CockroachDB features

This section provides an overview of available CockroachDB features.

Three-node high availability clusters

CockroachDB can scale and offer high availability (HA), so all instances on the ObjectRocket service run in at least three-node clusters.

Additionally, failed and problematic nodes are automatically replaced by a Kubernetes-based platform to ensure that your cluster is always available.

CockroachDB admin user interface

CockroachDB has an admin UI that displays key metrics and the status of your CockroachDB cluster. Access to this UI is available to all CockroachDB users.

IP whitelisting

ObjectRocket blocks all external access to the cluster by default. To connect, you must specify the IP addresses and IP ranges that you want to access the cluster. You can specify your IP addresses and IP ranges during instance creation or via the access control lists (ACLs) API endpoints.

User authentication

When you create a new cluster on the ObjectRocket service, you also need to create users to connect to the database. These users can log in with a password or client certificate.

These users have an administrator-like role that can perform all the functions of CockroachDB, except create databases. Use the ObjectRocket API to create and manage databases.

Certificate authentication

CockroachDB provides a secure way of authenticating users with a database through the use of certificate signing requests (CSRs). Certificate authentication (CA) lets users securely connect to an instance with CSRs. Certificate authentication also enables multiple machines to connect to an instance securely. Review the official CockroachDB documentation for more information about how authentication works in CockroachDB.

To set up CA:

  1. Log in to Mission Control.

  2. Select a CockroachDB instance.

  3. Create a new user or select an existing user.

  4. Follow step 3 in the certificate instructions section of the ObjectRocket API to generate a CSR.

  5. Return to the selected instance in Mission Control.

  6. Select View more details.

  7. Select the Connect tab.

  8. Select the shield icon in the upper-right corner.

  9. Copy and paste the contents from the .csr into the field next to the username.

  10. Select Confirm and Generate.

To remove a user with CA from an instance:

  1. Log in to Mission Control.

  2. Select the CockroachDB instance.

  3. Select View more details.

  4. Select the Connect tab.

  5. Select the rotate icon in the upper-right. This creates a secondary Certificate Authority.

  6. Follow step 3 on the certificate instructions section of the ObjectRocket API to generate a CSR that doesn’t include the common name for the user you want to remove.

  7. Return to the selected instance in Mission Control.

  8. Copy and paste the contents from the .csr into the field next to the username.

  9. Select Confirm and Generate.

  10. Delete the old primary CA after adding all the necessary users to the secondary CA.

Multiregion clusters

The ObjectRocket platform automates the ability of CockroachDB to replicate across regions and choose which data resides in each region. Clusters in different regions can be different sizes, plans, or flavors. However, you can only have one instance per provider and region combination. You must set whitelist IPs for each region and instance. Queries to any region can access data in any other region, but there is a performance penalty for data accessed across regions.

To create a multiregion cluster, follow these steps:

  1. Create an instance in one of your target regions.

  2. Add a region via the instance list or instance details page.

  3. Add more regions as needed.

For more information about how multiregion clusters work, see the official CockroachDB documentation.