This topic tells you how to configure your AWS environment for Consuming AWS RDS on Tanzu Application Platform (TAP) with AWS Controllers for Kubernetes (ACK).
Meet the prerequisites for consuming AWS RDS on Tanzu Application Platform with AWS Controllers for Kubernetes (ACK), including using
eksctl to create an EKS cluster. This procedure entails reusing the resources created when you created the cluster.
You can still create separate VPCs, subnets and security groups if you want. Ensure that these are configured such that Tanzu Application Platform workloads on EKS can discover and connect to RDS instances.
To configure the AWS RDS environment:
Use the AWS cloud console to determine the VPC ID of the EKS cluster, or run this command:
aws eks describe-cluster --name YOUR-CLUSTER-NAME --region YOUR-REGION | \ jq -r .cluster.resourcesVpcConfig.vpcId
RDS instances must be configured with a subnet group consisting of two or more subnets. The subnets within the subnet group must adhere to the following rules:
Discover existing subnets within your VPC by using the AWS Cloud console or by running:
aws ec2 describe-subnets --filters "Name=vpc-id,Values=YOUR-VPC-ID" --region YOUR-REGION | \ jq -r '.Subnets | select(.MapPublicIpOnLaunch == false) | .SubnetId'
Create the following Kubernetes resource on your EKS cluster by using the subnet IDs output:
# dbsubnetgroup.yaml --- apiVersion: rds.services.k8s.aws/v1alpha1 kind: DBSubnetGroup metadata: name: DB-SUBNET-GROUP-NAME namespace: ack-system spec: name: DB-SUBNET-GROUP-NAME description: rds-subnet-group subnetIDs: - SUBNET-ID-1 - SUBNET-ID-2 - SUBNET-ID-3
SUBNET-ID-3 are your own values.
kubectl apply -f dbsubnetgroup.yaml
Confirm that you created
DBSubnetGroup by running:
kubectl get DBSubnetGroup -n ack-system DB-SUBNET-GROUP-NAME -o yaml
Identify a suitable security group to use for the RDS instance that allows workloads running on the Tanzu Application Platform cluster to establish a connection. Do so by searching for a suitable security group within the AWS cloud console, or by running the following command, which identifies the
Communication between all nodes in the cluster security group:
aws ec2 describe-security-groups --filters "Name=vpc-id,Values=YOUR-VPC-ID" --region YOUR-REGION | \ jq -r '.SecurityGroups | select(.Description == "Communication between all nodes in the cluster").GroupId'
DB-SUBNET-GROUP-NAME and the security group ID output from the previous command. You need both when creating RDS instances as part of this use case.