnet_id    = azurerm_subnet.default.id
  private_dns_zone_id    = azurerm_private_dns_zone.default.id
  administrator_login    = "prop"
  administrator_password = var.db_password
  zone                   = "1"
  storage_mb             = 32768
  sku_name               = "GP_Standard_D2s_v3"
  backup_retention_days  = 7

  depends_on = [azurerm_private_dns_zone_virtual_network_link.default]
}

resource "azurerm_postgresql_flexible_server_database" "default" {
  name      = "${var.prefix}-db"
  server_id = azurerm_postgresql_flexible_server.default.id
  collation = "en_US.utf8"
  charset   = "UTF8"
}

AKS Module

Code:
# Create cluster
resource "azurerm_kubernetes_cluster" "aks" {
  name                = "${var.prefix}_aks"
  dns_prefix          = "${var.prefix}aks"
  location            = var.location
  resource_group_name = var.resource_group_name
  sku_tier            = "Free"

  default_node_pool {
    name                        = "${var.prefix}pool"
    node_count                  = var.node_count
    vm_size                     = var.vm_size
    temporary_name_for_rotation = "${var.prefix}tmp"
  }

  identity {
    type = "SystemAssigned"
  }

  network_profile {
    network_plugin      = "azure"
    network_plugin_mode = "overlay"
    ebpf_data_plane     = "cilium"
  }
}

resource "azurerm_container_registry" "acr" {
  name                = "${var.prefix}acr"
  location            = var.location
  resource_group_name = var.resource_group_name
  sku                 = "Basic"
  admin_enabled       = true
}

Update

Code:
kubectl exec -it busybox -- nslookup myname-server.postgres.database.azure.com                                                                                                           
Server:     10.0.0.10
Address:    10.0.0.10:53

Non-authoritative answer:
myname-server.postgres.database.azure.com   canonical name = e7657xxxxxx.myname-pdz.postgres.database.azure.com

Non-authoritative answer:
myname-server.postgres.database.azure.com   canonical name = e7657xxxxxx.myname-pdz.postgres.database.azure.com

and if I lookup the cname

Code:
** server can't find e7657xxxxxx.myname-pdz.postgres.database.azure.com: NXDOMAIN

Somehow the problem is that the AKS DNS has no way to resolve cname here. I have no idea how to resolve this cname from the cluster
<p>I have provisioned an AKS cluster and an Postgres Flexible server. I am able to schedule a deployment from my ACR however I am unable to connect to my DB from my Pod. What am I missing? I am trying to connect via <em>myname.postgres.database.azure.com</em>. I think both AKS and PG are on the same vnet. I am not sure exactly how the privatelink thing is meant to work, this could be the source of my confusion.</p>
<pre><code>│ 2024/06/12 09:28:06 Unable to connect to database: failed to connect to `host=myname-server.postgres.database.azure.com user=user database=database`: hostname resolving error (lookup myname.postgres.database.azure.com on 10.0.0.10:53: no such host)
</code></pre>
<p>Core network module</p>
<pre class="lang-tf prettyprint-override"><code># Resource Group
resource "azurerm_resource_group" "default" {
name = "${var.prefix}_rg"
location = var.location
}

resource "azurerm_virtual_network" "default" {
name = "${var.prefix}-vnet"
location = var.location
resource_group_name = azurerm_resource_group.default.name
address_space = ["10.0.0.0/16"]
}

resource "azurerm_network_security_group" "default" {
name = "${var.prefix}-nsg"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name

security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}

resource "azurerm_subnet" "default" {
name = "${var.prefix}-subnet"
virtual_network_name = azurerm_virtual_network.default.name
resource_group_name = azurerm_resource_group.default.name
address_prefixes = ["10.0.2.0/24"]
service_endpoints = ["Microsoft.Storage"]

delegation {
name = "fs"

service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"

actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
}

resource "azurerm_subnet_network_security_group_association" "default" {
subnet_id = azurerm_subnet.default.id
network_security_group_id = azurerm_network_security_group.default.id
}

resource "azurerm_private_dns_zone" "default" {
name = "${var.prefix}-pdz.postgres.database.azure.com"
resource_group_name = azurerm_resource_group.default.name

depends_on = [azurerm_subnet_network_security_group_association.default]
}

resource "azurerm_private_dns_zone_virtual_network_link" "default" {
name = "${var.prefix}-pdzvnetlink.com"
private_dns_zone_name = azurerm_private_dns_zone.default.name
virtual_network_id = azurerm_virtual_network.default.id
resource_group_name = azurerm_resource_group.default.name
}

resource "azurerm_postgresql_flexible_server" "default" {
name = "${var.prefix}-server"
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
version = "13"
delegated_subnet_id = azurerm_subnet.default.id
private_dns_zone_id = azurerm_private_dns_zone.default.id
administrator_login = "prop"
administrator_password = var.db_password
zone = "1"
storage_mb = 32768
sku_name = "GP_Standard_D2s_v3"
backup_retention_days = 7

depends_on = [azurerm_private_dns_zone_virtual_network_link.default]
}

resource "azurerm_postgresql_flexible_server_database" "default" {
name = "${var.prefix}-db"
server_id = azurerm_postgresql_flexible_server.default.id
collation = "en_US.utf8"
charset = "UTF8"
}
</code></pre>
<p>AKS Module</p>
<pre class="lang-tf prettyprint-override"><code># Create cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = "${var.prefix}_aks"
dns_prefix = "${var.prefix}aks"
location = var.location
resource_group_name = var.resource_group_name
sku_tier = "Free"

default_node_pool {
name = "${var.prefix}pool"
node_count = var.node_count
vm_size = var.vm_size
temporary_name_for_rotation = "${var.prefix}tmp"
}

identity {
type = "SystemAssigned"
}

network_profile {
network_plugin = "azure"
network_plugin_mode = "overlay"
ebpf_data_plane = "cilium"
}
}

resource "azurerm_container_registry" "acr" {
name = "${var.prefix}acr"
location = var.location
resource_group_name = var.resource_group_name
sku = "Basic"
admin_enabled = true
}
</code></pre>
<p>Update</p>
<pre><code>kubectl exec -it busybox -- nslookup myname-server.postgres.database.azure.com
Server: 10.0.0.10
Address: 10.0.0.10:53

Non-authoritative answer:
myname-server.postgres.database.azure.com canonical name = e7657xxxxxx.myname-pdz.postgres.database.azure.com

Non-authoritative answer:
myname-server.postgres.database.azure.com canonical name = e7657xxxxxx.myname-pdz.postgres.database.azure.com
</code></pre>
<p>and if I lookup the cname</p>
<pre><code>** server can't find e7657xxxxxx.myname-pdz.postgres.database.azure.com: NXDOMAIN
</code></pre>
<p>Somehow the problem is that the AKS DNS has no way to resolve cname here. I have no idea how to resolve this cname from the cluster</p>
Continue reading...
 

Latest posts

B
Replies
0
Views
1
Blundering Ecologist
B
Top