Step 1: Make Preparations
You need to make preparations for using UCS. For example, sign up for a HUAWEI ID, and make sure you have a valid payment method configured.
Signing Up for a HUAWEI ID
If you already have a HUAWEI ID, skip this part. If you do not have a HUAWEI ID, perform the following operations:
- Access the Huawei Cloud official website and click Sign Up in the upper right corner.
- Complete the sign-up as prompted. For details, see Signing Up and Logging In to the Management Console.
After the sign-up is complete, the system redirects you to your personal information page.
(Optional) Configuring a Valid Payment Method
You are billed for using UCS on a pay-per-use basis by default. In this billing mode, the UCS price depends on the cluster type, number of vCPUs of a cluster, and required duration. Prices are calculated by hour, and no minimum expenditure is required. For price details, see Product Pricing Details - Pay per Use.
Obtaining Resource Permissions
To support Cloud Container Engine (CCE) clusters, UCS requires the permissions for accessing CCE. When you log in to the UCS console for the first time, UCS automatically requests the permissions to better serve you.
After you agree to delegate the permissions, an agency named ucs_admin_trust will be created for UCS in Identity and Access Management (IAM). The system account op_svc_ucs will be delegated the permissions listed in Table 1 to perform operations on CCE and other cloud service resources.
|
Permission |
Description |
|---|---|
|
Tenant Guest |
A system-defined role that has read-only permissions for all cloud services (except IAM) |
|
VPC FullAccess |
A system-defined policy that has all permissions for Virtual Private Network (VPC) |
|
NAT FullAccess |
A system-defined policy that has all permissions for NAT Gateway |
|
DNS FullAccess |
A system-defined policy that has all permissions for Domain Name Service (DNS) |
|
LTS FullAccess |
A system-defined policy that has all permissions for Log Tank Service (LTS) |
|
AOM FullAccess |
A system-defined policy that has all permissions for Application Operations Management (AOM) |
|
VPCEndpoint Administrator |
A system-defined policy that has all permissions for VPC Endpoint This role must be used together with the Server Administrator, VPC Administrator, and DNS Administrator roles in the same project. |
|
CCE Administrator |
Read and write permissions for CCE clusters and all resources (including workloads and Services) in the clusters This role depends on the following permissions: Global service: OBS Buckets Viewer Region-specific projects: Tenant Guest, Server Administrator, ELB Administrator, SFS Administrator, SWR Admin, and APM FullAccess (All these must be selected in same projects.) |
|
ELB Administrator |
Full permissions for Elastic Load Balance (ELB) This role must be used together with the Tenant Guest role in the same project. |
|
OBS Administrator |
Administrator permissions for Object Storage Service (OBS). Users with this role can perform all operations on OBS resources. |
|
CTS Administrator |
Full permissions for Cloud Trace Service (CTS) Users with this role can perform read-only operations on all services except IAM. This role must be used together with the Tenant Guest and Tenant Administrator roles in the same project. |
UCS depends on other cloud services. When using UCS, do not delete or modify the ucs_admin_trust agency. If this agency is deleted or modified, UCS may fail to work normally when the permissions for accessing a cloud service are not assigned.
(Optional) Configuring a DNS Record Set
UCS relies on DNS for domain name resolution. To use a domain name to access a cluster, you need to configure a DNS record set for the domain name on the DNS console.
For details about how to configure record sets, see Routing Internet Traffic to a Website.
You need to register the domain name with a domain name registrar.
- Log in to the DNS console.
- In the navigation pane, choose Public Zones.
- (Optional) In the upper right corner, click Create Public Zone.
If you have registered a domain name with Huawei Cloud, a public zone will be automatically created. You can jump to 5.
- (Optional) Set Domain Name to your registered domain name, for example, example.com.
- Click example.com in the domain name list to access the Record Sets tab.
- Click Add Record Set and configure parameters as prompted to add an A record set for the domain name.
- Click OK.
Follow-up Operations
After the preparations are complete, you need to create a fleet for centrally managing clusters. For details, see Step 2: Create a Fleet.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
