PostgreSQL / RDS Integration on EKS
PostgreSQL / RDS Integration on EKS
While it is possible to run the database inside Kubernetes (as a StatefulSet), a managed service like Amazon RDS or Amazon Aurora is usually recommended for production environments. Because backup, scaling, and High Availability (HA) are managed by AWS.
So, how does a microservice on Amazon EKS connect to RDS in the most correct way?
1. Network Access (Security Groups)
The most common mistake is opening RDS to 0.0.0.0/0 (the whole world). This is a huge security risk.
- Correct Way: Add an Inbound Rule to the RDS Security Group that only allows traffic from the Security Group of EKS Worker Nodes. Port: 5432 (PostgreSQL).
2. Authentication: IAM Authentication
Instead of storing username and password in code or ConfigMap, use IAM Database Authentication.
- The IAM role (IRSA) assigned to your pod gets permission to connect to RDS.
- Your application gets a temporary token with AWS SDK and uses it instead of a password. Password rotation hassle ends.
3. Connection Pooling
When your microservices scale (100 pods), if each pod opens 10 connections to the database, there will be 1000 connections total, and RDS might get overwhelmed.
- Solution: Use a connection pooler like PgBouncer. Run PgBouncer as a
Serviceon EKS. Pods connect to PgBouncer, and PgBouncer connects to RDS.
4. Latency
Your EKS cluster and RDS database must be in the same AWS Region. If possible, being in the same Availability Zone (AZ) minimizes latency.
This architecture leaves the database management burden to AWS while ensuring your application runs performantly and securely.