Accessing the Public Network from a Container

You can use to enable containers in a VPC to access the public network. NAT Gateway provides source network address translation (SNAT), which translates private IP addresses to an EIP, providing secure and efficient access to the public network. Figure 1 shows the SNAT architecture. SNAT makes it unnecessary to bind an EIP to each pod in a VPC. SNAT supports a large number of concurrent connections, so it is a good fit for applications involving a large number of requests and connections.

Figure 1 SNAT

To enable pods to access the public network, take the following steps:

1. an EIP.
   1. Log in to the EIP console.
   2. On the EIPs page, click EIP.
   3. Configure the parameters.

   

2. a NAT gateway.
   1. Log in to the NAT Gateway console.
   2. Click .
   3. Configure the parameters.
      

      Select the VPC and subnet you have configured for the namespace where the pods are located.

      

3. Configure an SNAT rule and bind the EIP to the subnet.
   1. Click the name of the NAT gateway for which you want to add the SNAT rule.
   2. On the SNAT Rules tab, click Add SNAT Rule.
   3. Configure the parameters.
   

   Select the subnet you have configured for the namespace where the pods are located.

   

   After the SNAT rule is configured, containers can access the public network.