I’m currently using cockroach-operator GitHub - cockroachdb/cockroach-operator: k8s operator for CRDB to deploy a basic 3 pod CockroachDB cluster.
Services and Ingress:
Eventually i’m going to have a 2nd cluster that houses my public API (in golang) that will communicate with my CockroachdDB cluster. So essentially I want to keep my CockroachDB cluster entirely private from the outside world (a.k.a - no External IPs)
Should I be using an Internal Load Balancer to load balance over my cockroachdb pods? Something like this?
apiVersion: v1 kind: Service metadata: name: cockroachdb-ilb annotations: networking.gke.io/load-balancer-type: "Internal" labels: app: cockroachdb-public spec: type: LoadBalancer selector: app: cockroachdb-public ports: - port: 8080 targetPort: 8080 protocol: TCP
One thing also I’ll need to do is make sure that my API cluster and my CockroachDB cluster are in the same VPC, so they can communicate which each other privately?
I’m very curious about other people’s setups and such. I’m new to Kubernetes as well, so i’m more looking for advice on how to setup a secure GKE API → Cockroachdb setup