检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Clusters created using a shared VPC do not support shared load balancers and NAT gateways. Clusters created using a shared VPC do not support SFS, OBS, and SFS Turbo storage volumes.
To create a Service using NAT Gateway, you must have the NAT Gateway Administrator permission assigned. To use OBS, you must have the OBS Administrator permission globally assigned.
If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address.
DNAT NAT gateways provide network address translation (NAT) for cloud servers so that multiple cloud servers can share an EIP. You need to buy a public NAT gateway in advance. Container port: the port on a container on which the workload listens.
NAT Gateway NAT gateways should be purchased on the NAT Gateway console. They cannot be automatically created on the CCE console. Billed by: instance specifications For details, see Billing.
Check whether an EIP has been bound to the ECS (node) or whether the ECS has a NAT gateway configured. Figure 1 shows that an EIP has been bound. If no EIP is displayed, bind an EIP to the ECS.
*:get None View NAT Gateway resource details. nat:*:list None List all NAT Gateway resources. sfs:*:get* None View SFS resource details. sfs:shares:ShareAction None Share SFS resources for scaling. sfsturbo:*:get* None View SFS Turbo resource details. sfsturbo:shares:ShareAction
For details, see NAT Gateway Price Calculator. This add-on is being deployed. For details about the regions where this add-on is available, see the console. Installing the Add-on Log in to the CCE console and click the cluster name to access the cluster console.
Check Item 4: NAT Gateway + Port Generally, no EIP is configured for the backend server of NAT. Otherwise, exceptions such as network packet loss may occur.
Figure 3 Buying an EIP Buy a NAT gateway. For details, see Buy a Public NAT Gateway. Click in the upper left corner and choose Networking > NAT Gateway. On the displayed page, click Buy Public NAT Gateway. Configure parameters as prompted.
Configure SNAT rules through NAT Gateway. You can use NAT Gateway to enable container pods in a VPC to access the Internet.
Creating a NAT Gateway and an Elastic IP Address You have created a NAT gateway and an elastic IP address.
High performance requirements: Cloud Native Network 2.0 uses VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate.
High performance requirements: Cloud Native Network 2.0 uses VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate.
Creating a Deployment Creating a StatefulSet LoadBalancer NAT Gateway The NAT Gateway service offers source network address translation (SNAT), which allows private IP addresses to be translated into public IP addresses by binding an elastic IP address (EIP) to the gateway.
Accessing a public network: Assign an EIP to the node where the workload runs (when a VPC network or tunnel network is used), bind an EIP to the pod IP address (when Cloud Native Network 2.0 is used), or configure SNAT rules through the NAT gateway.
In containers, enabling this parameter can prevent the bandwidth of TCP connections that have been translated using NAT from being limited.
Gateway Administrator permissions, you can use NAT Gateway functions for clusters.
If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address.
When iptables is used, kube-proxy implements NAT and load balancing in the NAT pre-routing hook. For each Service, kube-proxy installs an iptables rule which captures the traffic destined for the Service's ClusterIP and ports and redirects the traffic to one of the backend pods.
