I have two cluster in GCP.
Now if i make the service of postgres as Internally load balanced to provide security i can access it using my VPN configurations .
But the problem got while accessing the Postgres from the dataproc cluster. The communication wasnt successful. Hence i had to made the postgres public load balanced.
I want suggestions here how we can achieve security here.? making database less accessible however it should be still accessible by Dataproc cluster.
If you are using the LoadBancer to expose the service directly and not using the Ingress you can use the IP whitelisting option to Whitelist your Data Cluster IPs.
Example
apiVersion: v1
kind: Service
metadata:
name: postgres
spec:
ports:
- port: 8765
targetPort: 9376
selector:
app: example
type: LoadBalancer
loadBalancerIP: 79.78.77.76
loadBalancerSourceRanges:
- 130.211.204.1/32
- 130.211.204.2/32
You can add the Data cluster IPs (or the whole VPC subnet IP range in which the cluster is) in LoadBalancer service and only requests coming from cluster will be access the database.
Refer to the link for more information
Ingress
If you are using the ingress to expose the database
You can use the annotation :
ingress.kubernetes.io/whitelist-source-range
to whitelist the IPs