Skip to main content
When you enable public IP addresses for nodes in a node group, the IP addresses are dynamically assigned from the general pool of public IP addresses managed by Nebius AI Cloud. The assigned addresses may change when nodes are recreated or updated. If you need a fixed set of public IP addresses—for example, to configure firewall rules, define an allowlist, register DNS records or integrate external systems—create a subnet with a dedicated public IP address range. While individual node IP addresses may still change, they will always be selected from the range defined in this subnet.

Prerequisites

  1. Install and configure the Nebius AI Cloud CLI.
  2. Make sure you are in a group that has at least the editor role within your tenant; for example, the default editors group. You can check this in the Administration → IAM section of the web console.
  3. Make sure that you have enough quota on IP addresses to support your node group deployment strategy. You can check the quota on the Administration → Limits → Quotas page of the web console. By default, node groups use the update strategy with .spec.strategy.max_surge: 1. Reserve at least one more public IP address than the total number of nodes in the group. Otherwise, updates or upgrades stop when trying to create a new node.

How to create a fixed set of IP addresses

To create a fixed set of public IP addresses for a node group, create a subnet with dedicated public IP address pool and configure the node group to use this subnet:
  1. Create a subnet with public IP address CIDRs: 
    nebius vpc subnet create \
  --name <subnet_name> \
  --network-id <network_ID> \
  --ipv4-public-pools-use-network-pools=false \
  --ipv4-public-pools-pools='[
  {
    "cidrs": [
      {"cidr": "/32"},
      {"cidr": "/32"},
      {"cidr": "/32"}
    ]
  }]'
    Specify the following parameters:
    • name: Name of the subnet with a dedicated IP addresses set.
    • network-id: Network ID.
    • ipv4-public-pools-pools.cidrs: One or more IPv4 CIDR blocks. The number of these blocks define how many public IP addresses the subnet has. The nodes in the node group receive these addresses randomly. In the example, three CIDR blocks are defined, each with one public IP address.
    In the output, copy the metadata.id value — this is the subnet ID.
  2. Create a node group with the --template-network-interfaces parameter. Specify the new subnet ID in it: 
    nebius mk8s node-group create \
  ... \
  --template-network-interfaces "[{\"public_ip_address\": {}, \"subnet_id\": \"<subnet_ID>\"}]"
    This configuration assigns random public IP addresses from the CIDR blocks defined in the subnet.
Now, the nodes in the node group get public IP addresses from the dedicated set. This enables you to predefine a fixed range of IP addresses for use in an allowlist or for DNS mapping, even if individual IP addresses are reassigned across nodes.