Help Center/ Cloud Container Engine/ Best Practices/ Cluster/ Creating a CCE Turbo Cluster Using a Shared VPC
Updated on 2024-05-31 GMT+08:00
View PDF
Share

Creating a CCE Turbo Cluster Using a Shared VPC

Shared VPC Overview

A shared VPC allows you to share your VPC resources with other accounts through the Resource Access Manager (RAM) service. For example, tenant A can share its VPC and subnets with tenant B. After tenant B accepted the sharing, tenant B can view the shared subnets and the shared VPC to which the shared subnets belong. Tenant B can use the shared subnets and VPC to create resources, such as CCE Turbo clusters. For details, see VPC Sharing Overview.

Application Scenarios

An enterprise organizes accounts in an orderly and centralized manner based on its organization structure or service form. Resources are managed in a unified manner and shared with other members to avoid repeated configurations. Unified security and O&M management makes it easy to configure and audit security policies.

For example, an enterprise IT account, the resource owner, creates a VPC and subnets and shares multiple subnets with other accounts.

  • Account A is an enterprise service account and uses the shared subnet 1 to create resources.
  • Account B is an enterprise service account and uses the shared subnet 2 to create resources.

Constraints

  • Only CCE Turbo clusters support shared VPCs.
  • Clusters created using a shared VPC do not support shared load balancers and NAT gateways.
  • Clusters created using a shared VPC do not support SFS, OBS, and SFS Turbo storage volumes.
  • If a CCE Turbo cluster has been created using a shared VPC, the owner of the shared VPC should not turn off the VPC sharing. Otherwise, the CCE Turbo cluster will malfunction.

Procedure

After account A shares a VPC with account B, account B can select the shared VPC and shared subnets when creating a CCE Turbo cluster.

  1. (For account A) Use RAM to create a shared VPC and specify account B as the resource user. For details, see Creating a Resource Share.

    After the resource sharing is created, RAM sends an invitation to account B. Account B can access and use the shared resources only after accepting the invitation.

  2. (For account B) Log in to the CCE console and create a CCE Turbo cluster.

    Select the VPC shared by account A when configuring network for the cluster. For details about other configurations, see Buying a CCE Cluster.

    Figure 1 Selecting a shared VPC

Parent Topic: Cluster