Private instances

Tagged in
- compute

At Exoscale each compute instance is provided with a public IP by default. At creation, public IP assignment can be controlled and offers three modes:

ipv4: The instance is assigned a Public IPv4 address
dual: The instance is assigned a Public IPv4 and a Public IPv6 address
none: No public IP attachment is done on the instance, it is a private instance

Assignment can only be promoted from ipv4 to dual, private instances remain without public IP assignments for the duration of their lifetime.

You can create a private instance from the Portal, or You can also use the CLI.

Here is an example of Private Instance creation using the CLI:

$ exo compute instance create my-private-instance --private-instance

 ✔ Creating instance "my-private-instance"... 13s
┼──────────────────────┼──────────────────────────────────────┼
│   COMPUTE INSTANCE   │                                      │
┼──────────────────────┼──────────────────────────────────────┼
│ ID                   │ 5921300e-6bae-491b-8b15-1e927aef403a │
│ Name                 │ my-private-instance                  │
│ Creation Date        │ 2023-10-02 20:12:37 +0000 UTC        │
│ Instance Type        │ standard.medium                      │
│ Template             │ Linux Ubuntu 22.04 LTS 64-bit        │
│ Zone                 │ de-fra-1                             │
│ Anti-Affinity Groups │ n/a                                  │
│ Deploy Target        │ -                                    │
│ Security Groups      │ n/a                                  │
│ Private Instance     │ Yes                                  │
│ Private Networks     │ n/a                                  │
│ Elastic IPs          │ n/a                                  │
│ IP Address           │ -                                    │
│ IPv6 Address         │ -                                    │
│ SSH Key              │ -                                    │
│ Disk Size            │ 50 GiB                               │
│ State                │ running                              │
│ Labels               │ n/a                                  │
│ Reverse DNS          │                                      │
┼──────────────────────┼──────────────────────────────────────┼

This newly created instance will not have any network. Most likely your use case involves some communication with other instances and services, and you should consider attaching a private instance to a private network.

Private instance metadata

Instance metadata is typically served over the http://169.254.169.254 address, private instances will instead see an additional read-only drive containing their metadata, compatible with the cloud-init NoCloud configuration source.

Caveats

The following caveats apply:

Windows templates are not able to read metadata from the additional drive, standard Exoscale templates will require setting the password manually from the web portal console after the first boot.
Metadata drives remain mounted and may contain credential information (for instance after a password reset request), metadata should thus be acted upon quickly