Skip to main content

Configure network access to the Kafka cluster

Last update:

By default, in clusters with a public subnet, connectivity is allowed for all IP addresses as long as a login and password are provided.

Connections to the cluster on the private subnet are allowed from the cluster subnet and from those subnets that are connected to the cluster subnet by the cloud router.

You can define a list of allowed IP addresses from which access to the cloud database cluster will be allowed.

Security groups can also be used to restrict access to the cloud database cluster.

Any changes to network access settings are the responsibility of the customer.

Define the list of allowed IP addresses

When restoring a cluster from a backup, the list of allowed IP addresses will not be saved — the allowed IP addresses for the new cluster will have to be re-entered.

  1. In the Dashboard, on the top menu, click Products and select Cloud Databases.
  2. Open the Active tab.
  3. Open the Database Cluster page → Settings tab.
  4. In the Network Access Control block, click the Allowed Addresses and CIDRs of Subnets field.
  5. At the bottom of the drop-down list, enter the CIDR of the subnet or IP address from which access to the cluster should be allowed. Only IPv4 addressing is supported.
  6. Click .
  7. Repeat steps 5 and 6 for all allowed IP addresses.
  8. Click Save. All IP addresses other than those specified in the Allowed list will be denied connection.

Security groups in a cloud database cluster

A security group in a cloud database cluster is a set of rules for filtering incoming and outgoing cluster traffic.For security groups to work, port security must be enabled on the network.

If filtering is enabled on a network, a default security group is assigned to  all ports on that network that allows all traffic through the ports.You can assign a different security group when creating a cluster or in an existing cluster.

In addition to the security groups you select when you create the cluster, a service security group is automatically assigned to the cloud database cluster network ports. This group keeps the cluster running and cannot be changed or deleted. The service group appears only in the OpenStack CLI and Terraform.

Learn more about security groups in the Security Groups section.

Assign a security group to an existing cluster

carefully

Once a group is assigned, any active sessions that do not conform to the group rules will be terminated.

  1. Make sure that port security is enabled on the cluster network. To do this, in the Control Panel, in the top menu, click ProductsCloud ServersNetworkPrivate Networks or Public Networks tab . The network with filtering enabled is marked with a .

    If filtering is disabled, to use security groups, create a new cluster in a new subnet or in a subnet with traffic filtering enabled.

  2. In the Dashboard, on the top menu, click Products and select Cloud Databases.

  3. Open the Active tab.

  4. Open the Database Cluster page → Settings tab.

  5. In the Security block, click Edit.

  6. Check the security group to assign to all ports on the cluster network.

  7. Click .