Fleet management in Distributed Cloud Container Platform for Kubernetes (ACK One) requires a region, virtual private cloud (VPC), and vSwitch for the Fleet instance. This topic explains the network architecture and how to choose the right region, VPC, and vSwitch.
Network architecture
A Fleet instance serves as an ingress to the clusters that are associated with the Fleet instance. Two-way connectivity is required between the Fleet instance and each associated cluster:
-
Connection ① — The Fleet instance's VPC accesses the API server endpoints of the associated clusters.
-
Connection ② — The associated clusters' VPCs access the API server endpoint of the Fleet instance.
The following figure shows an example topology. ACK Cluster 1 and ACK Cluster 2 are deployed in VPC 1 in Region 1. ACK Cluster 3 is deployed in VPC 2 in Region 2. A system administrator manages all associated clusters through the Fleet instance's API server endpoint.
Choose a region
Deploy the Fleet instance in the region where most of your associated clusters are located. This minimizes network latency between the Fleet instance and the clusters it manages.
In the example topology, two clusters are in Region 1 and one cluster is in Region 2 — deploy the Fleet instance in Region 1.
Each associated cluster can be managed by only one Fleet instance. Plan your Fleet instances before associating clusters.
For flexibility, you can create multiple Fleet instances organized by business type, environment (test or production), or geographic proximity. To increase the Fleet instance quota, go to Quota Center console and submit a quota increase request.
For supported regions, see Regions that support ACK One.
Choose a VPC
The Fleet instance and all associated clusters must have two-way network connectivity between their API servers. Deploy the Fleet instance in the VPC where most of your associated clusters are located — the Fleet instance connects to clusters in the same VPC automatically.
In the example topology, Cluster 1 and Cluster 2 are in VPC 1 and Cluster 3 is in VPC 2 — deploy the Fleet instance in VPC 1.
Cross-VPC connectivity
If the Fleet instance and the associated clusters are deployed in different VPCs, you must create a Cloud Enterprise NetworkCloud Enterprise Network (CEN) instance to connect the VPCs. This ensures that the API servers of the Fleet instance and associated clusters can access each other. You can also enable the public endpoints of the Fleet instance and associated clusters to allow them to communicate over the Internet.
Security group requirements
Make sure that the security groups of the Fleet instance and the associated clusters accept connection requests from each other.
Choose a vSwitch
Fleet instances have no specific requirements for vSwitches. Select a vSwitch based on your network design.