CockroachDB GKE questions

I’m currently using cockroach-operator GitHub - cockroachdb/cockroach-operator: k8s operator for CRDB to deploy a basic 3 pod CockroachDB cluster.

Workloads:

Services and Ingress:

Notes:
Eventually i’m going to have a 2nd cluster that houses my public API (in golang) that will communicate with my CockroachdDB cluster. So essentially I want to keep my CockroachDB cluster entirely private from the outside world (a.k.a - no External IPs)

Should I be using an Internal Load Balancer to load balance over my cockroachdb pods? Something like this?

apiVersion: v1
kind: Service
metadata:
  name: cockroachdb-ilb
  annotations:
    networking.gke.io/load-balancer-type: "Internal"
  labels:
    app: cockroachdb-public
spec:
  type: LoadBalancer
  selector:
    app: cockroachdb-public
  ports:
    - port: 8080
      targetPort: 8080
      protocol: TCP

One thing also I’ll need to do is make sure that my API cluster and my CockroachDB cluster are in the same VPC, so they can communicate which each other privately?

I’m very curious about other people’s setups and such. I’m new to Kubernetes as well, so i’m more looking for advice on how to setup a secure GKE API → Cockroachdb setup :slight_smile: