4

I'm trying to setup an VPC Peering from my MongoDB Atlas Cluster to my Kubernetes EKS Cluster on AWS. The Peering is established successfully but i get no connection to the cluster on my pod's.

The peering is setup. Peering

The default entry for the whitelist ist added as well. Once the connection works i will replace it with a security Group. IP Whitelist

The peering on AWS is accepted and "DNS resolution from requester VPC to private IP" is enabled. Peering AWS

The route as been added to the Public Route Table of the K8S Cluster. Route AWS

When i connect to a pod and try to establish a connection with the following command:

# mongo "mongodb://x.mongodb.net:27017,y.mongodb.net:27017,z.mongodb.net:27017/test?replicaSet=Cluster0-shard-0" --ssl --authenticationDatabase admin --username JackBauer

I get "CONNECT_ERROR" for every endpoint.

What am I missing?

NOTE: I've just created a new paid cluster and the VPC is working perfectly. Might this feature be limited to paid clusters only?

Improve this question
8
  • Is your MongoDB in shard configuration? Commented Aug 26, 2019 at 7:23
  • Adding --verbose may give you some more info on what is the reason of the connection error Commented Aug 26, 2019 at 8:00
  • @FL3SH no its in replica set configuration Commented Aug 26, 2019 at 9:22
  • @esboych this is an output with --verbose: NETWORK [thread1] creating new connection to:x.mongodb.net:27017 NETWORK [thread1] connected to server x.mongodb.net:27017 (108.x.y.z) NETWORK [thread1] SocketException: remote: (NONE):0 error: 9001 socket exception [CONNECT_ERROR] [thread1] User Assertion: 6:network error while attempting to run command 'isMaster' on host 'x.mongodb.net:27017' Commented Aug 26, 2019 at 9:23
  • @thomas-spycher your case might look like an ssl issue. The connected to server x.mongodb.net:27017 means you have connectivity on the network level. To clarify further you may run nc -v x.mongodb.net 27017 in advance. If you'll got something like x.mongodb.net (108.x.y.z) 27017 (?) open then you do have a connection at least on the network level. So as a next step you may check ssl-related stuff like key/cert files or so. Commented Aug 26, 2019 at 11:51

1 Answer 1

Reset to default
3

Well... as the documentation states:

You cannot configure Set up a Network Peering Connection on M0 Free Tier or M2/M5 shared clusters.

Peering is not working on shared Cluster. Which makes, after i think about it, totally sense.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Ohh ok then it's about to be clear now. Btw you may consider DocumentDB of AWS which advertised as Mongo API-compatible and probably will have less trouble to connect from private IPs.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.