1

I would like to provide a whitelisted range for connections to a MongoDB Atlas instance running on Google Cloud. VPC Peering isn't yet available on Atlas for Google Cloud - Is it possible to provide a CIDR range for external IP addresses allocated to nodes in a kubernetes cluster?

Alternatively, any tips on ensuring the source of connections are from an authorized node? (Other than SSL + username and password)

Stan Bondi
  • 123
  • 7
  • I realize this is an old question. But to people searching, it may be helpful to use the approach of creating a Google Cloud NAT to do this: https://cloud.google.com/nat/docs/gke-example#step_6_create_a_nat_configuration_using https://cloud.google.com/nat/docs/using-nat#create_nat (using the 'Specify IP addresses for NAT' approach allows creating a fixed IP that may be whitelisted on Atlas) – Dave Welling Mar 13 '19 at 15:58
  • While providing links is useful, it would be _more_ helpful to the asker if you posted a summary of the steps involved on the link you posted as external links can go dead / be removed at any time. For more tips, see [answer]. – Daniele Santi Mar 13 '19 at 17:07
  • Please do not post link-only answers to prevent link rot. Instead, add the most relevant information from the link to your answer or alternatively, post the link as a comment instead of an answer. See [this](http://serverfault.com/help/how-to-answer) help center article for further information. – Sven Mar 13 '19 at 18:00

1 Answers1

2

There is no direct way to determine which external IPs will be used by VMs (unless you have already reserved IPs) or clusters. Nevertheless there are some workarounds you could consider.

One of them is making outgoing connections from the POD via a proxy. The proxy could be an another Pod or a dedicated VM. Some other approaches are described on this discussion

Carlos
  • 1,385
  • 8
  • 15
  • Ok, makes sense, in order to not create a single point of failure we'd need to some non-trivial work. Also, increases server spend. Guess I'd have to ask MongoDB Atlas what timelines they have for supporting VPC peering on Google cloud. Thanks for the answer - I'll see what else I can find out and mark yours as the answer if things work out. – Stan Bondi Dec 07 '17 at 08:30