Hi Sebastian,
Yes to keep the communication internal between your Cluster and the DB you will need to use Private Link. Just to clarify this two concepts are highly couple, Azure Private Link is the broad service that enables secure and private connectivity to Azure services. The Private Endpoint is a component of Private Link that provides the actual connection to the service from your virtual network.
So here an example of mechanism that you can use to keep your communication internal:
- Private Link(Private Endpoint): Connects your AKS cluster and PostgreSQL server within your VNet.
- VNet Integration: Deploys your PostgreSQL server into your VNet.
- AAD Pod Identity: Uses the cluster’s managed identity as the password for the PostgreSQL connection.
- If your DB is “Public Access”, you can switch to “Private Access” in the Azure portal.
Some additional references:
- https://video2.skills-academy.com/en-us/azure/postgresql/flexible-server/concepts-networking-private-link
- https://video2.skills-academy.com/en-us/azure/postgresql/flexible-server/concepts-networking-private
- https://video2.skills-academy.com/en-us/azure/postgresql/flexible-server/concepts-networking-public
- https://video2.skills-academy.com/en-us/troubleshoot/azure/azure-kubernetes/troubleshoot-connection-pods-services-same-cluster
- https://video2.skills-academy.com/en-us/azure/postgresql/flexible-server/quickstart-create-server-portal
- https://techcommunity.microsoft.com/t5/azure-database-for-postgresql/dns-configuration-patterns-for-azure-database-for-postgresql/ba-p/2560287
If the information helped address your question, please Accept the answer.
Luis