Help Center/ Cloud Container Engine/ User Guide/ Clusters/ Connecting to a Cluster/ Connecting to a Cluster Using CloudShell
Updated on 2024-09-30 GMT+08:00

Connecting to a Cluster Using CloudShell

Scenario

This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using CloudShell.

Permissions

When using kubectl in CloudShell, the kubectl permissions are determined by the user that logs in.

Notes and Constraints

When using CloudShell to access a CCE cluster or container, you can open a maximum of 15 instances simultaneously.

Using CloudShell

CloudShell is a web shell used to manage and maintain cloud resources. CCE allows you to use CloudShell to access clusters and use kubectl in CloudShell to access clusters (by clicking the command line tool icon in Figure 1).

  • The kubectl certificate in CloudShell is valid for one day. You can reset the validity period by accessing CloudShell from the CCE console.
  • CloudShell is implemented based on VPCEP. To use kubectl to access a cluster, configure the security group (Cluster name-cce-control-Random number) on the master node of the cluster to allow the following CIDR blocks to access port 5443. By default, port 5443 allows access from all CIDR blocks. If you have hardened security groups and any cluster cannot be accessed in CloudShell, check whether port 5443 allows access from 198.19.0.0/16.
  • CloudShell can be used only after CoreDNS is installed in a cluster.
  • You can use CloudShell to log in to containers only in CN North-Beijing1, CN North-Beijing4, CN East-Shanghai1, CN East-Shanghai2, CN South-Guangzhou, CN Southwest-Guiyang1, and CN North-Ulanqab1 regions.
  • CloudShell does not support an account or sub-project agency.
Figure 1 CloudShell
Figure 2 Using kubectl in CloudShell