MongoDB Atlas Peering: Spring Boot App hosted in AKS
Organisation prefer to have their application development more agile and scale quickly as needed. Modern Applications Architecture prefer Kubernetes and MongoDB for application orchestration and data management needs.
Major Cloud Vendors AWS, Azure, Google offers Kubernetes as a Managed Service(PaaS) & MongoDB offers fully managed Database service Atlas.
Customers usually want to securely connect to Atlas Cluster running on AWS, Azure or Google Cloud via Peering or Private Endpoints. In this article we will see how to create Peering between AKS Cluster and Mongo Atlas running in Azure.
AKS Cluster are deployed within Customers VNet and MongoDB Atlas Clusters are deployed in their own Virtual Network(VNet), we have to create a VNet peering between AKS and Mongo Atlas, later use the private address space allocated in Azure AKS as the whitelisted IP’s in Atlas as shown above.
Pre-requisite
Mongo Atlas ( Azure )
- Create an Atlas account.
- Create an Organisation with one project.
- Create an Atlas Cluster( Peering option is available only on M10 and above)
- Create a DB User with access to any database
Kubernetes Cluster ( AKS )
- Create a Azure Subscription, if you don’t have one already
- Create Resource Group and have a region similar to the one in Atlas Cluster.
- Create Kubernetes service, Container Registry and VPN under the above resource group
- Deploy the Spring Boot App
- Create an external service as Load Balancer.
Create Atlas Cluster
Under the project choose Create Cluster and follow the below wizard. Select the required cloud provider, in this PoC we are using Azure, so lets use Azure and choose the required region
For Cluster Tier use M10 as peering is allowed from m10 and above.
The Cluster creation will take 10 mins once the cluster is created lets create a DB user.
Add a New DB User
Add a DB user with read and write access to the database. This will be used in the connection string for connecting to a database
Create AKS Cluster
Create a Kubernetes service, following the wizard as shown below.
Follow the wizard and use the default setting for others. One of the critical step is choosing the networking configuration. By default AKS uses kubenet for network configuration, choose Azure CNI instead to use VPN Peering . AKS doesn’t allow to change these settings once the cluster is created, so this has to done while the cluster is created.
In this step we can use the already created Virtual network & subnets or create a new one. This Virtual Network will be later used for MongoDB Peering.
The next step is using container register under Integration tab, again in this step we can use the existing container registry or create a new one. Container registry is used as a repository for the spring boot app. Later we can pull this image from the registry and deploy in AKS.
Network Access
As a part of security requirements Atlas controls inbound traffic to the Cluster using Network Access settings. Currently Atlas provides 3 options for controlling the access to the Cluster.
- IP Address List: Configure the list of IP addresses( single IP address or a CIDR -notated range of addresses) for Atlas to allow connection requests.
- Peering : Atlas supports network peering connection from AWS, Azure and Google Cloud.
- Private Endpoint
In this PoC we will configure Network Peering between Azure VNet and Atlas VNet
Peering
Choose Network Access and goto Peering Tab to Add a new Peering Connection
Get the below information from Azure Account and configure it in Atlas setup wizard on prompt as shown below
- Subscription ID
- Tenant ID
- Resource Group Name : The name of the resource group under which the VNET is created in Azure.
- VNet name: The VNet name of the Azure.
After configuring with the above information, Atlas provides you with the set of instruction that can be executed either in Azure CLI or Azure Cloud Shell( use bash instead of powershell). As a part of this step we create a service principal and a required role definition for peering with Azure VNet.
On Successful completion of the above 4 steps we can Initiate peering, Atlas and Azure would now show Active peering as shown below.
Switch back to Azure portal and view the peering status.
IP Address List
Once the Peering is active as a next step add the list of Private IP Address range from Azure VNet( subnet used while creating a AKS).
In the Azure portal get the subnet Address used during AKS creation and add them in the Atlas
Peering is now setup between Azure VNet and Atlas Vnet. Lets now see how this can be leveraged in the Spring Boot App.
Connection String
Atlas provides different connection strings based on the connection type, once the peering is established, choose “Private IP for Peering” under connection type.
Use the connection string for Java and have them configured in your spring boot application.
Build and Deploy Spring Boot App in AKS
The below repository holds a simple spring boot app for connecting to MongoDB and do basic CRUD operation.
Docker Build & Push to Container Repository
Check out the above git repository, update the connection string from the above step in application.properties and issue the below commands
mvn clean package -DskipTests=true
docker build -t <containerrepositoryname>.azurecr.io/springmongopoc:v1.0 .
Once the build is completed push the image to the azure container registry
az login
az acr login -n <containerrepositoryname>
docker push <containerrepositoryname>.azurecr.io/springmongopoc:v1.0
Deploy App to AKS & Expose endpoint
Login to AKS Cluster and Deploy the App
az aks get-credential --resource-group=<your resource group name> --name=<yourclustername>
kubectl create deployment mongospringpoc --image=<containerrepositoryname>.azurecr.io/springmongopoc:v1.0
kubectl expose deployment mongospringpoc --port=8080 --type=LoadBalancer
Access exposed REST end point to verify
Was able to access the Atlas Cluster from Spring boot app hosted in AKS.
