Sign inTry Free

Connect with Private Services and Networks

On this page

You can connect from a SingleStore Helios workspace to private services and networks. Private services/networks simplify networking and connectivity by allowing users to connect directly from a virtual/private network to SingleStore through VPC/private endpoints.

Use the SingleStore Private Connections feature to configure a private connection to AWS PrivateLink. Setting up a connection to Azure Private Link and Google Private Service Connect involves actions from both your and SingleStore's end. You may need to share the details related to your workspace and Azure/Google account with SingleStore support. To make the setup process seamless, acquire the required information before reaching out to SingleStore support. The list of information required is specified in the configuration process for the respective private service/network.

To successfully set up a private connection, you need to configure both the outbound and inbound connections. Additionally, SingleStore can only process the connection request when your workspace is in the Active state. If you need separate reader and writer endpoints for each workspace, specify this in the support ticket while configuring Azure/Google private service/networks. SingleStore recommends using a single endpoint as SingleStore internally manages (reader/writer) query forwarding to this endpoint.

SingleStore recommends having hands-on experience on using private services and networks. For more information, refer to the relevant documentation:

Note

When using a third-party SQL client or development tool, you must first add a database user to log into a SingleStore Helios database.

SingleStore Private Connections

SingleStore Private Connections (SPC) allows you set up and configure connections to private services and networks through the Cloud Portal. This feature is only supported for SingleStore Helios workspaces deployed using AWS, and it only supports connections to AWS PrivateLink. For more information, refer to SingleStore Private Connections.

Configure Private Connections

Configure both the outbound and inbound connections to connect to any of the following private services/networks:

AWS PrivateLink

Azure Private Link

You can connect multiple private links to a single workspace. Refer to ExpressRoute for more information.

Google Private Service Connect

If you have more than one subnet/zone you want to connect via Private Service Connect to your workspace, you should select each of them while configuring the load balancer backend. For more information, refer to Configure the load balancer.

FAQs

  • Once a private connection is set up, for example AWS PrivateLink, does the data to be ingested have to go through AWS PrivateLink?

    No, this is simply a separate endpoint.

  • While using Kubernetes with Google Private Service Connect, suppose that each node pool creates 3 instance groups, 1 per zone. Should you select every group available in the backend step of the create a load balancer step?

    Yes, if you have more than a single subnet/zone and you want to connect via Google Private Service Connect to your workspace, you should select every available group.

  • Can I connect directly to the DDL and DML endpoints of a workspace via a private link (service/network)?

    No, you need a private service endpoint to connect to the DDL and DML endpoints of a workspace via a private link. You cannot directly access the DDL and DML endpoints of a workspace from private services and networks.

In this section

Last modified: May 17, 2024

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK