When I creating a DB cluster I need to be able to specify the type of connection (internal/external) I need for the particular DB Cluster, so that access to the cluster is controlled
? "Step2": Connection select/checkbox to let user set it external or internal
- The user is able to specify the type of the connection during the cluster creation process
- User is getting the type of connection he/she requested
- When looking at the list of Clusters user is able to see is this externally available or internal only DB cluster
- The default value for EKS/
GKSbased clusters should be "internal"
- DbaaS usage documentation updated with an explanation about internal/external connections and differences with them
Out of scope:
- other operations
- other than specifying it during the creation and view on the list
- GKS is not yet supported/tested
How to test:
As a user creating a database and my Kubernetes orchestrator is one of the public cloud providers (EKS/GKS/etc), my database should not become world-public automatically but instead remain private by default or issue a public load balancer IP only if I request it. This could cause severe harm to my business if in inadvertently open up a system for world access with a weak account causing me to incur heavy processing/consumption costs.
Therefor if I'm a entirely on private infrastructure (including my K8s layer) I would have the option to make my DBaaS instance private to K8s (no external load-balanced IP) or public to my network. But if I'm found to be using public cloud for K8s, I would expect an additional option to make it public to the world but that option would be off by default.