WarpStream Tableflow converts Kafka topics into Iceberg tables with low latency, and keeps them compacted. Learn more.
WarpStream.comSlackDiscordContact UsCreate Account

Control Plane Private Connectivity

If your WarpStream cluster is Pro tier or higher, private connectivity to the control plane can be enabled.

Private Connectivity allows WarpStream agents to communicate to the control plane over a private network which can be beneficial in situations where internet egress is limited by a firewall or proxy.

AWS

AWS Private Link is used to enable private connectivity. Please contact us for service names and private DNS endpoints required to setup private link.

By default, private link endpoints are only available in the same region as the chosen WarpStream Control Plane. To enable cross region connectivity please contact us with the specified region. Note that cross-region endpoints may include extra charges from AWS, see AWS's pricing pages for details.

To setup the private link:

  1. Go to your AWS Console, go to VPC, select endpoints, click Create Endpoint.

  2. Select the Type Endpoint services that use NLBs and GWLBs.

  3. Enter the service name ${service name} and click verify service.

  4. Select the VPC you want to create the endpoint on.

  5. Check the Enable DNS name box.

    1. Ensure that the attributes Enable DNS hostnames and Enable DNS support are enabled for your VPC. If these are not enabled, private connectivity will not work as expected.

  6. Click Create Endpoint.

  7. The endpoint will be automatically approved and it can take up to 30 minutes for the endpoint and DNS in your VPC to be fully configured.

  8. Configure your WarpStream agents to use the private link for control plane connectivity.

    1. If you are using our helm chart make sure you are using version 0.15.29 or higher. Unset config.region and instead set config.metadataURL to https://{$private DNS} and deploy. Your agents are now configured to use the private endpoint. To verify you should see the private DNS endpoint in your agent logs.

    2. If you are deploying agents some other way set the environment variable WARPSTREAM_METADATA_URL or flag -metadataURL to https://{$private DNS}.

GCP

Please contact us for information on how to setup private connectivity in GCP.

Azure

Please contact us for information on how to setup private connectivity in Azure.

PreviousDedicated Control Plane Cells and Release WindowsNextDeprecation Policy

Last updated

Was this helpful?