Skip to main content

Managed Kubernetes - Using vRack Private Network

Stephanie R.
Updated

Learn how to integrate an OVHcloud Managed Kubernetes cluster into a vRack.

OVHcloud Managed Kubernetes provides you with Kubernetes clusters without the hassle of installing or operating them.

By default, your Kubernetes clusters will have public IPs. For some use cases, or for security reasons, you might prefer having your Kubernetes cluster inside a private network.

OVHcloud vRack is a private networking solution that enables our customers to route traffic between OVHcloud dedicated servers, as well as other OVHcloud services.

 

Requirements

 

Instructions

First of all, you will need to set up a vRack Private Network for your Public Cloud. To do so, please follow the Configuring vRack for Public Cloud guide. Once you have created a vRack and added it to a Private Network, you can continue.

Integrating a cluster into a vRack Private Network must be done at the third step on cluster creation, when you can choose an existing private network for the cluster:

manager_mks_ordering_clusterNetwork.png

Your new cluster will be created inside the vRack Private Network you have chosen.

In the Managed Kubernetes Service Dashboard, you will see the cluster, with the chosen private network in the Attached network column:

MKS_clusterList.png

 

Known limits

  • All nodes within a Kubernetes cluster with vRack Private Network activated are available with that single Private Network. (No public/private mix, single private network available).
  • To expose some workload on the Internet, you can use the External Load Balancers that are now compatible with nodes in vRack.
  • The OVHcloud Public Cloud does not support security groups on vRack.
  • You will still see a public IPv4 address on your worker nodes. This IP won’t be reachable from the Internet, and will be used exclusively for the administration of your nodes and their link to the Kubernetes control plane.
  • As explained in the Known limits guide, the following subnets are not compliant with the vRack feature and can generate some incoherent behaviors with our overlay networks:
10.2.0.0/16 # Subnet used by pods
10.3.0.0/16 # Subnet used by services
172.17.0.0/16 # Subnet used by the Docker daemon

 

Go further

For more information and tutorials, please see our other Managed Kubernetes or Platform as a Service guides. You can also explore the guides for other OVHcloud products and services.

If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for a custom analysis of your project.

Related articles