Clever Geek Handbook

From what source-IP range do outbound connections to Pods originate?

I want to set up connections from a kubernetes cluster (created with az acs create

with basic default settings) to an Azure Postgresql instance, and I would like to know what is the source-IP range for login to HBA postgres (this is what Azure calls firewall-rule

pod az postgres server

).

The point is that although I see on console errors (when used psql

to check) that the current IP address that the cluster requests are coming from

FATAL:  no pg_hba.conf entry for host "x.x.x.x" [...]

... I just don't see that IP address anywhere in the cluster properties - and, anyway, it might seem like a very fragile configuration to just reassign that IP without knowing how it's assigned.

(In the Azure portal, I see one "public IP" associated with the cluster master, but this is not the same as the IP seen by postgres, and, I suppose, mostly for login.)

Ideally, does ACS allow me to manage outbound IP addresses for the cluster? If not, can I programmatically determine which IP or range of IP addresses to allow?

+3


source to share


2 answers


This should be the external IP for the node that the module is scheduled for. on the container engine:



$ kubectl get no -o wide
NAME                              STATUS    AGE       VERSION   EXTERNAL-IP       OS-IMAGE                             KERNEL-VERSION
gke-cluster-1-node-1              Ready     58d       v1.5.4    <example node IP> Container-Optimized OS from Google   4.4.21+

$ ssh gke-cluster-1-node-1
$ curl icanhazip.com
<example node IP>

$ kubectl get po -o wide | grep node-1
example-pod-1                                     1/1       Running   0          11d       <pod IP>      gke-cluster-1-node-1
$ kubectl exec -it example-pod-1 curl icanhazip.com
<example node IP>
+1


source


Does ACS allow you to control outbound IP addresses for a cluster? And also if not, can I programmatically determine which IP or range of IP addresses allows?

Based on my knowledge, Azure container service gives the public access to the docker application through the Azure load balancer, the load balancer will get a public IP.
By the way, we cannot specify which public IP address will be associated with the Azure load balancer.



After we can open the application on the internet, we can add the public IP to your Postgresql postgres HBA.

0


source






More articles:


All Articles