LogoLogo
WebsiteSlack
0.36
0.36
  • Get started
  • Overview
  • Clusters
    • Management
      • Auth
      • Create
      • Update
      • Delete
      • Environments
    • Instances
      • Multi-instance
      • Spot instances
    • Observability
      • Logging
      • Metrics
      • Alerting
    • Networking
      • Load balancers
      • VPC peering
      • HTTPS
      • Custom domain
    • Advanced
      • Setting up kubectl
      • Private Docker registry
      • Self hosted images
  • Workloads
    • Realtime
      • Example
      • Configuration
      • Containers
      • Autoscaling
      • Traffic Splitter
      • Metrics
      • Statuses
      • Troubleshooting
    • Async
      • Example
      • Configuration
      • Containers
      • Statuses
    • Batch
      • Example
      • Configuration
      • Containers
      • Jobs
      • Statuses
    • Task
      • Example
      • Configuration
      • Containers
      • Jobs
      • Statuses
  • Clients
    • Install
    • Uninstall
    • CLI commands
    • Python client
Powered by GitBook
On this page
  1. Clusters
  2. Networking

Load balancers

PreviousNetworkingNextVPC peering

Last updated 3 years ago

api architecture diagram

All APIs share a single API load balancer. By default, the API load balancer is public. You can configure your API load balancer to be private by setting api_load_balancer_scheme: internal in your cluster configuration file (before creating your cluster). This will make your API only accessible through . You can enforce that incoming requests to APIs must originate from specific ip address ranges by specifying api_load_balancer_cidr_white_list: [<CIDR list>] in your cluster configuration.

The SSL certificate on the API load balancer is autogenerated during installation using localhost as the Common Name (CN). Therefore, clients will need to skip certificate verification when making HTTPS requests to your APIs (e.g. curl -k https://***), or make HTTP requests instead (e.g. curl http://***). Alternatively, you can enable HTTPS by using a or by to forward requests to your API load balancer.

There is a separate load balancer for the Cortex operator. By default, the operator load balancer is public. You can configure your operator load balancer to be private by setting operator_load_balancer_scheme: internal in your cluster configuration file (before creating your cluster). You can use to enable your Cortex CLI to connect to your cluster operator from another VPC. You can enforce that incoming requests to the Cortex operator must originate from specific ip address ranges by specifying operator_load_balancer_cidr_white_list: [<CIDR list>] in your cluster configuration.

VPC Peering
custom domain
creating an API Gateway
VPC Peering