Virtual Private Clouds (VPCs) allow for the creation of private, isolated networks, enabling servers within the same VPC to communicate securely and efficiently. This feature facilitates improved network organization, security, and performance.
In this release, we introduced the concept of public ports and VPC ports for servers, marking a significant enhancement in server network configuration capabilities. This new model allows for:
- Public ports: These are designed for external communications, providing a gateway between the server and the wider internet. By managing these ports directly, users can apply firewall configurations specifically tailored for incoming external traffic, enhancing security and control. Each server is configured with one public port.
- VPC ports: These ports facilitate internal communications within a VPC. They allow servers within the same VPC to communicate efficiently without exposure to external networks. Servers can have multiple VPC ports, enabling them to participate in various VPCs.
Overview
- Introduced comprehensive API endpoints for VPC management, including creation, deletion, and configuration updates.
- Enhanced server network configurations with public and VPC ports, allowing direct firewall configurations on individual ports.
- Maintained backwards compatibility with previous configurations.
New Endpoints
VPC Management
- GET /vpcs: Returns a paginated list of VPC, including server attachments.
- GET /vpcs/{id}: Provides details of a specific VPC, including server attachments.
- POST /vpcs: Allows for the creation of a new VPC.
- PATCH /vpcs/{id}: Enables updating the configuration of a specific VPC.
- DELETE /vpcs/{id}: Deletes a specified VPC.
- POST /vpcs/{id}/setDefault: Sets a VPC as the default for the infrastructure, aiding in the transition from deprecated endpoints related to private networks.
VPC Port Management
- POST /servers/{id}/vpc: Connects a server to a specified VPC by assigning a VPC port.
- PATCH /servers/{id}/vpc-ports/{portId}: Configures the firewall profiles for VPC ports.
- PATCH /servers/{id}/public-ports/{portId}: Configures the firewall profiles for public ports.
- DELETE /servers/{id}/vpc-ports/{portId}: Removes the server's connection to a VPC.
Individual Server Detail Changes
-
Endpoint: GET /servers/{id}
- Public ports array: This endpoint now includes a publicPorts array, detailing each port's IP address and associated firewalls.
- Vpc ports array: Similarly, a vpcPorts array has been introduced, providing information on VPC-associated ports with their IP address and their respective firewall configurations.
- Deprecation of public and private IPs: The publicIps and privateIp properties are deprecated. In their place, values derived from the publicPort and vpcPorts are provided.
- Deprecation of firewalls property: The standalone firewalls property is deprecated and will no longer be populated, reflecting a shift towards direct firewall configurations on individual ports.
Server List Changes
-
Endpoint: GET /servers
- Inclusion of public ports and VPC ports arrays: Enhancing the server list view, both publicPorts and vpcPorts arrays are now included for each server.
- Deprecation and backward-compatible value provisioning: Similar to the individual server detail view, publicIps and privateIp properties are deprecated. However, backward-compatible values derived from the new port configurations are provided, ensuring a seamless transition to the new system.
Server Creation Changes
-
Endpoint: POST /servers
Deprecated Parameters:
- enablePrivateNetwork: This parameter was previously utilized to indicate the activation of a private network for the server being created.
- firewallId: Used for specifying a firewall profile to be applied to the server upon its creation.
Introduced Parameters:
- publicPortFirewallIds: Introduces the ability to specify firewall profiles for public ports directly, enabling enhanced security through direct firewall configurations.
- vpcs array: This new parameter allows for the direct assignment of VPC to a server, offering granular control over the server's network configuration.
Backward Compatibility and Transition:
To ensure a smooth migration to the new server creation methodology, backward compatibility measures have been implemented for the deprecated parameters:
- enablePrivateNetwork backward compatibility: While this parameter is deprecated, setting it to true will automatically associate the server with the default VPC. In instances where a VPC does not exist, the creation of a new VPC will be triggered, which will then be designated as the default VPC. The creation of a new VPC, when no default is available, incurs additional costs. This approach retains the functionality of enabling a private network for the server, aligning with the new VPC-based configuration method.
- firewallId backward compatibility: Utilizing the deprecated firewallId parameter now results in the association of the specified firewall profile with both the server's public port and VPC port. This adaptation ensures that firewall configurations are uniformly applied across the server's network interfaces, maintaining security protocols while transitioning to the new configuration strategy.
Firewall Endpoint Updates
-
Endpoint: GET /firewalls/{id}
- Enhancement: This endpoint now includes publicPorts and vpcPorts within the attachments array of the response body. This improvement offers a comprehensive view of the firewall's association with both public and VPC-specific server ports.
-
Endpoint: GET /firewalls
- Enhancement: Similar to the single firewall endpoint, this list view has been updated to include publicPorts and vpcPorts in the attachments array for each listed firewall.
Deprecated Endpoints and Their Successors
As part of the VPC Manager update, we have deprecated several endpoints to streamline server network configuration and management processes. Below is a detailed overview of these changes, including backward compatibility measures to ensure a smooth transition to the new system.
Deprecated Endpoints
-
Deprecated: POST /servers/{id}/enable-private-network
- Successor: POST /servers/{id}/vpc
- Backward compatibility: Invoking the deprecated endpoint now automatically associates the server with the default VPC, maintaining the intended effect of enabling a private network. In instances where a VPC does not exist, the creation of a new VPC will be triggered, which will then be designated as the default VPC. The creation of a new VPC, when no default is available, incurs additional costs.
-
Deprecated: POST /servers/{id}/disable-private-network
- Successor: DELETE /servers/{id}/vpc/{portId}
- Backward compatibility: Using this deprecated endpoint now results in the removal of all VPC from the server, effectively disabling its private network.
-
Deprecated: POST /servers/{id}/firewall/{firewallId}/attach
- Successors: PATCH /servers/{id}/vpc/{portId} and PATCH /servers/{id}/public-ports/{portId}
- Backward compatibility: Previously, this endpoint attached the specified firewall to all ports on the server. With its deprecation, the system now allows for more granular firewall configurations directly on individual ports.
-
Deprecated: POST /servers/{id}/firewall/{firewallId}/detach
- Successors: PATCH /servers/{id}/vpc/{portId} and PATCH /servers/{id}/public-ports/{portId}
- Backward compatibility: Similar to the attach endpoint, using this deprecated function now detaches the specified firewall from all server ports. The new method provides enhanced control over firewall configurations on a per-port basis.