检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Therefore, the module attempts to forward the packet at Layer 3 and matches the gateway port based on the routing rule. After the gateway port receives the packet again, it forwards the packet through the IPvlan module, and this process repeats.
The Gateway API capabilities define the entry for external traffic to reach the Kubernetes cluster. You need to specify the listening port, protocol, and bound gateway address.
Clusters created using a shared VPC do not support shared load balancers and NAT gateways. Clusters created using a shared VPC do not support SFS, OBS, and SFS Turbo storage volumes.
Accessing the Internet through a NAT gateway Supported Supported Supported The following uses a CCE Turbo cluster as an example to describe how to use a NAT gateway to access the Internet.
Figure 2 Creating a virtual gateway Table 3 Virtual gateway parameters Parameter Description Name Specifies the virtual gateway name. You can enter 1 to 64 characters. Enterprise Project Centrally manages cloud resources and members by project. Attach To Select VPC.
To create a Service using NAT Gateway, you must have the NAT Gateway Administrator permission assigned. To use OBS, you must have the OBS Administrator permission globally assigned.
Configure SNAT rules through NAT Gateway. You can use NAT Gateway to enable container pods in a VPC to access the Internet.
A VPC is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and provides basic network environment for running ECSs, load balancers, and middleware.
DNAT NAT gateways provide network address translation (NAT) for cloud servers so that multiple cloud servers can share an EIP. You need to buy a public NAT gateway in advance. Container port: the port on a container on which the workload listens.
*:get None View NAT Gateway resource details. nat:*:list None List all NAT Gateway resources. sfs:*:get* None View SFS resource details. sfs:shares:ShareAction None Share SFS resources for scaling. sfsturbo:*:get* None View SFS Turbo resource details. sfsturbo:shares:ShareAction
Check whether an EIP has been bound to the ECS (node) or whether the ECS has a NAT gateway configured. Figure 1 shows that an EIP has been bound. If no EIP is displayed, bind an EIP to the ECS.
NAT Gateway NAT gateways should be purchased on the NAT Gateway console. They cannot be automatically created on the CCE console. Billed by: instance specifications For details, see Billing.
If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address.
Creating a NAT Gateway and an Elastic IP Address You have created a NAT gateway and an elastic IP address.
Gateway Administrator permissions, you can use NAT Gateway functions for clusters.
When iptables is used, kube-proxy implements NAT and load balancing in the NAT pre-routing hook. For each Service, kube-proxy installs an iptables rule which captures the traffic destined for the Service's ClusterIP and ports and redirects the traffic to one of the backend pods.
For details, see NAT Gateway Price Calculator. Install kubectl on an existing ECS and access a cluster using kubectl. For details, see Accessing a Cluster Using kubectl.
For details, see NAT Gateway Price Calculator. This add-on is being deployed. For details about the regions where this add-on is available, see the console. Installing the Add-on Log in to the CCE console and click the cluster name to access the cluster console.
Check Item 4: NAT Gateway + Port Generally, no EIP is configured for the backend server of NAT. Otherwise, exceptions such as network packet loss may occur.
Creating a Deployment Creating a StatefulSet LoadBalancer NAT Gateway The NAT Gateway service offers source network address translation (SNAT), which allows private IP addresses to be translated into public IP addresses by binding an elastic IP address (EIP) to the gateway.