postgresqlazureazure-aks
How to connect AKS to Postgres flexible server
I have provisioned an AKS cluster and an Postgres Flexible server. I am able to schedule a deployment from my ACR however I am unable to connect to my DB from my Pod. What am I missing? I am trying to connect via myname.postgres.database.azure.com. I think both AKS and PG are on the same vnet. I am not sure exactly how the privatelink thing is meant to work, this could be the source of my confusion.
│ 2024/06/12 09:28:06 Unable to connect to database: failed to connect to `host=myname-server.postgres.database.azure.com user=user database=database`: hostname resolving error (lookup myname.postgres.database.azure.com on 10.0.0.10:53: no such host)
Core network module
# Resource Group
resource "azurerm_resource_group" "default" {
name = "${var.prefix}_rg"
location = var.location
}
resource "azurerm_virtual_network" "default" {
name = "${var.prefix}-vnet"
location = var.location
resource_group_name = azurerm_resource_group.default.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_network_security_group" "default" {
name = "${var.prefix}-nsg"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet" "default" {
name = "${var.prefix}-subnet"
virtual_network_name = azurerm_virtual_network.default.name
resource_group_name = azurerm_resource_group.default.name
address_prefixes = ["10.0.2.0/24"]
service_endpoints = ["Microsoft.Storage"]
delegation {
name = "fs"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
}
resource "azurerm_subnet_network_security_group_association" "default" {
subnet_id = azurerm_subnet.default.id
network_security_group_id = azurerm_network_security_group.default.id
}
resource "azurerm_private_dns_zone" "default" {
name = "${var.prefix}-pdz.postgres.database.azure.com"
resource_group_name = azurerm_resource_group.default.name
depends_on = [azurerm_subnet_network_security_group_association.default]
}
resource "azurerm_private_dns_zone_virtual_network_link" "default" {
name = "${var.prefix}-pdzvnetlink.com"
private_dns_zone_name = azurerm_private_dns_zone.default.name
virtual_network_id = azurerm_virtual_network.default.id
resource_group_name = azurerm_resource_group.default.name
}
resource "azurerm_postgresql_flexible_server" "default" {
name = "${var.prefix}-server"
resource_group_name = azurerm_resource_group.default.name
location = azurerm_resource_group.default.location
version = "13"
delegated_subnet_id = azurerm_subnet.default.id
private_dns_zone_id = azurerm_private_dns_zone.default.id
administrator_login = "prop"
administrator_password = var.db_password
zone = "1"
storage_mb = 32768
sku_name = "GP_Standard_D2s_v3"
backup_retention_days = 7
depends_on = [azurerm_private_dns_zone_virtual_network_link.default]
}
resource "azurerm_postgresql_flexible_server_database" "default" {
name = "${var.prefix}-db"
server_id = azurerm_postgresql_flexible_server.default.id
collation = "en_US.utf8"
charset = "UTF8"
}
AKS Module
# Create cluster
resource "azurerm_kubernetes_cluster" "aks" {
name = "${var.prefix}_aks"
dns_prefix = "${var.prefix}aks"
location = var.location
resource_group_name = var.resource_group_name
sku_tier = "Free"
default_node_pool {
name = "${var.prefix}pool"
node_count = var.node_count
vm_size = var.vm_size
temporary_name_for_rotation = "${var.prefix}tmp"
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "azure"
network_plugin_mode = "overlay"
ebpf_data_plane = "cilium"
}
}
resource "azurerm_container_registry" "acr" {
name = "${var.prefix}acr"
location = var.location
resource_group_name = var.resource_group_name
sku = "Basic"
admin_enabled = true
}
Update
kubectl exec -it busybox -- nslookup myname-server.postgres.database.azure.com
Server: 10.0.0.10
Address: 10.0.0.10:53
Non-authoritative answer:
myname-server.postgres.database.azure.com canonical name = e7657xxxxxx.myname-pdz.postgres.database.azure.com
Non-authoritative answer:
myname-server.postgres.database.azure.com canonical name = e7657xxxxxx.myname-pdz.postgres.database.azure.com
and if I lookup the cname
** server can't find e7657xxxxxx.myname-pdz.postgres.database.azure.com: NXDOMAIN
Somehow the problem is that the AKS DNS has no way to resolve cname here. I have no idea how to resolve this cname from the cluster
Solution
│ 2024/06/12 09:28:06 Unable to connect to database: failed to connect to `host=myname-server.postgres.database.azure.com user=user database=database`: hostname resolving error (lookup myname.postgres.database.azure.com on 10.0.0.10:53: no such host)
The error you encountered above is due to DNS not forwarding the traffic to Azure DNS (168.63.129.16) because you are using a custom DNS server (10.0.0.10)
To resolve the issue, you need to configure the Azure DNS resolver to forward the traffic from your custom DNS server to Azure Private DNS (168.63.129.16)
By configuring the DNS resolver, AKS will accept traffic coming from the custom DNS server and resolve the address of your database. Refer to the MS Doc for creating Azure DNS Private Resolver.
Reference: What is Azure DNS Private Resolver?
Azure Private Resolver for virtual network and on-premises workloads
- ruby raised another command is already in progress
- Find modal values in each row, with custom tie breaking in PostreSQL
- Find procedure name in all other procedures
- How to use posix regexp operator for substring match
- How to get results from a Postgresql function using EF Core?
- Sql Alchemy Insert Statement failing to insert, but no error
- SELECT rows with the max count per column value after GROUP BY
- Pick random values from different table-columns (postgresql)
- django.db.utils.ProgrammingError: relation "bot_trade" does not exist
- Supabase python client returns an empty list when making a query
- How to calculate DATE Difference in PostgreSQL?
- Repeat rows specified number of times in PostgreSQL
- How to visualize database tables in postgresql using pgAdmin?
- panic: sql: expected 1 destination arguments in Scan, not <number> golang, pq, sql
- Why is Postgres not using my index on a simple ORDER BY LIMIT 1?
- Npgsql: How to setup enum mapping in Npgsql v8?
- How to reference another docker service from Dockerfile
- How to differentiate a Cypher clause from an SQL clause in C?
- using sql joins vs using separated methods in java
- Prisma Supabase: Invalid format for user or db_name after initial migration
- Laravel Model casts not working properly
- Export specific rows from a PostgreSQL table as INSERT SQL script
- Retaining and inserting state into a postgres aggregation function
- Spring JPA with docker compose: Unable to determine Dialect without JDBC metadata (please set 'jakarta.persistence.jdbc.url' or 'hibernate.dialect'
- PostgreSQL - ERROR: column does not exist SQL state: 42703
- Function to return dynamic set of columns for given table
- How to force evaluation of subquery before joining / pushing down to foreign server
- How to install postgresql-client to Amazon EC2 Linux machine?
- Unterminated dollar-quoted string reported by goose when creating PostgreSQL function
- How to compute the sum of multiple columns in PostgreSQL