Help Center/ Ubiquitous Cloud Native Service/ Best Practices/ Service Meshes/ Connecting Clusters to UCS Service Meshes/ Connecting Clusters Across Regions
Updated on 2025-07-02 GMT+08:00
View PDF
Share

Connecting Clusters Across Regions

CIDR Block Constraints

  • The VPC CIDR blocks of clusters in the two regions cannot conflict with each other.
  • The container CIDR blocks of clusters in the two regions cannot conflict with each other.
  • The CCE Container Network (Yangtse) add-on adds routes to the route table. To prevent network disconnections caused by route conflicts, the VPC CIDR block of each cluster cannot conflict with the container CIDR blocks of other clusters.

Procedure

  1. Log in to Global Network Console and choose Cloud Connect > Cloud Connections. In the upper right corner, click Create Cloud Connection.
  2. In the displayed dialog box, configure parameters and click OK.

  3. In the displayed dialog box, click Load Network Instance. On the displayed page, choose Network Instance > Load Network Instance. In the displayed dialog box, select the corresponding region and VPC, expand Other CIDR Block, and enter the container CIDR block of the cluster in the corresponding region.

  4. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, view the network information and obtain the container CIDR block.

  5. The VPCs of all clusters that need to be connected must be loaded to the cloud connection. To check whether VPC access takes effect, take the following steps:

    Log in to Network Console and choose Virtual Private Cloud > Route Tables. On the displayed page, click the VPC name. On the displayed page, check whether there are two routes that are added by the cloud connection.

  6. Click the cloud connection created in 2. Bind the bandwidth package to the created cloud connection.
  7. Click the cloud connection created in 2. On the displayed page, choose Inter-Region Bandwidths > Assign Inter-Region Bandwidth to assign bandwidths by usage.
  8. On Network Console, choose Access Control > Security Groups. On the displayed page, click the security group name {Cluster name}-cce-node-xxx to access the details page.

    For a CCE standard cluster, the security group name is {Cluster name}-cce-node-xxx. For a CCE Turbo cluster, the security group names are {Cluster name}-cce-node-xxx and {Cluster name}-cce-eni-xxx.

  9. On the Inbound Rules tab, click Add Rule. In the displayed dialog box, specify Protocol & Port, set Source to IP address, enter the CIDR block of the VPC and the container CIDR block of the cluster in the other region, and click OK. The cluster in the other region will be allowed to connect to the control plane istiod and kube-apiserver.
  10. Check the added security group rules.