If Source Network Address Translation (SNAT) is not enabled when you create a Container Service for Kubernetes (ACK) cluster, you can enable SNAT in the ACK console after the cluster is created. ACK does not allow you to enable SNAT for an existing cluster by calling the API. This topic describes how to enable SNAT for existing ACK clusters in the ACK console. SNAT allows existing ACK clusters to access the Internet.

Background information

If an Elastic Compute Service (ECS) instance or an ACK cluster does not have a public IP address, you can create an SNAT entry in the virtual private cloud (VPC) where the ECS instance or ACK cluster is deployed to provide a proxy to enable access to the Internet. For more information about SNAT, see .What is NAT Gateway?

Procedure

The following flowchart shows the procedure of how to enable SNAT for an existing ACK cluster to access the Internet.

Enable SNAT
  1. Create a NAT gateway.
    1. Log on to the NAT Gateway console.
    2. In the left-side navigation pane, click NAT Gateway.
    3. On the NAT Gateway page, click Create NAT Gateway.
      For more information about the parameters required to create a NAT gateway, see Create NAT gateways.
      Note The NAT gateway must be created in the same region and VPC as the ACK cluster.
  2. Create an EIP.
    In the left-side navigation pane, choose Elastic IP Addresses > Elastic IP Addresses. On the Elastic IP Addresses page, click Create EIP.

    If you have already created an elastic IP address (EIP), skip this step.

  3. Associate the EIP with the created NAT gateway.
    1. On the NAT Gateway page, find the newly created NAT gateway and choose 1 > Bind Elastic IP Address in the Actions column.
    2. In the Associate EIP dialog box, select the created EIP from the Select Existing EIPs drop-down list.
    3. Click OK.
  4. Create SNAT entries for the NAT gateway.
    1. On the NAT Gateway page, find the newly created NAT gateway and click Manage in the Actions column.
    2. On the SNAT Management tab, click Create SNAT Entry.
    3. On the Create SNAT Entry page, set the parameters as described in the following table and click Confirm.
      For more information about the parameters, see Create a SNAT entry.
      Parameter Description
      SNAT Entry Select Specify VSwitch and select the vSwitches that are used by the cluster.
      • If the cluster uses Terway as the network plug-in, select the node vSwitches and pod vSwitches.
      • If the cluster uses Flannel as the network plug-in, select the node vSwitches.
      Perform the following steps to check the IDs of the vSwitches used by the cluster:
      1. Log on to the ACK console.
      2. In the left-side navigation pane, click Clusters. On the Clusters page, find the cluster that you want to check and click its name.
      3. On the details page of the cluster, click the Cluster Resources tab to view the vSwitch IDs.
        Figure 1. Clusters that use Flannel
        Clusters that use Flannel
        Figure 2. Clusters that use Terway
        Clusters that use Terway
      Select Public IP Address Select a public IP address to enable access to the Internet.
    After SNAT entries are created and SNAT rules are configured, SNAT is enabled for the cluster. You can log on to the NAT Gateway console to view the details of the NAT gateway, such as the EIP used by SNAT. The following figure shows a NAT gateway that is used for an ACK cluster that uses Terway as the network plug-in. This NAT gateway is configured with SNAT rules to enable the cluster to access the Internet. NAT
    Click the name of the NAT gateway. On the SNAT Management tab of the details page, you can check whether the public IP address is associated with the vSwitches used by the cluster. The following figure shows the SNAT entries created for the cluster that uses Terway as the network plug-in. snat

Result

Log on to a node of the cluster and access the Internet to verify that the node can access the Internet and no packet loss occurs during data transmission.

SNAT 2