I have a kubernetes cluster that exposes Postgresql on port 5432 via this information, this works like a charm. I'm currently testing this on my machine, and it works on db.x.io (x being my domain). But it also works on localhost. This seems fair, as it only creates a binding upon port 5432 to my service.
How can i also filter on subdomain? So its only accessible via db.x.io
There is not much that TCP protocol has in terms of filtering. This is because TCP protocol uses only IP:Port combination, no headers like in HTTP. Your subdomain is resolved by DNS to IP address before connection is made.
According to Nginx documentation you can do the following:
You can try to limit access from localhost by adding deny 127.0.0.1 to nginx configuration, however it will most likely break the Postgresql instead. So it is a risky suggestion.
For kubernetes ingress object it would be:
metadata:
annotations:
nginx.org/server-snippets: |
deny 127.0.0.1;Based on Nginx documentation.