检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The Gateway API capabilities define the entry for external traffic to reach the Kubernetes cluster. You need to specify the listening port, protocol, and bound gateway address.
Clusters created using a shared VPC do not support shared load balancers and NAT gateways. Clusters created using a shared VPC do not support SFS, OBS, and SFS Turbo storage volumes.
Accessing the Internet through a NAT gateway Supported Supported Supported The following uses a CCE Turbo cluster as an example to describe how to use a NAT gateway to access the Internet. The NAT gateway allows pods in a VPC to access the Internet through SNAT.
To create a Service using NAT Gateway, you must have the NAT Gateway Administrator permission assigned. To use OBS, you must have the OBS Administrator permission globally assigned.
If Dex is deployed in another cluster, you need to create a public NAT gateway for the VPC where the cluster resides and the subnet where the nodes reside to allow kube-apiserver to access the Internet. For details, see Buying a Public NAT Gateway.
Figure 2 Buying an EIP Create a NAT gateway. For details, see Using a Public NAT Gateway to Enable Servers to Share One or More EIPs to Access the Internet. Click in the upper left corner and choose Networking > NAT Gateway in the expanded list.
A VPC is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and provides basic network environment for running ECSs, load balancers, and middleware.
DNAT NAT gateways provide network address translation (NAT) for cloud servers so that multiple cloud servers can share an EIP. You need to buy a public NAT gateway in advance. Container port: the port on a container on which the workload listens.
*:get None View NAT Gateway resource details. nat:*:list None List all NAT Gateway resources. sfs:*:get* None View SFS resource details. sfs:shares:ShareAction None Share SFS resources for scaling. sfsturbo:*:get* None View SFS Turbo resource details. sfsturbo:shares:ShareAction
Check whether an EIP has been bound to the ECS (node) or whether the ECS has a NAT gateway configured. Figure 1 shows that an EIP has been bound. If no EIP is displayed, bind an EIP to the ECS.
NAT Gateway NAT gateways should be purchased on the NAT Gateway console. They cannot be automatically created on the CCE console. Billed by: instance specifications For details, see Billing.
If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address.
Preparations: Creating a NAT Gateway and an EIP You have purchased a NAT gateway and an EIP. The specific procedure is as follows: Log in to the management console, choose Networking > NAT Gateway from the service list, and click Buy Public NAT Gateway in the upper right corner.
Gateway Administrator permissions, you can use NAT Gateway functions for clusters.
When iptables is used, kube-proxy implements NAT and load balancing in the NAT pre-routing hook. For each Service, kube-proxy installs an iptables rule which captures the traffic destined for the Service's ClusterIP and ports and redirects the traffic to one of the backend pods.
For details, see NAT Gateway Price Calculator. Install kubectl on an existing ECS and access the cluster using kubectl. For details, see Accessing a Cluster Using kubectl.
For details, see NAT Gateway Price Calculator. This add-on is being deployed. To view the regions where this add-on is available, see the console. This add-on is in the OBT phase. You can experience the latest add-on features.
Check Item 4: NAT Gateway + Port Generally, no EIP is configured for the backend server of NAT. Otherwise, exceptions such as network packet loss may occur.
Creating a Deployment Creating a StatefulSet LoadBalancer NAT Gateway The NAT Gateway service offers source network address translation (SNAT), which allows private IP addresses to be translated into public IP addresses by binding an elastic IP address (EIP) to the gateway.
NAT gateways are billed. For details, see NAT Gateway Billing. For details about EIP billing, see EIP Billing Composition. Headless Service For headless Services, no cluster IP address is allocated.
