Since 15.11.2022 no new Security Zones can be created.
From the first of March 2023, we will completely deactivate the Security Zones.
What you have to do if you still use Security Zones, you can find out here.
Requirements
As of the first of March 2023, PaaS services can only connect to private networks that have a DHCP range within the 10.0.0.0/8 and 192.168.0.0/16 subnets. Here are examples of a valid DHCP range for a private network.
10.x.y.0/24
192.168.x.0/24
The values for x and y are decimal values (from 0 to 254), which you can choose freely.
Three concrete use cases
Depending on which of the following three use cases applies, you must proceed differently.
1. existing Security Zone, but no service connected
This is the simplest scenario imaginable. In this case you simply delete the existing Security Zone yourself or it will be deleted automatically on 01.03.2023.
2. existing Security Zones connected to a PaaS
You have a PaaS, for example gridFS or a database (gridSQL) connected to a Security Zone? In this case, the existing service must be changed to a private network.
Create a private network for it.
It is best to make the changeover during a downtime that you specify – there will be a short network interruption during this time.
You should use the downtime to reconfigure your application.
If the existing service is connected to a Security Zone, it must be changed to a private network. For new, unused networks, the platform service receives the first IP address in the specified range (for example, 10.0.0.1).
- Create a private network or use an existing network (in both cases the range must be either 10.x.y.0/24 or 192.168.x.0/24).
- Navigate to the Platform Service and in the Network Configuration section, replace the existing security zone connection with your chosen private network.
- After the provisioning is complete – while the platform service is unavailable for a few seconds – you will see the new IPv4 address of the service in the Connection Details section or in the details view of the private network itself.
3. security zone connected to Kubernetes as a sidecar (proxy VM), which connects the Platform service to a Kubernetes cluster at our site.
Another possible scenario is that a server, as a sidecar, is located between your Security Zone and your Kubernetes cluster.
In this case, the Kubernetes cluster already has a private network. The sidecar is then no longer needed.
Just swap the connected network on the platform service you want to use. You will then receive the next free IPv4 address. Note that after changing the network, the service is no longer reachable via the old IPv6 address.
The service is then only accessible again after the deployment is complete. After that, you just need to define the service that replaces the sidecar to connect Kubernetes to a PaaS. If you need more information about this, feel free to check out the documentation below.