Scaleway Private Network
Deploys a Scaleway Private Network inside an existing VPC, with optional IPv4/IPv6 subnet configuration and default route propagation. The Private Network serves as the primary attachment point for Kapsule clusters, RDB instances, Redis clusters, Load Balancers, and other Scaleway resources that require private connectivity.
What Gets Created
When you deploy a ScalewayPrivateNetwork resource, OpenMCF provisions:
- Private Network — a
network.PrivateNetworkresource attached to the specified VPC, with built-in DHCP and IPAM-managed addressing - IPv4 Subnet — either the user-specified CIDR or an auto-allocated subnet from Scaleway's IPAM service
- IPv6 Subnets — created only when
ipv6Subnetsentries are provided - Scaleway Tags — resource kind, name, organization, and environment labels applied as flat
key=valuetags
Prerequisites
- Scaleway credentials configured via environment variables or OpenMCF provider config
- An existing VPC in the target region — either a literal VPC UUID or an OpenMCF-managed ScalewayVpc resource whose output can be referenced via
valueFrom
Quick Start
Create a file private-network.yaml:
apiVersion: scaleway.openmcf.org/v1
kind: ScalewayPrivateNetwork
metadata:
name: my-network
labels:
openmcf.org/provisioner: pulumi
pulumi.openmcf.org/organization: my-org
pulumi.openmcf.org/project: my-project
pulumi.openmcf.org/stack.name: dev.ScalewayPrivateNetwork.my-network
spec:
vpcId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
region: fr-par
Deploy:
openmcf apply -f private-network.yaml
This creates a Private Network in the fr-par region with an IPAM-auto-allocated IPv4 subnet. The allocated CIDR is available in stack outputs as ipv4_subnet_cidr.
Configuration Reference
Required Fields
| Field | Type | Description | Validation |
|---|---|---|---|
vpcId | StringValueOrRef | UUID of the VPC in which to create this Private Network. Can be a literal UUID or a valueFrom reference to a ScalewayVpc resource's status.outputs.vpc_id. The Private Network's region must match the VPC's region. | Required |
region | string | Scaleway region for the Private Network (e.g., "fr-par", "nl-ams", "pl-waw"). Cannot be changed after creation. | Required |
Optional Fields
| Field | Type | Default | Description |
|---|---|---|---|
ipv4Subnet | string | Auto-allocated by IPAM | IPv4 subnet in CIDR notation (e.g., "192.168.0.0/24", "10.0.1.0/24"). When multiple Private Networks share a VPC, specify non-overlapping ranges to ensure correct routing. |
ipv6Subnets | string[] | [] | IPv6 subnets in CIDR notation (e.g., "fd46:78ab:30b8:177c::/64"). Multiple entries are supported for dual-stack networking. |
enableDefaultRoutePropagation | bool | false | When true, resources in this Private Network receive the VPC's default routes, enabling communication with resources in other Private Networks within the same VPC. |
Examples
Minimal Private Network with Auto-Allocated Subnet
A Private Network with no explicit subnet — Scaleway's IPAM assigns one automatically:
apiVersion: scaleway.openmcf.org/v1
kind: ScalewayPrivateNetwork
metadata:
name: dev-network
labels:
openmcf.org/provisioner: pulumi
pulumi.openmcf.org/organization: my-org
pulumi.openmcf.org/project: my-project
pulumi.openmcf.org/stack.name: dev.ScalewayPrivateNetwork.dev-network
spec:
vpcId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
region: fr-par
Private Network with Explicit IPv4 Subnet and Route Propagation
A Private Network with a controlled address range and cross-network routing enabled:
apiVersion: scaleway.openmcf.org/v1
kind: ScalewayPrivateNetwork
metadata:
name: app-network
labels:
openmcf.org/provisioner: pulumi
pulumi.openmcf.org/organization: my-org
pulumi.openmcf.org/project: my-project
pulumi.openmcf.org/stack.name: prod.ScalewayPrivateNetwork.app-network
spec:
vpcId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
region: fr-par
ipv4Subnet: "10.0.1.0/24"
enableDefaultRoutePropagation: true
Dual-Stack Network with VPC Reference
A Private Network referencing an OpenMCF-managed VPC, with both IPv4 and IPv6 subnets:
apiVersion: scaleway.openmcf.org/v1
kind: ScalewayPrivateNetwork
metadata:
name: dual-stack-network
labels:
openmcf.org/provisioner: pulumi
pulumi.openmcf.org/organization: my-org
pulumi.openmcf.org/project: my-project
pulumi.openmcf.org/stack.name: prod.ScalewayPrivateNetwork.dual-stack-network
spec:
vpcId:
valueFrom:
kind: ScalewayVpc
name: main-vpc
fieldPath: status.outputs.vpc_id
region: nl-ams
ipv4Subnet: "172.16.0.0/22"
ipv6Subnets:
- "fd46:78ab:30b8:177c::/64"
enableDefaultRoutePropagation: true
Stack Outputs
After deployment, the following outputs are available in status.outputs:
| Output | Type | Description |
|---|---|---|
private_network_id | string | UUID of the created Private Network. This is the primary cross-resource reference consumed by downstream components (Kapsule clusters, RDB instances, Redis clusters, Load Balancers, etc.) via valueFrom. |
ipv4_subnet_cidr | string | IPv4 CIDR of the subnet associated with this Private Network. Reflects the requested ipv4Subnet if specified, or the CIDR auto-allocated by Scaleway's IPAM service. |
Related Components
- ScalewayVpc — the parent VPC that contains this Private Network
- ScalewayKapsuleCluster — attaches Kubernetes clusters to this Private Network for private pod-to-service communication
- ScalewayRdbInstance — attaches managed database instances to this Private Network for private database connectivity
- ScalewayRedisCluster — attaches Redis clusters to this Private Network
- ScalewayInstanceSecurityGroup — controls network access for compute instances within this Private Network
Next article
Scaleway Public Gateway
Scaleway Public Gateway Deploys a Scaleway Public Gateway with a dedicated Flexible IP, GatewayNetwork attachment, and optional PAT (port forwarding) rules. Provides NAT masquerade for outbound internet access, SSH bastion for secure private resource access, and port-level ingress routing -- all as a single declarative resource. What Gets Created When you deploy a ScalewayPublicGateway resource, OpenMCF provisions: Flexible IP — a network.PublicGatewayIp resource providing a dedicated public...