Enhanced cloud-edge networking is developed based on the Software Defined Network (SDN) solution of ACK@Edge. An edge node can connect to a Cloud Connect Network (CCN) instance through the nearest access point in the global transmission network of Alibaba Cloud. The CCN instance can communicate with virtual private clouds (VPCs) that are connected to the same Cloud Enterprise Network (CEN) instance. This connects the cloud and edge. This topic describes how an enhanced edge node pool works and how to create an enhanced edge node pool.
Edge node pools support two types of modes for collaborative cloud-edge networking: basic and enhanced.
- Basic: The cloud and edge are connected through Internet connections. Applications in edge node pools cannot access VPCs in the cloud.
- Enhanced: This mode is based on the SDN solution of ACK@Edge. The cloud and edge are connected through high-speed and secure connections. Applications in edge node pools can access VPCs in the cloud. This mode outperforms the basic mode in terms of network quality and security.
|Cloud-edge networking||Establish Internet connections.||Create CCN instances.|
|Whether edge nodes can access VPCs||No.||Yes.|
|Network quality||Low.||High. Edge nodes can connect to CCN instances through the nearest access points.|
|Security||Low.||High. Connections between the cloud and edge are encrypted.|
|Scenarios||Workloads that are deployed at the edge and are not strongly reliant on cloud computing.||Applicable scenarios:
- The enhanced mode enables mutual communication between pods at the edge and pods in the cloud, and between pods at the edge and VPCs in the cloud. In addition, edge nodes can access VPCs and pods in the cloud. However, VPCs and pods in the cloud cannot access edge nodes. To enable a VPC to access edge nodes, you must use an elastic IP address (EIP).
- Each enhanced edge node pool must contain at least two AMD64 nodes.
- In an enhanced edge node pool, the gateway components are installed in pods on edge nodes. These pods support only the Flannel network plug-in. Host networking is not supported.
- When you create a basic or enhanced edge node pool, you must specify the maximum number of nodes that the edge node pool supports. This value is saved in an annotation of the NodePool object and cannot be modified. We recommend that you set the size of your edge node pool to a proper value.
- The metadata of an enhanced edge node pool is saved in the annotations of the NodePool object. You must not modify or delete these annotations. Otherwise, the enhanced edge node pool may fail to work in enhanced mode. For more information, see Annotations for an edge node pool.
openyurt.io/desired-nodepoollabel specifies the node pool to which a node belongs. You cannot move a node from an enhanced edge node pool to another enhanced edge node pool by modifying this label. To move the node, you must remove the node from the current node pool and then add it to another enhanced edge node pool. Otherwise, the node cannot work in enhanced mode. For more information, see Remove edge nodes.
How an enhanced edge node pool works
Enhanced cloud-edge networking is based on the SDN solution of ACK@Edge and the global network infrastructure of Alibaba Cloud. It enables reliable and secure communication between the cloud and edge. After you create an enhanced edge node pool and add edge nodes to the node pool, the gateway components are automatically installed in pods on edge nodes. The gateway components enable edge nodes to connect to CCN instances through the nearest access points. The CCN instances can communicate with the VPCs that are connected to the same CEN instance. This connects the cloud and edge. In enhanced mode, data exchanged between the cloud and edge is encrypted. Data is transmitted over the internal network of Alibaba Cloud. This ensures the efficiency and security of data transmission. In addition, edge nodes can access services that are deployed in VPCs.
When you create an enhanced edge node pool, the following components are deployed for the node pool: edge-gateway-core(egw-core) and edge-gateway-helper(egw-helper). edge-gateway-core is the key component of an enhanced gateway. This component is deployed in the node pool as a Deployment. The Deployment creates and manages two pods in the node pool: One serves as the primary pod while the other serves as the secondary pod. The two pods are deployed on different nodes to ensure high availability. edge-gateway-helper is a component that synchronizes routes among nodes. This component is deployed on each node as a DaemonSet. It is used to configure routing information for nodes.
Create an enhanced edge node pool
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane of the details page, choose .
- On the Node Pools page, click Create Edge Node Pool (Beta) in the upper-right corner of the page.
- On the Create Edge Node Pool (Beta) dialog box, set the required parameters. For more information, see Create an edge node pool.
- Set Coordination Network between Cloud and Edge to Enhanced.
- CEN Instance:
- To use a CEN instance that belongs to your account, select Use CEN Instance of Current Account and then select the CEN instance.
- To use a CEN instance that belongs to another account, you must first acquire the permissions to connect the VPC of the current cluster and the CCN instance to the CEN instance that you want to use. For more information, see Acquire permissions from another Alibaba Cloud account and Attach networks. Then, select Use CEN Instance of Other Accounts and enter the UID of the account that owns the CEN instance and the ID of the CEN instance.
- CCN Instance: Select the CCN instance that you have created.
- Click Submit.
- After the edge node pool is created, add at least two nodes to the node pool. For more information, see Add nodes to an edge node pool.
- CEN allows you to establish private connections between VPCs in different regions and between VPCs and data centers. This way, network resources are interconnected on a global scale.
- CCN is a matrix of distributed access gateways. You can connect on-premises resources to Alibaba Cloud by connecting CCN instances to CEN instances.
Annotations for an edge node pool
|nodepool.openyurt.io/max-nodes||Specifies the maximum number of nodes that the enhanced edge node pool supports. This annotation is applicable to only non-default edge node pools.|
|nodepool.openyurt.io/pod-cidrs||Specifies the pod CIDR blocks that are assigned to the enhanced edge node pool. This annotation is applicable to only non-default edge node pools.|
|nodepool.openyurt.io/cen-id||Specifies the ID of the CEN instance for the enhanced edge node pool.|
|nodepool.openyurt.io/ccn-id||Specifies the ID of the CCN instance for the enhanced edge node pool.|
|nodepool.openyurt.io/ccn-region||Specifies the region of the CCN instance for the enhanced edge node pool. Only the China (Shanghai) region is supported in China.|
|nodepool.openyurt.io/is-default||Specifies whether to set the enhanced edge node pool as a default edge node pool.|