Configure IP Access
This page describes how to configure the ip_allowlist
setting in the Hydrolix configuration. This setting controls access to network services running on Hydrolix.
Each new Hydrolix cluster blocks inbound network access by default.
The ip_allowlist
limits access to all services, such as the Query Interfaces and HTTP Stream API.
Example Hydrolix spec fragments
The operator software reconfigures the traefik
reverse proxy when the ip_allowlist
changes.
Public cluster
To allow access from any address, use the IPv4 default route 0.0.0.0/0
in the ip_allowlist
field of your Hydrolix configuration.
apiVersion: hydrolix.io/v1
kind: HydrolixCluster
metadata:
name: hydrolix
namespace: hydrolix
spec:
admin_email: [email protected]
db_bucket_url: gs://hydrolix-demo
env: {}
hydrolix_url: https://demo.hydrolix.net
ip_allowlist:
- 0.0.0.0/0
kubernetes_namespace: hydrolix
overcommit: false
scale: {}
scale_profile: minimal
Limited access cluster
To constrain access to a specific set of IPv4 addresses or network prefixes, list them in the ip_allowlist
field of your Hydrolix configuration.
apiVersion: hydrolix.io/v1
kind: HydrolixCluster
metadata:
name: hydrolix
namespace: hydrolix
spec:
admin_email: [email protected]
basic_auth:
- version
db_bucket_url: gs://hydrolix-demo
env: {}
hydrolix_url: https://demo.hydrolix.net
ip_allowlist:
- 23.235.32.0/20
- 43.249.72.0/22
- 103.244.50.0/24
kubernetes_namespace: hydrolix
overcommit: false
scale: {}
scale_profile: minimal
Updated 9 days ago