Networking in Serverless Containers
By default, the container is launched in the isolated IPv4 network with the enabled NAT gateway. For this reason, only public IPv4 addresses are available from the container.
User network
If necessary, you can specify a cloud network in container settings. In this case, it will have access to the internet and user resources in the specified network, such as databases and VMs.
A cloud network must meet the following conditions:
- Has subnets in all availability zones.
- Has at least one resource with an IP address in the specified cloud network.
Note
If the network does not meet the conditions above, the service does not guarantee its operation.
If the user specifies a network in the container settings, this will create a service subnet with addresses from the 198.19.0.0/16 range for each availability zone. Once run, the container will be assigned an IP address from the respective subnet and will have access to all network resources.
Note
You can only specify a single network for functions, containers, and API gateways that reside in the same cloud.
Networking between two containers and between containers and user resources is limited:
- Outbound connections over TCP, UDP, and ICMP are supported. For example, a container may access a Compute Cloud VM or Managed Service for YDB database in the user network.
- Inbound connections are not supported. For example, there is no way to access the application port inside a container even if you know the IP address of a container instance.
It may take longer than usual to run a new instance of the container whose settings specify the network. Regardless of the settings, any container is only invoked via a public API. Learn more about invoking a container.
To delete the network specified in the container, delete all the functions, containers, and API gateways it was set in and wait from 15 minutes to 24 hours.