VPC Peering Between MongoDB Atlas and Google Cloud

Introduction

When deploying a MongoDB cluster on Atlas, the only way to properly secure it is by whitelisting IP addresses allowed to access the cluster. This is quite an effective method but can pose issues in certain scenarios.

I recently deployed a Kubernetes cluster on Google Kubernetes Engine and soon realized there was no definitive IP address range for my pods, inhibitting me from securing the cluster using the Mongo Atlas whitelist. For those who don’t have any background with Kubernetes, the microservice orchestration system maintains a set of apps and services by automatically scaling, recreating, and fixing them. Each instance of an app is called a pod, and because these pods are constantly recreated, cannot have a predefined IP address.

After much searching, I found the only method to get around this (on Google Cloud and most other cloud providers) is by using a NAT (Network Address Translation) gateway. The NAT routes all outgoing traffic within a VPC (Virtual Private Cloud) network through the same IP address, allowing us to whitelist that address. I previously wrote a tutorial on how to setup this infrastructure here, which also includes a brief description of how a NAT gateway works.

Although this solution works great, I realized it was costing me $50/month just to run this NAT gateway. For small projects, this seems ridiculous. Thankfully, Atlas has a tool called Private Network Peering, which allows you to connect your MongoDB Atlas cluster to a Cloud Provider’s VPC network as if they are on the same private network. The issue was, up until a couple months ago, this was only available on AWS. Now, they have added support for Google Cloud and Azure.

Read the rest here