Help Center/
Cloud Container Engine/
FAQs/
Networking/
Network Configuration/
How Does CCE Communicate with Other Huawei Cloud Services over an Intranet?
Updated on 2024-09-04 GMT+08:00
How Does CCE Communicate with Other Huawei Cloud Services over an Intranet?
Common Huawei Cloud services that communicate with CCE over the intranet include RDS, DMS, Kafka, RabbitMQ, VPN, and ModelArts. The following two scenarios are involved:
- In the same VPC network, CCE nodes can communicate with all services. When CCE nodes communicate with other services, check whether the security group rule in the inbound direction of the container CIDR block is enabled on the peer end. (This restriction applies only to CCE clusters that use the VPC network model.)
- If CCE nodes and other services are in different VPCs, you can use a peering connection or VPN to connect two VPCs. Note that the two VPC CIDR blocks cannot overlap with the container CIDR block. In addition, you need to configure a return route for the peer VPC or private network. (This restriction applies only to CCE clusters that use the VPC network model.) For details, see VPC Peering Connection.
- This logic works for all Huawei Cloud services.
- Clusters using the container tunnel network support internal communication of services with no additional configuration required.
- Pay attention to the following points when configuring a cluster using the VPC network:
- The source IP address displayed on the peer end is the container IP address.
- Custom routing rules added on CCE enable containers to communicate with each other on nodes in a VPC.
- When a CCE container accesses other services, check whether the inbound security group rule or firewall of the container CIDR block is configured on the peer end (destination end). For details, see Security Group Configuration Examples.
- If a VPN or VPC peering connection is used to enable communication between private networks, you need to configure a VPC peering connection route that points to the container CIDR block on the path and destination.
- Clusters using Cloud Native 2.0 networks need to allow traffic from the container security groups based on service requirements. The default container security group is named in the format of {Cluster name}-cce-eni-{Random ID}. For details, see Security Group Rules of a CCE Turbo Cluster Using the Cloud Native 2.0 Network.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot