Private Instances

At Exoscale each compute instance is provided with a public IP by default. At creation, public IP assignment can be controlled and offers three modes:

  • ipv4: The instance is assigned a Public IPv4 address
  • dual: The instance is assigned a Public IPv4 and a Public IPv6 address
  • none: No public IP attachment is done on the instance, it is a private instance

Instances initially assigned with an IPv4 address can be promoted to dual-stack (IPv4 and IPv6), but private instances remain without public IP assignments for their entire lifetime. Similarly, public instances cannot be converted to private, ensuring their public IP assignment persists throughout their lifecycle.

You can create a private instance from the Portal, or You can also use the CLI.

Here is an example of Private Instance creation using the CLI:

$ exo compute instance create my-private-instance --private-instance

 ✔ Creating instance "my-private-instance"... 13s
┼──────────────────────┼──────────────────────────────────────┼
│   COMPUTE INSTANCE   │                                      │
┼──────────────────────┼──────────────────────────────────────┼
│ ID                   │ 5921300e-6bae-491b-8b15-1e927aef403a │
│ Name                 │ my-private-instance                  │
│ Creation Date        │ 2023-10-02 20:12:37 +0000 UTC        │
│ Instance Type        │ standard.medium                      │
│ Template             │ Linux Ubuntu 22.04 LTS 64-bit        │
│ Zone                 │ de-fra-1                             │
│ Anti-Affinity Groups │ n/a                                  │
│ Deploy Target        │ -                                    │
│ Security Groups      │ n/a                                  │
│ Private Instance     │ Yes                                  │
│ Private Networks     │ n/a                                  │
│ Elastic IPs          │ n/a                                  │
│ IP Address           │ -                                    │
│ IPv6 Address         │ -                                    │
│ SSH Key              │ -                                    │
│ Disk Size            │ 50 GiB                               │
│ State                │ running                              │
│ Labels               │ n/a                                  │
│ Reverse DNS          │                                      │
┼──────────────────────┼──────────────────────────────────────┼

This newly created instance will not have any network. Most likely your use case involves some communication with other instances and services, and you should consider attaching a private instance to a private network.

Private instance metadata

Instance metadata is typically served over the http://169.254.169.254 address, private instances will instead see an additional read-only drive containing their metadata, compatible with the cloud-init NoCloud configuration source.

Caveats

The following caveats apply:

  • Windows templates are not able to read metadata from the additional drive, standard Exoscale templates will require setting the password manually from the web portal console after the first boot.
  • Metadata drives remain mounted and may contain credential information (for instance after a password reset request), metadata should thus be acted upon quickly