kubevela
/
kubevela.github.io
mirror of https://github.com/kubevela/kubevela.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubevela.github.io/docs/end-user/components/cloud-services/secure-your-database-connec...

55 lines
2.5 KiB
Markdown
Raw Blame History

---
title: Secure your Database Connection
---
In the guide [Provision and Binding Cloud Resources](./provision-and-consume-cloud-services) and [Provision a Database and Import a SQL File for initialization](./provision-and-initiate-database),
a database's public host `DB_PUBLIC_HOS` is used to connect by business component. It's necessary when you want to have
a try, create a PoC, or use the database outside a cloud provider. But it's not secure for production use of database.
This tutorial will talk about how to secure your database connection.
## Provision a database
In the [reference doc for Alibaba Cloud RDS](./terraform/alibaba-rds), these two properties are essential.
| Name | Description | Type | Required | Default |
|----------------------------|--------------------------------------------------------------------------------------------------------------------------------|--------|----------|---------|
| vswitch_id | The vswitch id of the RDS instance. If set, the RDS instance will be created in VPC, or it will be created in classic network. | string | false | |
| allocate_public_connection | Whether to allocate public connection for a RDS instance. | bool | false | |
Set `vswitch_id` to the same as one of VSwitch of your ACK cluster, or a new VSwitch which belongs to the VPC of the cluster.
Set `allocation_public_connection` to `false` to disable internet connection.
Then using `DB_HOST` in business component to securely connect the database by intranet connection
```yaml
apiVersion: core.oam.dev/v1beta1
kind: Application
spec:
components:
- name: web
...
traits:
- type: service-binding
properties:
envMappings:
DATABASE_HOST:
secret: db-conn
- key: DB_PUBLIC_HOST
+ key: DB_HOST
- name: db
type: alibaba-rds
properties:
...
+ vswitch_id: xxx
+ allocate_public_connection: false
writeConnectionSecretToRef:
name: db-conn
```
## Run application
Continue samples in [Provision and Binding Cloud Resources](./provision-and-consume-cloud-services) and [Provision a Database and Import a SQL File for initialization](./provision-and-initiate-database).
Reference in New Issue View Git Blame Copy Permalink