In Alibaba Cloud, I have a managed Kubernetes cluster and a MySQL RDS in the same VPC (the RDS endpoint is internal), and Kubernetes pods can reach to the RDS port 3306 just fine when the whitelist contains 0.0.0.0/0. I'd like to limit that to the Kubernetes pods CIDRs.
The Kubernetes nodes and pods are of a 10.0.0.0/16 range (e.g 10.2.220.118). There are 3 v-switches and 3 terway v-switches in the VPC, where the node vswitch_cidrs are:
"10.1.0.0/16",
"10.2.0.0/16",
"10.3.0.0/16"
and pods terway_vswitch_cirds are:
"10.4.0.0/16",
"10.5.0.0/16",
"10.6.0.0/16".
So I figured that 10.0.0.0/16, and/or 10.0.0.0/24, and/or 10.0.0.0/32 in the RDS whitelist will enable connection, but those don't work (I tried them together and separately).
I tried adding the cidrs as they are:
10.1.0.0/16,
10.2.0.0/16,
10.3.0.0/16,
10.4.0.0/16,
10.5.0.0/16,
10.6.0.0/16
but that didn't work either.
How can I limit the whitelist to include the Kubernetes pods (and later some laptops that will VPN into the VPC, but that's probably a different question)?
well, it was 10.1.0.0/8 , after all