Configure IP Access

This page describes how to configure the ip_allowlist setting in the Hydrolix configuration. This setting controls access to network services running on Hydrolix.

Each new Hydrolix cluster blocks inbound network access by default.

The ip_allowlist limits access to all services, such as the Query Interfaces and HTTP Stream API.

Example Hydrolix spec fragments

The operator software reconfigures the traefik reverse proxy when the ip_allowlist changes.

Public cluster

To allow access from any address, use the IPv4 default route 0.0.0.0/0 in the ip_allowlist field of your Hydrolix configuration.

apiVersion: hydrolix.io/v1
kind: HydrolixCluster
metadata:
  name: hydrolix
  namespace: hydrolix
spec:
  admin_email: [email protected]
  db_bucket_url: gs://hydrolix-demo
  env: {}
  hydrolix_url: https://demo.hydrolix.net
  ip_allowlist:
  - 0.0.0.0/0
  kubernetes_namespace: hydrolix
  overcommit: false
  scale: {}
  scale_profile: minimal

Limited access cluster

To constrain access to a specific set of IPv4 addresses or network prefixes, list them in the ip_allowlist field of your Hydrolix configuration.

apiVersion: hydrolix.io/v1
kind: HydrolixCluster
metadata:
  name: hydrolix
  namespace: hydrolix
spec:
  admin_email: [email protected]
  basic_auth:
  - version
  db_bucket_url: gs://hydrolix-demo
  env: {}
  hydrolix_url: https://demo.hydrolix.net
  ip_allowlist:
  - 23.235.32.0/20
  - 43.249.72.0/22
  - 103.244.50.0/24
  kubernetes_namespace: hydrolix
  overcommit: false
  scale: {}
  scale_profile: minimal