Preparing for Installation (Private Network Access)

You need to prepare for installation only when you connect an on-premises cluster to UCS over a private network. If you select Public access, you can directly perform operations in Installation and Verification.

Before installing an on-premises cluster, you need to create a VPC, connect the VPC to the on-premises network, create a VPC endpoint, and configure the VPC endpoint on the DNS server in the VPC.

Deploying the Network Environment

Create a VPC in the region where UCS provides services to install the VPC endpoint, and ensure that the VPC can communicate with your on-premises network.

For details about how to create a VPC, see Creating a VPC. Currently, only AP-Singapore is supported.

The subnet CIDR block of the VPC cannot overlap with the subnet CIDR block of your on-premises data center. If the CIDR blocks overlap, the cluster cannot be connected to UCS. For example, if the subnet of an on-premises data center is 192.168.1.0/24, the subnet of the Huawei Cloud VPC cannot be 192.168.1.0/24.

Connect the on-premises network to the cloud network using either of the following solutions:

VPN: See Connecting an On-Premises Data Center to a VPC Through a VPN.
After the on-premises network or the private network of the third party cloud and the cloud network are connected, you are advised to ping the private IP address of a server in the VPC from an on-premises server or a server of the third-party cloud to check network connectivity.

Buying a VPC Endpoint

Log in to the UCS console and click Click to connect in the card view of the cluster. In the window that slides out from the right, select Private access.
In Create a VPC Endpoint., click to record the service name.

Figure 1 Creating a VPC endpoint
Log in to the VPC Endpoint console and click Buy VPC Endpoint to create a VPC endpoint for connecting to different services.
Select the region that the VPC endpoint belongs to, click Find a service by name, enter the service name recorded in 2, and click Verify.

Figure 2 Searching for a service by name
Create VPC endpoints for DNS, SWR, and OBS.
Select the VPC and subnet created in Deploying the Network Environment.
Select Automatically assign IP address or Manually specify IP address for assigning the private IP address of the VPC endpoint.
Click Next, confirm the specifications, and click Submit.
Configure the created VPC endpoint on the DNS server. Click the name of the created VPC endpoint and record the IP address so that the Huawei Cloud DNS forwarder can be added to the DNS server in the on-premises data center.

Configuring a DNS Server

Configure DNS forwarding: Configure a DNS forwarding rule on the DNS server to forward the request for resolving the Huawei Cloud internal domain name to the endpoint for accessing DNS. Take DNS Bind as an example. In /etc/named.conf, add the DNS forwarder configuration and set forwarders to the IP address of the endpoint for accessing DNS.
The following code xx.xx.xx.xx represents the endpoint IP address of DNS.
```
options {
        forward only;
        forwarders{ xx.xx.xx.xx;};
};
```
Configure static DNS resolution: Configure static DNS resolution and add the IP addresses of SWR and CIE instances. Take CN North-Beijing4 as an example. If dnsmasq is used, add the following two static resolutions to /etc/dnsmasq.conf:

The following shows the first static resolution, where xx.xx.xx.xx represents the IP address of the SWR endpoint. Replace region with the URL of the region that the service belongs to.
```
address=/swr.region.myhuaweicloud.com/xx.xx.xx.xx
```
The following shows the second static resolution, where xx.xx.xx.xx represents the IP address that is specific to the domain name and is generated after cluster monitoring is enabled. Replace region with the URL of the region that the service belongs to.
```
address=/cia-{First eight digits of the selected VPC ID}{First eight digits of the selected subnet ID}.region.myhuaweicloud.com/xx.xx.xx
```
Example: address=/cia-9992be3cf3eace24.cn-north-4.myhuaweicloud.com/172.16.0.81
Generate a domain name.

SWR: address=/swr.cn-north-4.myhuaweicloud.com/{SWR VPC endpoint}

CIA: Obtain the domain name. The following figure shows the selected VPC (vpc-cce as an example) and subnet.

Figure 3 First eight digits of the VPC ID

Figure 4 First eight digits of the subnet ID

The final domain name is cia-e52a5d7e02a86357.cn-north-4.myhuaweicloud.com.

Parent topic: Installing an On-Premises Cluster

Previous topic: Pre-Installation Check

Next topic: Installation and Verification

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot