Networking
Last updated
Last updated
All APIs share a single API load balancer. By default, the API load balancer is public. You can configure your API load balancer to be private by setting api_load_balancer_scheme: internal
in your cluster configuration file (before creating your cluster). This will make your API only accessible through VPC Peering.
The SSL certificate on the API load balancer is autogenerated during installation using localhost
as the Common Name (CN). Therefore, clients will need to skip certificate verification when making HTTPS requests to your APIs (e.g. curl -k https://***
), or make HTTP requests instead (e.g. curl http://***
). Alternatively, you can enable HTTPS by using a custom domain or by creating an API Gateway to forward requests to your API load balancer.
There is a separate load balancer for the Cortex operator. By default, the operator load balancer is public. You can configure your operator load balancer to be private by setting operator_load_balancer_scheme: internal
in your cluster configuration file (before creating your cluster). You can use VPC Peering to enable your Cortex CLI to connect to your cluster operator from another VPC.