How would you describe the priority of this documentation request
High
Describe the future/missing documentation
Gap: There's no guidance on how to reach instances in a VPC, or connect VPCs, while preserving tenant isolation. Notably, VPC peering (the vpc-peering REST API) and Network Security Groups are existing features but are essentially undocumented (NSGs get only a one-line mention; peering isn't covered at all).
Raised by: SpectroCloud (YTL) — "when a second VPC is created, access to instances is lost (expected isolation); what are the recommended patterns for jump-host access, NSGs, and maintaining access while preserving isolation?"
Docs needed:
- State plainly that NICo provides no built-in ingress (no NAT, public IP, gateway, or bastion); reaching a VPC means bringing your own edge.
- Recommended pattern: a per-tenant edge VPC running a VPN/SSH bastion, peered (intra-tenant) to the customer's workload VPCs; the external public-IP/VPN mapping to that edge is provider-fabric.
- Document the VPC peering API (
POST /v2/org/{org}/nico/vpc-peering) and its RBAC.
- Document the NSG model and usage (direction, protocol, ports, priority, per-VPC vs per-instance).
Code of Conduct
How would you describe the priority of this documentation request
High
Describe the future/missing documentation
Gap: There's no guidance on how to reach instances in a VPC, or connect VPCs, while preserving tenant isolation. Notably, VPC peering (the
vpc-peeringREST API) and Network Security Groups are existing features but are essentially undocumented (NSGs get only a one-line mention; peering isn't covered at all).Raised by: SpectroCloud (YTL) — "when a second VPC is created, access to instances is lost (expected isolation); what are the recommended patterns for jump-host access, NSGs, and maintaining access while preserving isolation?"
Docs needed:
POST /v2/org/{org}/nico/vpc-peering) and its RBAC.Code of Conduct