How to configure networks for a cluster#
All members of a cluster must have identical networks defined.
The only configuration keys that may differ between networks on different members are
See Member configuration for more information.
Creating additional networks is a two-step process:
Define and configure the new network across all cluster members. For example, for a cluster that has three members:
lxc network create --target server1 my-network lxc network create --target server2 my-network lxc network create --target server3 my-network
You can pass only the member-specific configuration keys
bgp.ipv6.nexthop. Passing other configuration keys results in an error.
These commands define the network, but they don’t create it. If you run
lxc network list, you can see that the network is marked as “pending”.
Run the following command to instantiate the network on all cluster members:
lxc network create my-network
You can add configuration keys that are not member-specific to this command.
If you missed a cluster member when defining the network, or if a cluster member is down, you get an error.
Also see Create a network in a cluster.
Separate REST API and clustering networks#
You can configure different networks for the REST API endpoint of your clients and for internal traffic between the members of your cluster. This separation can be useful, for example, to use a virtual address for your REST API, with DNS round robin.
To do so, you must specify different addresses for
cluster.https_address (the address for internal cluster traffic) and
core.https_address (the address for the REST API):
Create your cluster as usual, and make sure to use the address that you want to use for internal cluster traffic as the cluster address. This address is set as the
After joining your members, set the
core.https_addressconfiguration to the address for the REST API. For example:
lxc config set core.https_address 0.0.0.0:8443
core.https_addressis specific to the cluster member, so you can use different addresses on different members. You can also use a wildcard address to make the member listen on multiple interfaces.