I have multiple services running across nodes.
I want to be able to query a postgres db from the pods of these services - This postgres db will only allow connections from whitelisted IPs - I will need to share a static IP with the admin of postgres db to be able to connect to it.
How can I ensure that no matter which node my pod is on, I can connect to the postgres db using a predefined static IP?
My current set up is :
NGINX INGRESS (Static IP) --> host based routing to certain services.
123.abc.com --> Service A --> Pod A --> Node A --> External IP A
456.abc.com --> Service B --> Pod B --> Node B --> External IP B
Pods of these services get external IP of the node they are on. Services are of type NodePort.
__ Possible Solution :
I am now trying to set up a common service - Service Postgres - that will query the Postgres DB. All other services will just query postgres service explicitly everytime they want to access postgres.
I assigned an External IP to the Service. But the pod queries from the IP of the node. It seems the external IP in the load balancer is for incoming requests? How do we assign a fixed IP to outgoing requests?
Outgoing IP for pods in K8s - Question on Stackoverflow
The answers on that question are satisfactory.
Create a helper service that talks to PostgreSQL. Schedule it on a specific node in a new node pool using node selector. Assign that node a static IP using the steps mentioned in the above link. (haven't tested this step yet) (KubeIP seems like a neat solution for this)
Use NAT Gateway in GKE in a private cluster. NAT Gateway GKE
1st option seems easier to implement, 2nd one is more generic.