I have a cluster with multiple databases. Applications on my cluster can access the database using the clusterIP service. For security reasons, I do not want to expose these databases publicly using a nodeport or a loadbalancer.
What I would like to do is upload a web based database client to Kubernetes and expose this client as a service, so that the database can be accessed.
Is something like this possible?
Personal opinion aside on 'web based database client' and security concern
What you are trying to achieve seems to be proxying your databases through a web app.
This would go like this:
NodePort/LB --> [WebApp] --> (DB1 ClusterIP:Port)--[DB1]
\--> (DB2 ClusterIP:Port)--[DB2]
\--> (DB3 ClusterIP:Port)--[DB3]
You just have to define a NodePort/LB Service to expose your WebApp publicly, and ClusterIP Services for each Database you want to be able to reach. As long as the WebApp is running in the same cluster, it will be able to connect to your internal databases, while they wouldn't be directly reachable from outside the Kubernetes cluster.
You would need to check, in any registry, if there is this web based client Docker image you want. If there is, you would deploy it as pod, and will expose this pod to access from your browser.
Related
I have a constructed DB that have a structure I need. I works with this by using Neo4j Desktop. Now I've deployed an app what works with my db in local network, but can't work from eternal networks. Now I need to fix it but I can't find any info about that.
When I've tried to connect to db via address http://localhost:PORT from my phone connected to same network I didn't got anything related to db.
I tried to add some settings in neo4j.conf file such as org.neo4j.server.webserver.address=0.0.0.0 and dbms.connector.http.address=0.0.0.0:7474.
Also I have a DDNS but I don't know how can I use it to connect to my db.
I'm expecting that I can connect to my db from any network.
How does one go about uploading a database like Apache Cassandra after creating one? Furthermore, is there a way to upload/share only its skeleton structure, without the data gathered in it? I'm on MacOS and would like to use Python to do all of this. Thank you!
Based on your second comment, I guessed it to mean you want the database to be remotely accessible to clients/apps not installed locally.
Clients/apps connect to Cassandra on the IP address set for rpc_address and the CQL port set for native_transport_port (default is 9042) set in cassandra.yaml.
You mentioned that your Cassandra instance is running on your laptop so only clients/apps running on your local network can access it if you configure rpc_address to an IP address accessible on the network (default is localhost).
If you're just trying out Cassandra and want to collaborate with other developer friends, try Astra and launch Cassandra instance on the free-tier (no credit card required). With it you can share the database credentials with your friends and they can connect to it over the internet.
You can connect to Astra from your Python app using the Python driver. Otherwise, Astra includes Stargate.io pre-configured and ready to use. Stargate is a data access gateway that lets you connect to Cassandra from your app using REST API, GraphQL API or JSON/Doc API without having to learn CQL. For more info, see Connecting to your Astra database. Cheers!
I have a VB.NET application that utilises databases in an SQL server. I am currently testing the application on the same computer the server is hosted on.
I connect to the server through the following connection string...
("Data Source = " & Master.CurrentIP.Text & ",1433;Network Library=DBMSSOCN;Initial Catalog=ExcelDM;User ID=" & Master.CurrentUser.Text & ";Password=" & Master.CurrentPass.Text & ";")
"Master.CurrentIP.Text" refers to my public IP address and not my computer's.
Basically, everything works perfectly when I test the application on this computer. I am wondering if I can use this as a test for other computers joining or not. Should I host my server on something that isn't my computer?
To clarify, remote connections is enabled on the server and port forwarding (port # 1433) is open both incoming and outgoing through windows firewall and my router port forwarding settings. All TCP/IP options are open in the SQL configuration manager etc.
Based on your comments, I'd make the following assumptions:
You aren't holding any sensitive data, so security isn't a major concern
You are going to be running this on a LAN (local area network) and not over the web
If that's the case I'd suggest the following:
You are fine testing on your local machine - the connection will work the same over any protocol on local or remote, and given the small amount of data in a D&D campaign, you probably aren't going to be worried about performance even if your application is very chatty with SQL server
Put your connection information in the application configuration file, this is supported in .NET framework with some helper types like ConfigurationManager where you can access connection strings like so:
Config file:
<connectionStrings>
<add name="MyConnection" providerName="System.Data.SqlClient" connectionString="server=somehostname;database=Dungeons;uid=user;password=password" />
</connectionStrings>
c# code
string connectionString = ConfigurationManager.ConnectionStrings["MyConnection"];
See here for more details:
https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings-and-configuration-files
Since your friends probably don't want to mess with your SQL server and you are probably not joined to a windows domain, I'd say you are fine with putting secrets (user/pass) in the connection string in the configuration file
I'd not bother with what I said about Windows security - basically the users on the client machines would be used as credentials to the SQL database, this would be a bit more of a headache to configure if you aren't all joined to a domain rather than just embedding a SQL user/pass in the config
** Edit: **
Further to conversation, if you are writing an app that clients will be accessing over the web, using a direct SQL connection is not usually the best idea, but it can work if you can manage your clients/IPs.
Generally, opening your SQL server up to the internet is just asking to be attacked - and unless your SQL server is up to date, this can lead to the host machine being compromised.
At best it's an inconvenience, but if you are using that machine for anything other than D&D data, then you probably don't want someone snooping around on it.
In the case that you don't want to change your application architecture
You can whitelist your clients in SQL server/on the firewall. Since it's only friends (let's say 10-20 people?), you can manage their IPs without too much trouble.
This prevents the general internet from being able to access your server.
You could also use a VPN (either software or on your hardware if your router supports it). This also has the effect of putting your clients on your LAN essentially, removing the need for any firewall config apart from the VPN itself.
In the case you are interested in changing your app architecture
You can use a service based approach. This is what is generally used to secure web-based services - .NET framework supports this with WCF (Windows Communication Foundation).
This allows you to define service contracts that your server/client can adhere to.
The communication protocol/method itself is decided via configuration, so you can change what mechanism is used to communicate between client/server after-the-fact without having to change your application code.
This does require you to write a service layer though - you won't be able to directly access SQL from your client, but it could be a useful learning experience, especially if you are interested in doing work like this in the future.
Read about WCF here:
https://learn.microsoft.com/en-us/dotnet/framework/wcf/whats-wcf
There's also the REST based approach which sits down at the HTTP level, .NET framework can support this via ASP.NET web API.
https://dotnet.microsoft.com/apps/aspnet/apis
... so in short, there are a few options
I deployed a service to GKE on Google Cloud Platform, but unfortunately, Snowflake is blocking the IP Address. I think Snowflake only enables connections to IP Addresses that have been whitelisted, so I tried creating a cluster in the appropriate Network. But when I expose the service, I still run into the error.
I have also created an App Engine instance as well in the appropriate network, and it still doesn't let me connect to Snowflake.
Error Message:
DatabaseError: (snowflake.connector.errors.DatabaseError) 250001 (08001): None: Failed to connect to DB: IP [XXXXXXX] is not allowed to access Snowflake. Contact your local security administrator.\n(Background on this error at: http://sqlalche.me/e/4xp6)\nINFO:snowflake.con! nector.connection:closed\nINFO:snowflake.connector.connection:closed\n
Your snowflake application only accepts requests from whitelisted IPs which means you need to have a specific IP, or a set of specific IPs that are calling snowflake.
By default, GKE will not do this.
When a request from one of your pods tries to reach outside the cluster to contact snowflake, the pod IP is SNATd to use the node's IP address. Both nodes and node IPs are dynamic and stateless so you can't make sure specific IPs are used.
Instead, consider using Cloud NAT with GKE. This will ensure that all requests from your GKE cluster will use the same IP address. You can then just whitelist the Cloud NAT IP on snowflake.
I'm working now on an application for iOS (using swift), the database is already exist in SQL Server.
How I will use it and connect with it? Do i need a web service to do that?
thanks all .
It is recommended to use a web service since having the application talk directly to the database means you need to include the SQL Credentials in the binary and anyone with a copy of the application can get them and do whatever they wish in the database. From a security point of view, this is bad.
The correct approach is to have a web server which will host an "API" -- a web application that will receive HTTP requests from the app and translate them to database queries and then will return the response in another format, such as JSON.
However, you need to be careful. This web services must use HTTPS and must first validate the input in order to protect against attacks such as SQL Injection.