In edge computing scenarios that require cloud-edge collaboration, ACK Edge cluster provides multiple network solutions to enable cloud-edge communication. Edge computing resources and services can communicate with the cloud control panel over the Internet. Cloud-edge communication can also be enabled by using Express Connect circuits. This allows data centers to connect to virtual private clouds (VPCs). This topic describes the special configurations of ACK Edge clusters that you must take note of when Express Connect circuits are used.
1. No configuration is required for SNAT and EIP
SNAT allows clusters to access the Internet. An elastic IP address (EIP) allows you to access the API server of a cluster over the Internet. If you do not have these requirements when Express Connect circuits are used, you do not need to configure SNAT or EIP when you create a cluster.
If your business requires Internet access, you must configure SNAT for the cluster.
If you want to access the API server of a cluster over the Internet, you must use an EIP.
To use an EIP, configure the EIP when you create an ACK Edge cluster. You cannot associate an EIP with the API server of a cluster after the cluster is created.
2. Configure the edge-tunnel-server and edge-tunnel-agent components after the cluster is created
You can change the configuration of the edge-tunnel component only for ACK edge clusters of V1.20.11 and earlier versions.
ACK Edge V1.22 and later versions support node pools that connect to the cloud over Express Connect circuits. You need to only create a node pool of this type and connect it to the cloud. For more information, see Create an edge node pool.
In edge computing scenarios, edge resources are usually deployed in private networks and cannot be directly accessed from the cloud. You can use the edge-tunnel-server and edge-tunnel-agent components to enable cloud-edge O&M data exchange. You can use Express Connect circuits to connect edge-tunnel-agent at the edge and the pod of edge-tunnel-server in the cloud to enable cloud-edge communication. To use Express Connect circuits in an efficient manner, perform the following steps to configure the components:
Run the following command to change the type of the
x-tunnel-server-svcService that is used by edge-tunnel-server from LoadBalancer to ClusterIP:kubectl apply -f - <<EOF apiVersion: v1 kind: Service metadata: labels: name: edge-tunnel-server name: x-tunnel-server-svc namespace: kube-system spec: ports: - name: https port: 10263 protocol: TCP targetPort: 10263 - name: tcp port: 10262 protocol: TCP targetPort: 10262 selector: k8s-app: edge-tunnel-server sessionAffinity: None type: ClusterIP EOFLog on to the node on which the pod of edge-tunnel-server runs and delete the /var/lib/edge-tunnel-server/pki directory.
Run the following command to recreate the pods that are provisioned for edge-tunnel-server and edge-tunnel-agent.
kubectl -n kube-system get po | grep tunnel | awk '{print $1}' | xargs kubectl -n kube-system delete po
3. Use private networks when you add edge nodes to an ACK Edge cluster
To use private networks when you add edge nodes to an ACK Edge cluster, set inDedicatedNetwork to true in the script that is used to add the nodes. For more information, see Add an edge node.
4. Open the VXLAN port in the security group for cloud-edge communication
If applications in the cloud need to communicate with applications at the edge by using container networks, you must configure the security group of the cluster to open UDP port 8472. To open the port, perform the following steps:
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the name of the cluster that you want to manage and click the Cluster Resources tab.
Click the link to the right of Security Group. On the page that appears, configure the security group to open UDP port 8472.
For more information, see Add a security group rule.