Updated on 2024-11-12 GMT+08:00

Preparing for Installation (Private Network Access)

You need to prepare for installation only when you connect an on-premises cluster to UCS over a private network. If you select Public access, you can directly perform operations in Installation and Verification.

Before installing an on-premises cluster, you need to create a VPC, connect the VPC to the on-premises network, create a VPC endpoint, and configure the VPC endpoint on the DNS server in the VPC.

Deploying the Network Environment

Create a VPC in the region where UCS provides services to install the VPC endpoint, and ensure that the VPC can communicate with your on-premises network.

.

The subnet CIDR block of the VPC cannot overlap with the subnet CIDR block of your on-premises data center. If the CIDR blocks overlap, the cluster cannot be connected to UCS. For example, if the subnet of an on-premises data center is 192.168.1.0/24, the subnet of the Huawei Cloud VPC cannot be 192.168.1.0/24.

Connect the on-premises network to the cloud network.

Buying a VPC Endpoint

  1. Log in to the UCS console and click Click to connect in the card view of the cluster. In the window that slides out from the right, select Private access.
  2. Click to record the service name.

    Figure 1 Creating a VPC endpoint

  3. Log in to the VPC Endpoint console and click Buy VPC Endpoint to create VPC endpoints for different services.
  4. Select the region that the VPC endpoint belongs to, click Find a service by name, enter the service name recorded in 2, and click Verify to create the endpoint for UCS.

    Figure 2 Searching for a service by name

  5. Create VPC endpoints for DNS, SWR, and OBS.
  6. Select the VPC and subnet created in Deploying the Network Environment.
  7. Select Automatically assign IP address or Manually specify IP address for assigning the private IP address of the VPC endpoint.
  8. Click Next, confirm the specifications, and click Submit.
  9. Configure the created VPC endpoint on the DNS server. Click the name of the created VPC endpoint and record the IP address so that the Huawei Cloud DNS forwarder can be added to the DNS server in the on-premises data center.

Configuring a DNS Server

  1. Add DNS records on the DNS server in your on-premises data center to forward requests for resolving the private domain name of Huawei Cloud to the DNS VPC endpoint. Take DNS Bind as an example. In /etc/named.conf, add the DNS forwarder configuration and set forwarders to the IP address of the VPC endpoint for accessing DNS.

    In the following example, {xx.xx.xx.xx} represents the IP address of the VPC endpoint for accessing DNS.
    options {
            forward only;
            forwarders{ xx.xx.xx.xx;};
    };

  2. Configure static DNS resolution and add the IP addresses of SWR and CIE instances. Take CN North-Beijing4 as an example. If dnsmasq is used, add the following two settings to /etc/dnsmasq.conf.

    In the first static resolution, xx.xx.xx.xx represents the IP address of the VPC endpoint for accessing SWR. Replace region with the URL of the region that the service belongs to.

    address=/swr.region.myhuaweicloud.com/xx.xx.xx.xx

    In the second static resolution, xx.xx.xx.xx represents the IP address mapping the domain name and is generated after cluster monitoring is enabled. Replace region with the URL of the region that the service belongs to.

    address=/cia-{First eight digits in the VPC ID}{First eight digits in the subnet ID}.region.myhuaweicloud.com/xx.xx.xx

    Example: address=/cia-9992be3cf3eace24.cn-north-4.myhuaweicloud.com/172.16.0.81

  3. Generate a domain name.

    SWR: address=/swr.cn-north-4.myhuaweicloud.com/{SWR VPC endpoint}

    CIA: Obtain the domain name. The following figure shows the selected VPC (vpc-cce as an example) and subnet.

    Figure 3 First eight digits in the VPC ID
    Figure 4 First eight digits in the subnet ID

    The final domain name is cia-e52a5d7e02a86357.cn-north-4.myhuaweicloud.com.