When creating clusters for teams, Kore will create networks and assign network ranges. This can be controlled and enhanced in order to provide private clusters, managed network ranges, and peering between networks within a single cloud provider.
If you intend to peer your clusters to each other, or to existing networks (either in cloud or not), you must configure network ranges for Kore to allocate such that the IP address ranges used by each cluster do not clash with each other.
See Configuring IP address range assignments for full instructions on how to manage this.
By default managed clusters in Kore use a public (i.e. internet-facing) network to provide access to the authentication proxy (the method by which your users will access their cluster) and to team applications exposed via public load balancers. You can define IP ranges which are allowed to access the authentication proxy via the cluster plan, so if that is the only restriction required it is supported without using a private cluster.
However, if you require a further level of privacy by removing all external entry points, certain additional configuration steps are required before allowing teams to provision clusters.
Private clusters are currently supported only on AWS EKS clusters where Kore itself is also running in an AWS EKS cluster.
Support for private clusters on other cloud providers will become available in later releases.
In order to create private clusters, you must:
- Configure IP address range assignments
- Configure automatic peering of Kore's management network into the cluster's network for the cloud provider in use:
- Provide access to your users to the private network - this depends on your organization's network topology and would typically involve creating a VPN or direct connection from your network to the cloud provider's network.
Once these steps are complete clusters can be built as private by enabling the 'Private Cluster' option in the plan or cluster settings.