We are trying to expose foundationdb as a service to the public internet.
As I understand foundationdb clients should have cluster file which contains IP and port of coordinators. My question is, does client communicate only with IP addresses in cluster file ?
More information on client and server communication is appreciated
Yes, there’s some work being done to also allow DNS names, but for now only IP addresses work.
This seems risky to me. Instead you might want to consider putting some proxy in front. Currently, the only security-measure FDB provides is mTLS, but it is not meant to be a publicly available service. For example, we don’t protect properly against DDoS attacks (and with mTLS these kind of attacks would be trivial to execute against FDB. Depending on what you are trying to do, mTLS would also not be a practical authentication mechanism.
I think the question was rather which IP addresses must be exposed and not what “format” e.g. IP addresses or DNS is supported. Basically you can assume that the client has to talk to all processes in the cluster (with the exception of log processes). This doc has some good illustrations and descriptions how the read/write path looks like: FDB Read and Write Path — FoundationDB 7.1