How to add source IP filtering to the exposed LoadBalancer service

In the Percona Operator for MySQL Based on Percona XtraDB Cluster there is a configuration called loadBalancerSourceRanges which allows to filter based on origin IP at the load balancer level.

Is there an equivalent way to do it with the Percona Operator for PostgreSQL?

Unfortunately I can’t filter it in the Postgres level because the source IP’s are being SNAT’ed by my load balancer.

I also thought about using Proxy Protocol to reveal the true source IP, which my load balancer supports, but it doesn’t seem that pgBouncer can understand it.

Any other workarounds for source IP filtering in this scenario?



One simple solution is to patch the Service resource created by the CRD with a server side apply. However it would still be more convenient if there was a native way to do it with the operator itself so any thoughts are greatly appreciated.

Hi @gmautner, We do not support loadBalancerSourceRanges option for PG operator v2 for now. We have a task about it [K8SPG-311] Add option to customize load balancer source ranges - Percona JIRA. We will try to include it in the next PG v2 release.