Updated on 2025-08-12 GMT+08:00

Environment Configuration

Purchasing VPC Endpoints

VPC endpoints are required for accessing cloud services that use the network segment starting with 100.
  • To pull images from a repository of SWR Enterprise Edition, you need to purchase a VPC endpoint for accessing OBS.
  • To pull images from an SWR public image repository, you need a VPC endpoint for accessing SWR and a VPC endpoint for accessing OBS in the VPC where the workload is deployed.
  1. Go to the VPC endpoint list page.
  2. On the VPC Endpoints page, click Buy VPC Endpoint.

    The Buy VPC Endpoint page is displayed.

  3. Configure the parameters. Both the VPC endpoint for accessing SWR and the VPC endpoint for accessing OBS work only in the VPC where they are created.

    Figure 1 Buying a VPC endpoint for accessing SWR

    Figure 2 Buying a VPC endpoint for accessing OBS

    Table 1 VPC endpoint parameters

    Parameter

    Example

    Description

    Region

    CN-Hong Kong

    Specifies the region where the VPC endpoint will be used to connect a VPC endpoint service.

    Resources in different regions cannot communicate with each other over an intranet. For lower latency and quicker access, select the region nearest to your on-premises data center.

    Billing Mode

    Pay-per-use

    Specifies the billing mode of the VPC endpoint. VPC endpoints can be used or deleted at any time.

    VPC endpoints support only pay-per-use billing based on the usage duration.

    Service Category

    Cloud services

    There are two options:

    • Cloud services: Select this option if the VPC endpoint service to be accessed is a cloud service.
    • Find a service by name: Select this option if the VPC endpoint service to be accessed is a private service of your own.
    CAUTION:
    • Select Cloud services when you buy a VPC endpoint for accessing SWR.
    • Select Find a service by name when you buy a VPC endpoint for accessing OBS.

    Service List

    -

    This parameter is available only when you select Cloud services for Service Category.

    VPC endpoint services have been created. You can select one of them.

    NOTE:

    If you select Find a service by name for Service Category when you buy a VPC endpoint for accessing OBS, submit a service ticket to get the service name.

    VPC

    -

    Specifies the VPC where the VPC endpoint is to be deployed.

    Subnet

    -

    Specifies the subnet where the VPC endpoint is to be deployed.

    Route Table

    -

    This parameter is available only when you create a VPC endpoint for connecting to a gateway VPC endpoint service.

    NOTE:

    This parameter is available only in the regions where the route table function is enabled.

    You are advised to select all route tables. Otherwise, the access to the gateway VPC endpoint service may fail.

    Select a route table required for the VPC where the VPC endpoint is to be deployed.

    For details about how to add a route, see Adding Routes to a Route Table in the Virtual Private Cloud User Guide.

    Policy

    -

    Specifies the VPC endpoint policy.

    VPC endpoint policies are a type of resource-based policies. You can configure a policy to control which principals can use the VPC endpoint to access VPC endpoint services.

    Tag

    example_key1

    example_value1

    Specifies the tag that is used to classify and identify the VPC endpoint.

    The tag settings can be modified after the VPC endpoint is purchased

    Description

    -

    Provides supplementary information about the VPC endpoint.

    Table 2 Tag requirements for VPC endpoints

    Parameter

    Requirement

    Tag key

    • Cannot be left blank.
    • Must be unique for each resource.
    • Can contain a maximum of 36 characters.
    • Cannot start or end with a space or contain special characters =*<>\,|/
    • Can contain only letters, digits, hyphens (-), and underscores (_).

    Tag value

    • Cannot be left blank.
    • Can contain a maximum of 43 characters.
    • Cannot start or end with a space or contain special characters =*<>\,|/
    • Can contain only letters, digits, hyphens (-), and underscores (_).

  4. Confirm the settings and click Next.

    • If the configuration is correct, click Submit.
    • If any parameter is incorrect, click Previous to modify it as needed and then click Submit.

  5. Click Back to VPC Endpoint List after the task is submitted.
  6. View the endpoint details by clicking each endpoint ID.

Logging In to the CCI 2.0 Console

Log in to the CCI 2.0 console and grant CCI the permissions to access other cloud services.

  1. Log in to the management console.
  2. Click in the upper left corner to select the desired region.

    CCI 2.0 is available in CN-Hong Kong, AP-Jakarta, TR-Istanbul, AF-Johannesburg, ME-Riyadh, LA-Mexico City2, LA-Sao Paulo1, AP-Bangkok, and AP-Singapore.

    CCI 2.0 does not allow you to create resources in sub-projects.

  3. Choose Service List > Containers > Cloud Container Instance 2.0.

    Switch to the CCI 2.0 console.

  4. If this is the first time you are logging in to the CCI 2.0 console, click Agree to grant CCI 2.0 the permissions to access other cloud services.

    After the permissions are granted, an agency named cci_admin_trust is created. You can view the agency on the IAM console.

(Optional) Uploading Images

The cloud platform provides the SoftWare Repository for Container (SWR) service for you to upload container images to the image repository. You can easily pull these images when creating workloads on CCI 2.0. For details about how to upload images, see Pushing an Image.

  • After Enterprise Project Management Service (EPS) is enabled, if an IAM user needs to use private images in your account, you need to log in to the CCI 2.0 console using the account, choose Image Repository, and grant the required permissions to the user on the SWR console.
  • You can use either of the following methods to grant permissions to an IAM user:
    • On the details page of an image, click the Permissions tab, click Add Permission, and then grant the read, write, and manage permissions to the user. For details, see Granting Permissions for a Specific Image.
    • On the details page of an organization, click the Users tab, click Add Permission, and then grant the read, write, and manage permissions to the user. For details, see Granting Permissions for an Organization.