CODEWITHSUNDEEP
kubernetesgoogle-cloud-platformgoogle-kubernetes-enginegoogle-cloud-dataprocgke-networking
Nishchal Dinesh
Nishchal Dinesh

Reputation: 163

Accessing Postgres in a GKE cluster from a Dataproc cluster

I have two cluster in GCP.

  1. GKE cluster which has only postgres installed using Kubernetes.
  2. A dataproc cluster.

Now if i make the service of postgres as Internally load balanced to provide security i can access it using my VPN configurations .

But the problem got while accessing the Postgres from the dataproc cluster. The communication wasnt successful. Hence i had to made the postgres public load balanced.

I want suggestions here how we can achieve security here.? making database less accessible however it should be still accessible by Dataproc cluster.

Upvotes: 2

Views: 266

Answers (1)

Harsh Manvar
Harsh Manvar

Reputation: 30083

If you are using the LoadBancer to expose the service directly and not using the Ingress you can use the IP whitelisting option to Whitelist your Data Cluster IPs.

Example

apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
ports:
    - port: 8765
      targetPort: 9376
  selector:
    app: example
  type: LoadBalancer
  loadBalancerIP: 79.78.77.76
  loadBalancerSourceRanges:
  - 130.211.204.1/32
  - 130.211.204.2/32

You can add the Data cluster IPs (or the whole VPC subnet IP range in which the cluster is) in LoadBalancer service and only requests coming from cluster will be access the database.

Refer to the link for more information

Ingress

If you are using the ingress to expose the database

You can use the annotation :

ingress.kubernetes.io/whitelist-source-range

to whitelist the IPs

Upvotes: 3

Related Questions