I think public access is dangerous, so I want to build EGRESS and add only the egress ip to the whitelist.
**
1.Because GKE is public, CLOUD NAT, which is private, is not included.
2.I've never used TERRAFORM, so I want an answer other than TERRAFORM.
3.VPCs and VPNs are also difficult to understand.
** This is the currently set EGRESS.
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: test-egress
spec:
podSelector:
matchLabels:
app: testapp
networking/allow-internet-egress: "true"
policyTypes:
- Egress
egress:
- to:
- ipBlock:
#static google ip
cidr: xx.xxx.xx.xxx/32
Again, I can't connect to the database. someone please help
You can follow and use the Terraform : https://registry.terraform.io/modules/GoogleCloudPlatform/nat-gateway/google/latest/examples/gke-nat-gateway
it will create the Public NAT for you with Egress IP that you can whitelist into the RDS.
Github repo : https://github.com/GoogleCloudPlatform/terraform-google-nat-gateway/tree/v1.2.3/examples/gke-nat-gateway
You can use the shell script which will take 2-3 variable input and invoke the Terraform automatically.
No changes are required into the Terraform, you can also use the Button in Github to run directly on GCP cloud shell if you don't have experience with TF.