Network Connectivity

The CloudCasa agent connects out to the CloudCasa service at the endpoint, and all control traffic travels on this connection.

If your cluster is running in a private network and has no access to the public Internet, it will not be able to connect to the above endpoint. However, CloudCasa supports connectivity via AWS PrivateLink. So if your cluster is running in an AWS VPC, you will be able to use AWS PrivateLink to set up a private connection to the CloudCasa service. If you are interested in making use of this feature, contact CloudCasa support.

If your cluster is running in other cloud providers such as Azure or GCP, it may still be possible to set up a private connection. Contact CloudCasa support for further details.

Note PrivateLink connections to CloudCasa are only available with paid service plans.

The following topology diagram illustrates the principal services and network connections used by the CloudCasa agent. Firewalls must be configured to allow the necessary connections.


The agent initiates and maintains a control connection to CloudCasa at this address.


This is only used to fetch the agent YAML file for use by kubectl when initially installing the agent. Alternate installation methods are available. Contact CloudCasa Support for more information.


For backups and restores, the agent must be able to open a connection to whatever object storage it is configured to use. This can be local or remote.