Public Access Clusters are provisioned on a Public Network and have a public IP address assigned to each cluster node, with access to the cluster restricted to the IP addresses/ranges specified in an IP Access List assigned to each cluster. Clusters on the same network are isolated from each other, so you can create multiple clusters on the same public network without worrying about unauthorized access from one cluster and another.
We previously discussed how to create a Public Managed Cluster in the guide. So let's get into some of the details of how to manage Public Access Networks and IP Access Lists.
Public Networks Overview
You can create a Public Network as part of the cluster creation process, or as a standalone resource. When you create a Public Network, you specify the cloud provider and region where the network will be created. It is recommended to create the network in a region that is geographically close to your location to minimize latency.
Public Networks are separate VPCs from Private Networks that require VPC peering to access Private Clusters.
Creating a Public Network
Modifying a Public Network
Once a Network resource has been created, you can only modify the name or delete the resource. First, let's see how to rename a Public Network.
Deleting a Public Network
Deleting a Public Network is done similarly to renaming a Network.
Resource Dependencies
You will not be able to delete a network until all clusters provisioned on that network have been deleted.
IP Access Lists
Public Access Clusters are protected by an IP Access List. An IP Access List is a list of IP addresses or IP address ranges specified in CIDR notation that are allowed to access the cluster.
Tips
It is common for corporate networks and VPNs to use a range of public IP addresses that outbound connections are translated to when connecting to the public internet. You should speak with your IT department or network administrator to get those IP address ranges. Not including all of the outbound IP addresses can result in intermittent connectivity issues that are otherwise difficult to diagnose.
Some key points about IP Access Lists:
- IP Access Lists are distinct resources in Kurrent Cloud and can be created, modified, and deleted independently of Public Access Clusters
- All Public Access Clusters must be assigned an IP Access List
- Public Access Clusters can be assigned a single IP Access List
- IP Access Lists can be applied to one or more Public Access Clusters
- Updating an IP Access List will apply the changes to all clusters that are assigned that IP Access List, typically within seconds
- You can change the IP Access List assigned to a cluster at any time
- You cannot delete an IP Access List that is in use by any clusters
Creating an IP Access List
Besides creating an IP Access List as part of the cluster creation process, you can also create an IP Access List as a standalone resource.
Modifying an IP Access List
When are request to change the CIDR blocks in an IP Access List, the changes are applied asynchronously to all clusters that are assigned that IP Access List. This typically happens within seconds. If there are any issues applying the changes to any cluster, Cloud engineers are alerted to investigate.