Skip to main content

Service Connections

A ServiceConnection creates an encrypted, authenticated tunnel between a source and a destination service. It allows applications running in NKE clusters or Deploio to reach On-Demand Services over a private network instead of the public internet.

Sources

The following sources are supported:

Destinations

The following destinations are supported:

The destination must be in the same project as the service connection.

Create a Service Connection

Service Connections are not yet available in Cockpit. Please use nctl for now.

Connect to a Service over a Service Connection

After configuring a service connection, you can connect to the destination using the private FQDN of the service:

Service Connections are not yet available in Cockpit. Please use nctl for now.

Restrict Access

When using a NKE Kubernetes Cluster (kubernetescluster) as a source, you can restrict access to specific pods or namespaces:

Restrict Access by Pod

By default, all pods in the source cluster can use the connection. To restrict access to specific pods, provide a label selector:

Service Connections are not yet available in Cockpit. Please use nctl for now.

Restrict Access by Namespace

To limit which namespaces the connection is available in, provide a namespace label selector:

In the Create Service Connection form, enter a label selector in the Namespace Selector field, for example: kubernetes.io/metadata.name=production

When both selectors are set, only pods matching the pod selector within namespaces matching the namespace selector can use the connection.

Service Connections for Deploio Applications

If you use Deploio, Nine can create and manage service connections automatically when you configure service references.