Exposing private ip external services to a stack


I’m using cattle.

My application is using Amazon RDS for database. The security rules are allowing the connections just using private ips.

Now, if the host on which my app container runs is on an ec2 in the same subnet everything is fine, my container can use the database, but i need to add hosts outside of AWS.

Is there any way of adding an external service in my stack that can make the outside host see my internal RDS db?

I think i can achieve this by creating a container that will provide a tunnel but this will only work if this container is launched on an AWS host.

Any ideas?

Are you talking about http://rancher.com/docs/rancher/v1.6/en/cattle/adding-external-services/ ?

External services are just dns entries, they don’t help make the thing physically accessible.

As you have suggested @Alexandru_Nita your best bet is to run a proxy service in a place that can see it. You can easily label the hosts that are in AWS and limit scheduling of it to those hosts.

1 Like

Thanks @vincent that’s the way i solved my problem. I re-routed my requests using Service linksand setting the Destination Service to a proxy-service scheduled to run in aws.

For the proxy-service i tried using multiple solutions like: rinetd, squid, haproxy. Ended up using haproxy. Unfortunately this way of resolving my issue is very slow and i cannot use it in production, for our staging environment this works just fine.