Connecting Clusters in the Same Region

Take two clusters in region1 as an example. The service mesh control plane is also in region1. The two clusters are in different VPCs. To use the service mesh, you need to use a VPC peering connection to connect the two VPCs.

CIDR Block Constraints

The VPC CIDR blocks of the two clusters cannot conflict with each other.
The container CIDR blocks of the two clusters cannot conflict with each other.
The CCE Container Network (Yangtse) add-on adds routes to the route table. To prevent network disconnections caused by route conflicts, the VPC CIDR block of each cluster cannot conflict with the container CIDR blocks of other clusters.

Procedure

Log in to Network Console and choose Virtual Private Cloud > VPC Peering Connections. In the upper right corner, click Create VPC Peering Connection.
Select the two VPCs to be connected, configure other parameters, and click Create Now.
In the displayed dialog box, click Add Now and add routes to the route table as prompted.
Click Add Route. In the displayed dialog box, set Destination to the CIDR block of the peer VPC and click OK. Perform the same operations on the route table of the peer VPC.
On Network Console, choose Access Control > Security Groups. On the displayed page, click the security group name {Cluster name}-cce-node-xxx to access the details page.

For a CCE standard cluster, the security group name is {Cluster name}-cce-node-xxx. For a CCE Turbo cluster, the security group names are {Cluster name}-cce-node-xxx and {Cluster name}-cce-eni-xxx.
On the Inbound Rules tab, click Add Rule. In the displayed dialog box, specify Protocol & Port, set Source to IP address, enter the CIDR block of the peer VPC and the container CIDR block of the peer cluster, and click OK. Requests from the peer VPC or the container CIDR block of the peer cluster will be allowed. (Perform the same operations on the security group of the peer VPC.)
Check the added security group rules.