Documentation
Start typing to search…

Private and Air-Gapped Cluster

Overview

Bunnyshell integrates directly with your Kubernetes clusters to provision and manage ephemeral, preview, and production environments.
When using private clusters (e.g., clusters behind firewalls, restricted endpoints, or air-gapped environments with no internet connectivity), additional configuration is required to ensure that Bunnyshell can successfully communicate with the cluster.

Kube API Access

Bunnyshell must be able to reach the Kubernetes API Server of your cluster in order to:

  • Deploy and manage environments
  • Monitor health and status updates
  • Apply manifests, Helm charts, or operators

Without API access, Bunnyshell cannot create, monitor, or destroy environments.

Clusters must be configured to either expose this API securely or allow access by whitelisting Bunnyshell IPs.

Required Access & Permissions

Access and permissions must be configured according to your cluster provider and identity system. This typically involves:

  • A service account or user with appropriate Kubernetes RBAC roles (e.g., namespace management, deployments, services, ingress access)
  • Valid authentication credentials (kubeconfig, tokens, or certificates) that Bunnyshell can use
  • Any provider-specific identity or IAM integration (e.g., AWS IAM, GCP IAM, Azure AD)

We recommend following your provider’s best practices for securely granting external access to the Kubernetes API.

IP Whitelisting

For clusters with restricted access, you must whitelist Bunnyshell’s IP ranges so the platform can reach the Kubernetes API server.

See the official documentation for the current list of IP ranges:
Whitelisting Bunnyshell IPs

⚠️

Always confirm the current IP ranges in the official documentation before applying them.

Summary

To enable Bunnyshell on private or air-gapped clusters:

  1. Ensure Bunnyshell can reach the Kubernetes API Server.
  2. Configure the required RBAC roles and provider-specific access controls.
  3. Whitelist the Bunnyshell IP ranges listed in the official documentation.

With these steps in place, Bunnyshell can securely manage environments on clusters that are firewalled, restricted, or without public internet connectivity.

Updated about 21 hours ago