How to add source IP filtering to the exposed LoadBalancer service

gmautner · September 9, 2023, 3:50pm

In the Percona Operator for MySQL Based on Percona XtraDB Cluster there is a configuration called loadBalancerSourceRanges which allows to filter based on origin IP at the load balancer level.

Is there an equivalent way to do it with the Percona Operator for PostgreSQL?

Unfortunately I can’t filter it in the Postgres level because the source IP’s are being SNAT’ed by my load balancer.

I also thought about using Proxy Protocol to reveal the true source IP, which my load balancer supports, but it doesn’t seem that pgBouncer can understand it.

Any other workarounds for source IP filtering in this scenario?

Thanks

gmautner · September 9, 2023, 5:56pm

Update:

One simple solution is to patch the Service resource created by the CRD with a server side apply. However it would still be more convenient if there was a native way to do it with the operator itself so any thoughts are greatly appreciated.

Slava_Sarzhan · September 11, 2023, 5:16pm

Hi @gmautner, We do not support loadBalancerSourceRanges option for PG operator v2 for now. We have a task about it [K8SPG-311] Add option to customize load balancer source ranges - Percona JIRA. We will try to include it in the next PG v2 release.

Topic		Replies	Views
How do we add a static internal ip in percona mysql operator in cr.yaml (ha-proxy) Percona Operator for MySQL mysql , percona	3	772	March 16, 2022
Percona Operator for PostgreSQL V2.3: Now Live and Enhanced Percona Operator for PostgreSQL closed-no-reply	0	251	December 28, 2023
Exposing service as LoadBalancer Percona Operator for PostgreSQL	7	978	July 25, 2022
Expose the MySQL outside the cluster Percona Operator for MySQL	5	1474	April 24, 2024
Kubernetes Operator - Expose DB to outside users Percona Operator for PostgreSQL	1	985	February 2, 2022

How to add source IP filtering to the exposed LoadBalancer service

Related Topics