Help Center> Software Repository for Container> Best Practices> Configuring Access Network> Public Network Access
Updated on 2024-06-19 GMT+08:00
View PDF

Public Network Access

Scenarios

If your container engine client is a CCE or ECS node and is in the different region from the image repository, you can push or pull an image using a public network and the client needs to be bound to an EIP. For public network access, there are two scenarios.

Public Network Access for Single ECS

If an ECS needs to access a public network, you can bind it to an EIP. Huawei Cloud provides multiple billing modes (such as pay-per-use and pay-per-traffic). You can select one as required and flexibly unbind an unnecessary EIP.

Figure 1 Network topology
  1. Log in to the management console.
  2. Click at the upper left corner and select the desired region and project.
  3. Click and choose Computing > Elastic Cloud Server.
  4. In the ECS list, select the ECS to which an EIP is to be bound, and choose More > Manage Network > Bind EIP in the Operation column.
  5. Select an EIP and click OK.

    Figure 2 Binding an EIP

  6. After the ECS is bound to the EIP, you can view the bound EIP in the ECS list.

    If no EIP is available in the current region, the EIP list is empty. In this case, purchase an EIP and bind it again.

Public Network Access for Multiple ECSs

If all ECSs in your VPC need to access a public network, you can use NAT Gateway and configure SNAT rules by subnet to easily build a public network egress for the VPC. If no SNAT rule is configured, external users cannot directly access the public network IP address of the NAT gateway through a public network, which makes ECS more secure compared with public network access through an EIP.

Figure 3 Network topology
  1. Bind the ECS to an EIP. For details, see Public Network Access for Single ECS.
  2. Create a NAT gateway. For details, see Buying a Public NAT Gateway

    a. Log in to the management console.

    b. Click at the upper left corner and select the desired region and project.

    c. Click at the upper left corner, and choose Networking > NAT Gateway.

    d. On the displayed page, click Buy Public NAT Gateway.

    e. Configure parameters as prompted.

  3. Configure SNAT rules and bind EIPs to subnets. For details, see Adding an SNAT Rule.

    a. Log in to the management console.

    b. Click at the upper left corner and select the desired region and project.

    c. Click at the upper left corner, and choose Networking > NAT Gateway.

    d. On the displayed page, click the name of the NAT gateway that you want to add an SNAT rule for.

    e. On the SNAT Rules tab, click Add SNAT Rule.

    f. Configure parameters as prompted.

    Figure 4 Adding an SNAT rule

If you access OBS by configuring the local /etc/hosts file, add the domain names of the OBS bucket clusters that store container images to this file. Otherwise, the images may fail to be pulled. You can submit a service ticket to obtain information about SWR's OBS bucket clusters in different regions.