All Products
Search

This Product

    Container Service for Kubernetes:Work with the cloud-edge communication component Raven

    Document Center

    Container Service for Kubernetes:Work with the cloud-edge communication component Raven

    Last Updated:Jan 19, 2024

    The Raven component in ACK Edge clusters provides cross-domain network communication capabilities for cloud-edge O&M. When you configure the Raven component, you can set the cloud-edge communication mode to proxy or tunnel. You can also configure the access control whitelist to allow the specified edge gateway nodes to establish tunnels to the cloud.

    Prerequisites

    • An ACK Edge cluster that runs Kubernetes 1.26.3 or later is created. For more information, see Create an ACK Edge cluster.

    • To enable the tunnel mode, you need to open UDP port 8472. Make sure that the security policy on the edge node side does not block UDP port 4500 or TCP ports 10280, 10281, and 10282.

    Usage notes

    • The cloud services and features required by the Raven component are Elastic IP Address (EIP), Classic Load Balancer (CLB), and network ACLs.

    • Do not delete the kube-system/raven-cfg ConfigMap because it stores all cloud resource information.

      View the content of the raven-cfg ConfigMap

      apiVersion: v1
kind: ConfigMap
metadata:
  name: raven-cfg
  namespace: kube-system
data:
  acl-id: acl-xxx
  acl-entry: ""
  eip-id: eip-xxx
  eip-ip: 47.XX.XX.47
  enable-l3-tunnel: "false"
  enable-l7-proxy: "true"
  loadbalancer-id: lb-xxx
  loadbalancer-ip: 192.XX.XX.1

    Set the communication mode and configure the access control whitelist for raven-agent-ds

    By default, the raven-agent-ds component is automatically installed in ACK Edge clusters and the proxy mode is enabled. You can manually set the communication mode (proxy or tunnel) and configure the access control whitelist for edge gateway nodes.

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Add-ons in the left-side navigation pane.

    3. Find raven-agent-ds, click Configuration on the card, and then configure the parameters.

      Parameter

      Description

      controller

      • Enable Proxy Mode (recommended): Enable the proxy mode. In this mode, reverse tunneling is used for cross-domain host communication.

      • Enable Tunnel Mode: Enable the tunnel mode. In this mode, VPN tunneling is used for cross-domain container communication.

        The tunnel mode is in public preview. If you have any questions or suggestions, submit a ticket.

      For more information about the two communication modes, see Communication modes.

      accessControlListEntry

      The entries in the access control whitelist. Edge gateway nodes in the whitelist can establish tunnels to the cloud with enhanced network security.

      Specify edge gateway nodes by CIDR blocks or IP addresses. If you specify IP addresses, set the mask length to /32. Separate multiple CIDR blocks or IP addresses with commas (,). If you leave this parameter empty, all source IP addresses can access the services in the cloud through the CLB instance.

    References