Secure your Database Connection

In the guide Provision and Binding Cloud Resources and Provision a Database and Import a SQL File for initialization, a database’s public host DB_PUBLIC_HOS is used to connect by business component. It’s necessary when you want to have a try, create a PoC, or use the database outside a cloud provider. But it’s not secure for production use of database.

This tutorial will talk about how to secure your database connection.

In the reference doc for Alibaba Cloud RDS, these two properties are essential.

NameDescriptionTypeRequiredDefault
vswitch_idThe vswitch id of the RDS instance. If set, the RDS instance will be created in VPC, or it will be created in classic network.stringfalse
allocate_public_connectionWhether to allocate public connection for a RDS instance.boolfalse

Set vswitch_id to the same as one of VSwitch of your ACK cluster, or a new VSwitch which belongs to the VPC of the cluster. Set allocation_public_connection to false to disable internet connection.

Then using DB_HOST in business component to securely connect the database by intranet connection

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  4. spec:
  5.   components:
  6.     - name: web
  7.       ...
  8.       traits:
  9.         - type: service-binding
  10.           properties:
  11.             envMappings:
  12.               DATABASE_HOST:
  13.                 secret: db-conn
  14. -                key: DB_PUBLIC_HOST
  15. +                key: DB_HOST
  18.     - name: db
  19.       type: alibaba-rds
  20.       properties:
  21.         ...
  22. +        vswitch_id: xxx
  23. +        allocate_public_connection: false
  24.         writeConnectionSecretToRef:
  25.           name: db-conn

Last updated on Aug 4, 2023 by Daniel Higuero