edit-icon download-icon

Use VPC in Container Service

Last Updated: Nov 23, 2017

This document introduces how to use Virtual Private Cloud (VPC) in Container Service and the corresponding notes.

VPC CIDR block

  • To create a VPC container cluster in Container Service, plan the network according to the actual conditions first. Specify the ClasslessInter-Domain Routing (CIDR) to segment the corresponding subnetworks when creating a VPC.

  • Each VPC can only specify one CIDR block. The CIDR block range is as follows. 172.16.0.0/12 is the default CIDR block of VPC.

    • 10.0.0.0/8
    • 172.16.0.0/12
    • 192.168.0.0/16

Container CIDR block

Specify the corresponding container CIDR block when creating a VPC cluster in Container Service. Currently, Container Service supports the following container CIDR blocks:

  • 192.168.1.0/24
  • 172.[16-31].1.0/24

Network planning

To ensure the network intercommunication between containers, add each container CIDR block to the route table. Therefore, to avoid the conflict of CIDR blocks, perform the corresponding network planning for your application service according to the CIDR blocks of VPC and container.

CIDR block planning

Both VPC and container can have 172 as the CIDR block. Therefore, when selecting 172 as the CIDR block of VPC and container, you need to pay attention.

For example, if the VPC CIDR block is 172.16.0.0/12 and the VSwitch CIDR block is 172.18.1.0/24. Then, the IP address of the Elastic Compute Service (ECS) instance on the VSwitch is 172.18.1.1-172.18.1.252 according to the CIDR block definition of the VSwitch.

If the container CIDR block is also 172.18.1.0/24, the IP address of the container and that of the ECS instance are the same. In this way, an exception occurs in the network communication between containers. So you must pay attention to the network planning when using a VPC.

Route table planning

Currently, up to 48 route entries can be included in a route table of a VPC.

Example

Use the following complete example to demonstrate the whole creation process of a VPC cluster in Container Service.

Step 1. Create a VPC

  1. Log on to the VPC console.

  2. Click VPC in the left-side navigation pane.

  3. Select the region. In this example, select China East 1 (Hangzhou).

  4. Click Create VPC. The Create VPC dialog box opens.

  5. Complete the configurations and then click Create VPC.

    In this example, to avoid conflicting with the container CIDR block, select 10.0.0.0/8 as the CIDR.

    1

Step 2. Create a VSwitch

After creating a VPC, create the corresponding VSwitch under this VPC.

  1. On the VPC list, click Manage at the right of the created VPC.1

  2. Click VSwitches in the left-side navigation pane, and then click Create VSwitch in the upper-right corner.

    1

  3. The Create VSwitch dialog box opens. Complete the configurations and then click OK.

    In this example, select a China East 1 zone and enter 10.1.1.0/24 as the CIDR. If you select this VSwitch when creating an ECS instance, the IP address of the ECS instance will be 10.1.1.1-10.1.1.252. The number of available private IPs is 252 in total, which means you can purchase 252 ECS instances under the VSwitch of this CIDR block.

    1

Step 3. View route table

After creating the VPC and VSwitch, you can view the route table.

Click VRouters in the left-side navigation pane. The network of VSwitch is the default system route table.

1

Step 4. Create a container cluster

  1. Log on to the Container Service console.

  2. Click Clusters in the left-side navigation pane, and then click Create Cluster in the upper-right corner.

    1

  3. Complete the configurations and then click Create Cluster.

    Select China East 1 (Hangzhou) as the Region, and VPC as the Network Type. Select the created VPC and VSwitch from the corresponding list.

    1

In this example, the Initial CIDR Block of Container Service is 172.18.0.0/24. Then, the container CIDR block on the nodes of this cluster is 172.18.[1-254].0/24. The container IP address on each node is 172.18.x.[1-255].

Step 5. Verify node IP address

After creating the container cluster, you can verify the preceding theory of network planning by verifying the cluster node IP address, route table, and checking the application container IP address.

You can verify the VSwitch CIDR block by checking the ECS instance IP address in the container cluster node list.

  1. Log on to the Container Service console.

  2. Click Nodes in the left-side navigation pane.

  3. Select the cluster where the node that you want to verify resides from the Cluster list.

    From the following figure, we can see that the IP address of the newly purchased ECS instance belongs to the VSwitch CIDR block 10.1.1.0/24.

    1

Step 6. Verify route table

Verify the route table after verifying the node IP address.

  1. Log on to the VPC console.

  2. Click VPC in the left-side navigation pane.

  3. Click Manage at the right of the created VPC.1

  4. Click VRouters in the left-side navigation pane.

    A route entry with 172.18.x.0/24 as the CIDR block is added to the route table. The next hop is the corresponding ECS instance ID.

    1

Step 7. Verify container IP address

Finally, verify whether the container IP address is correct or not.

In this example, deploy a WordPress application by using an orchestration template in Container Service console, and then verify the container IP address by checking the container list on a node.

For how to create the WordPress application, see Create WordPress with an orchestration template.

  1. Log on to the Container Service console.

  2. Click Applications in the left-side navigation pane.

  3. Select the cluster where the created application resides from the Cluster list.

  4. Click the application name.

  5. Click the Containers tab.

    1

The preceding verification shows that a VPC container cluster is successfully created.

Thank you! We've received your feedback.