Comment on Should I keep shared or separate k8s clusters?
Tiuku@sopuli.xyz 2 months ago
Right now I’m solving this by having two separate ingress controllers in one cluster - one for private stuff only available over a vpn, and one only available over public ips.
How’s this working out? What kinda alternatives are there with a single cluster?
johntash@eviltoast.org 2 months ago
It’s mostly working fine for me.
An alternative I tried before was just whitelisting which IPs are allowed to access specific ingresses, but having the ingress listen on both public/private networks. I like having a separate ingress controller better because I know the ingress isn’t accessible at all from a public ip. It keeps the logs separated as well.
Another alternative would be an external load balancer or reverse proxy that can access your cluster. It’d act as the “public” ingress, but would need to be configured to allow specific hostnames/services through.