Managed Service for Redis network and DB clusters
When creating a cluster, you can:
- Set the network for the cluster itself.
- Set the subnets for each host in the cluster.
You can create a cluster without specifying any subnets for the hosts, if the availability zone selected for each host contains exactly one subnet of the cluster network.
Network access to a Managed Service for Redis cluster
You can only connect to a Redis cluster from a Yandex.Cloud VM instance that's in the same network as the cluster. You cannot get a public IP address for a host in this type of cluster.
Hostname and FQDN
Managed Service for Redis generates a name for each cluster host during creation. This name will be the host's fully qualified domain name (FQDN). The hostname and, consequently, the FQDN cannot be changed.
You can use the FQDN to access the host within a single cloud network.
Security groups follow the principle "All traffic that is not allowed is prohibited". Therefore, security group rules for a cluster's cloud network might prevent connections to the cluster if one or more groups are assigned to it.
Let's say that a VM in Yandex.Cloud is used to access the cluster. In this case, if only the 10.133.0.0/24 subnet is specified in the incoming traffic rules for the security group, but the VM is in the 10.128.0.0/16 subnet, the VM won't be able to connect to the cluster. A VM also won't be able to connect from the 10.133.0.0/24 subnet if it tries to access a port not specified in the security group rules.
When connecting to a cluster from within its cloud network, be sure to configure security groups both for the cluster and the connecting host.
Specifics of working with security groups:
Security group settings only affect the capacity to connect to the cluster. They don't affect cluster features, such as replication, sharding, and backups.
Even if the cluster and the connecting host are in the same security group, the connection won't be possible unless rules that allow traffic between the host and cluster are set up in this group.
However, by default, those rules are contained in the security group that is added automatically when creating a cloud network. Those are the
Selfrules that allow unlimited traffic within a group.
For more information, see the Virtual Private Cloud documentation.