search

cloudfoundry-incubator / kubecf

Cloud Foundry on Kubernetes
Apache License 2.0
115 stars 62 forks source link

How to connect to DB not hosted in kubecf? #1735

Closed martinstraesser closed 3 years ago

martinstraesser commented 3 years ago

I am using a Spring App to connect to a PostgreSQL database hosted outside of kubecf. The database is hosted at a fixed address like 10.1.3.40:5432. In my application.properties file I specify:

spring.datasource.url=jdbc:postgresql://10.1.3.40:5432/

Moreover, I set username and password correctly. When I try to start the app in kubecf, I get:

2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT Caused by: org.postgresql.util.PSQLException: Connection to 10.1.3.40:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:280) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:211) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.Driver.makeConnection(Driver.java:458) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.Driver.connect(Driver.java:260) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:354) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:202) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:473) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:554) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.HikariDataSource$$FastClassBySpringCGLIB$$eeb1ae86.invoke(<generated>) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:769) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:136) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:124) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at com.zaxxer.hikari.HikariDataSource$$EnhancerBySpringCGLIB$$26d9de5f.getConnection(<generated>) ~[HikariCP-3.4.2.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at liquibase.integration.spring.SpringLiquibase.afterPropertiesSet(SpringLiquibase.java:311) ~[liquibase-core-3.8.5.jar:na]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     ... 28 common frames omitted
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT Caused by: java.net.ConnectException: Connection refused (Connection refused)
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.8.0_275]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[na:1.8.0_275]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[na:1.8.0_275]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[na:1.8.0_275]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:1.8.0_275]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at java.net.Socket.connect(Socket.java:607) ~[na:1.8.0_275]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.core.PGStream.<init>(PGStream.java:75) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:91) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192) ~[postgresql-42.2.9.jar:42.2.9]
   2021-06-07T09:54:40.23+0000 [APP/PROC/WEB/0] OUT     ... 51 common frames omitted

The address specified above is reachable from any node in my cluster. I did not face this issue when working with cf-for-k8s, from which I recently moved to kubecf.

What I tried already:

I assume that the requests addressed with the IP and port never leave the diego-cell and that the DNS entry in /etc/hosts of the hosts are not used. So my question is: How can I address the external database from my app?

berndgoetz commented 3 years ago

Hey, Martin, I don't have an answer for your question, I'm afraid, but I anyway wanted to ask you for the reasons you had to switch from cf-4-k8s to kubecf. I'd be interested to hear that from you. Thanks.

martinstraesser commented 3 years ago

Hello Bernd, I will answer you via mail as your question is not directly related to this issue.

sourirv commented 3 years ago

@martinstraesser this is likely to do with App Security Groups. Could you try creating an ASG that allows egress traffic to your database server ip:port?

1) For example -- create a json file postgres_asg.json like so [ { "protocol": "tcp", "destination": "10.1.3.0/24", "ports": "5432", "log": true, "description": "Allow tcp traffic to postgres" } ]

2) Then create the ASG

cf create-security-group postgres postgres_asg.json

3) Make sure you bind the asg like so ..

cf bind-staging-security-group postgres cf bind-running-security-group postgres

4) You will need to restart your app for the ASGs to take effect.

martinstraesser commented 3 years ago

@sourirv Thanks very much that solved my problem!