Skip to content

Commit

Permalink
Cloud docs improvements
Browse files Browse the repository at this point in the history
* Add security notes
* Clarify horizontal scaling
* Document how to delete clusters
  • Loading branch information
bashofmann committed Dec 20, 2024
1 parent 9cc3f19 commit 6e14b9b
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ After that, you can configure, or change the amount of Qdrant database nodes wit

Important: The number of shards means the maximum amount of nodes you can add to your cluster. In the beginning, all the shards can reside on one node. With the growing amount of data you can add nodes to your cluster and move shards to the dedicated nodes using the [cluster setup API](/documentation/guides/distributed_deployment/#cluster-scaling).

Note, that it is currently not possible to horizontally scale down the cluster in the Qdrant Cloud UI. If you require a horizontal scale down, please open a support ticket.
When scaling down horizontally, the cloud platform will automatically ensure that any shards that are present on the nodes to be deleted, are moved to the remaining nodes.

We will be glad to consult you on an optimal strategy for scaling.

Expand Down
4 changes: 4 additions & 0 deletions qdrant-landing/content/documentation/cloud/create-cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,10 @@ Once provisioned, you can access your cluster on ports 443 and 6333 (REST) and 6

You should now see the new cluster in the **Clusters** menu.

## Deleting a cluster

You can delete a Qdrant database cluster from the cluster's detail page.

## Next steps

You will need to connect to your new Qdrant Cloud cluster. Follow [**Authentication**](/documentation/cloud/authentication/) to create one or more API keys.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ When creating or editing a cluster, you can configure how the database Pods get

### Authentication to your Qdrant clusters

<aside role="alert">By default, clusters in Hybrid Cloud are only exposed through a Kubernetes ClusterIP Service inside of the Kubernetes network and not accessible to the outside, and no API key is configured. If you choose to expose the database internally or externally, you must configure an API key.</aside>

In Hybrid Cloud the authentication information is provided by Kubernetes secrets.

You can configure authentication for your Qdrant clusters in the "Configuration" section of the Qdrant Cluster detail page. There you can configure the Kubernetes secret name and key to be used as an API key and/or read-only API key.
Expand Down Expand Up @@ -136,6 +138,8 @@ Please refer to the Kubernetes, ingress controller and cloud provider documentat

If you expose the database like this, you will be able to see this also reflected as an endpoint on the cluster detail page. And will see the Qdrant database dashboard link pointing to it.

<aside role="alert">Internal communication channels are <strong>never</strong> protected by an API key nor bearer tokens. Internal gRPC uses port 6335. You must ensure that this port is not publicly reachable and can only be used for node communication. By default, Qdrant Hybrid Cloud deployes a strict NetworkPolicy to only allow communication on port 6335 between Qdrant Cluster nodes.</aside>

### Configuring TLS

If you want to configure TLS for accessing your Qdrant database in Hybrid Cloud, there are two options:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,13 @@ Examples:
* [Azure AKS Public LoadBalancer annotations](https://learn.microsoft.com/en-us/azure/aks/load-balancer-standard)
* [Azure AKS Internal LoadBalancer annotations](https://learn.microsoft.com/en-us/azure/aks/internal-lb)
* [GCP GKE LoadBalancer annotations](https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer-parameters)
*
<aside role="alert">Internal communication channels are <strong>never</strong> protected by an API key nor bearer tokens. Internal gRPC uses port 6335. You must ensure that this port is not publicly reachable and can only be used for node communication. By default, Qdrant Private Cloud deployes a strict NetworkPolicy to only allow communication on port 6335 between Qdrant Cluster nodes.</aside>

## Authentication and Authorization

<aside role="alert">By default, clusters in Hybrid Cloud are only exposed through a Kubernetes ClusterIP Service inside of the Kubernetes network and not accessible to the outside, and no API key is configured. If you choose to expose the database internally or externally, you must configure an API key.</aside>

Authentication information is provided by Kubernetes secrets.

One way to create a secret is with kubectl:
Expand Down

0 comments on commit 6e14b9b

Please sign in to comment.