I am testing connecting an application running in an external docker container, to a database running in a separate kubernetes cluster. What is the best way to make this connection with security practices in mind.
I am planning on creating an ingress service for the database in the kubernetes cluster. Then, when making the connection from the application, I should only need to add the ingress/service connection to be able to use this db, right?
We're running NGINX Ingress Controller which has the option to allow TCP connection from Outside. It's not possible over the CRD Ingress but you can modify a ConfigMap to route traffic to your Service.
The other option would be you create a Service with a NodePort. You will need then a LoadBalancer in front of the NodePort / Nodes to ensure the HA.
If you tell us more about your setup, I believe we can give you more detailed suggestions.
Just like anything else, use TLS, make sure all hops are encrypted and verified. Unless your database of choice uses an HTTP-based protocol, Ingress won't help you. So usually this means setting up TLS at the DB level and exposing it with a LoadBalancer service.