You can run almost anything you need directly in your Release-managed Kubernetes cluster. But sometimes you'll also want to integrate with other cloud services that are not within the cluster, such as database services (RDS, CloudSQL), data stores (Elasticache, Memorystore), data analytics solutions (Redshift, BigQuery), and others.
To allow your Release clusters to communicate with other cloud services, you need to:
- Ensure that the other services are running in the same VPC as your Release clusters.
- Ensure that you have the correct security groups (AWS) or firewall rules (GCP) set up.
This means that any customer or public traffic will enter your VPC through your ingress, and your software running in your cluster will be able to connect to other services, as shown in the diagram below.
diagram showing ingress and security group
When Release creates a new node group in your AWS account, it also creates a default security group that all nodes in that group belong to.
You can find this security group using the following steps:
- Log in to your Release account and navigate to the Cluster Info page.
- Note the context, node group name, and region of your cluster.
You can see where to find the cluster context and node group name in the image below.
Get cluster and node group name
Log in to your AWS console, and:
- Navigate to the EC2 dashboard for the same region as your cluster.
- Use the cluster context and node group name to find a worker node.
- Go to Actions -> Security -> Change security groups and look for the security group that also contains the cluster context.
You can see an example of a worker node and how to navigate to the security groups in the image below.
Finding the security group
When you create a new cloud service, you need to:
- Set the VPC to the same one used by your Release cluster.
- Assign the security group you identified above.
Because the security group allows traffic from any services with the same group assigned, the code running in your cluster will be able to connect to these services.
Note that whenever you create a new node group through Release, all nodes in that group will be assigned to a new security group. You'll therefore have to follow these steps and add the new security group to any cloud services each time you create a new node group in Release.