Version: v1.2

Secure your Database Connection

In the guide Provision and Binding Cloud Resources and Provision a Database and Import a SQL File for initialization, a database's public host DB_PUBLIC_HOS is used to connect by business component. It's necessary when you want to have a try, create a PoC, or use the database outside a cloud provider. But it's not secure for production use of database.

This tutorial will talk about how to secure your database connection.

Provision a database#

In the reference doc for Alibaba Cloud RDS, these two properties are essential.

Name	Description	Type	Required	Default
vswitch_id	The vswitch id of the RDS instance. If set, the RDS instance will be created in VPC, or it will be created in classic network.	string	false
allocate_public_connection	Whether to allocate public connection for a RDS instance.	bool	false

Set vswitch_id to the same as one of VSwitch of your ACK cluster, or a new VSwitch which belongs to the VPC of the cluster. Set allocation_public_connection to false to disable internet connection.

Then using DB_HOST in business component to securely connect the database by intranet connection

apiVersion: core.oam.dev/v1beta1
kind: Application

spec:
  components:
    - name: web
      ...
      traits:
        - type: service-binding
          properties:
            envMappings:
              DATABASE_HOST:
                secret: db-conn
-                key: DB_PUBLIC_HOST
+                key: DB_HOST


    - name: db
      type: alibaba-rds
      properties:
        ...
+        vswitch_id: xxx
+        allocate_public_connection: false
        writeConnectionSecretToRef:
          name: db-conn

Run application#

Continue samples in Provision and Binding Cloud Resources and Provision a Database and Import a SQL File for initialization.