I'm setting up EGRESS to access AWS RDS from GKE

Question

I think public access is dangerous, so I want to build EGRESS and add only the egress ip to the whitelist.

**

1.Because GKE is public, CLOUD NAT, which is private, is not included.

2.I've never used TERRAFORM, so I want an answer other than TERRAFORM.

3.VPCs and VPNs are also difficult to understand.

** This is the currently set EGRESS.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: test-egress
spec:
  podSelector:
    matchLabels:
      app: testapp
      networking/allow-internet-egress: "true"
  policyTypes:
    - Egress
  egress:
    - to: 
      - ipBlock:
    #static google ip
          cidr: xx.xxx.xx.xxx/32

Again, I can't connect to the database. someone please help

Harsh Manvar · Answer 1 · 2022-08-04T12:07:45.507

0

You can follow and use the Terraform : https://registry.terraform.io/modules/GoogleCloudPlatform/nat-gateway/google/latest/examples/gke-nat-gateway

it will create the Public NAT for you with Egress IP that you can whitelist into the RDS.

Github repo : https://github.com/GoogleCloudPlatform/terraform-google-nat-gateway/tree/v1.2.3/examples/gke-nat-gateway

You can use the shell script which will take 2-3 variable input and invoke the Terraform automatically.

No changes are required into the Terraform, you can also use the Button in Github to run directly on GCP cloud shell if you don't have experience with TF.

edited Aug 04 '22 at 12:07

answered Aug 04 '22 at 12:01

Harsh Manvar

27,020
6
48
102

I've tried both shell and terraform, but this throws an error in apply. – jeqwdkc Aug 04 '22 at 17:01
Share the error that you getting . – Harsh Manvar Aug 05 '22 at 03:34

I'm setting up EGRESS to access AWS RDS from GKE

1 Answers1