All Products
Search

This Product

    Container Compute Service:Enable Internet access for an ACS cluster

    Document Center

    Container Compute Service:Enable Internet access for an ACS cluster

    Last Updated:Mar 26, 2026

    By default, Alibaba Cloud Container Compute Service (ACS) clusters have no Internet access. If you did not select Configure SNAT for VPC when creating your cluster, pods cannot reach the Internet — for example, to pull images from a public registry. To enable Internet access for all pods in the cluster, create an Internet NAT gateway in the cluster's virtual private cloud (VPC) and configure a source network address translation (SNAT) entry.

    If only one pod needs Internet access, associate an elastic IP address (EIP) with that pod instead. See Mount an independent EIP for pods.

    Prerequisites

    Before you begin, ensure that you have:

    Configure SNAT for the cluster

    The procedure has four steps: create an Internet NAT gateway, associate an EIP with it, create an SNAT entry that targets the cluster's vSwitch, and confirm the configuration.

    Step 1: Create an Internet NAT gateway

    1. Log on to the NAT Gateway console.

    2. Click Create Internet NAT Gateway.

    3. Configure the NAT gateway parameters and click Buy Now. For parameter details, see Create and manage an Internet NAT gateway.

    Step 2: Associate an EIP with the NAT gateway

    Skip this step if you selected Select EIP or Purchase EIP during NAT gateway creation — the system has already associated an EIP.

    1. On the Internet NAT Gateway page, find the NAT gateway and click Associate Now in the EIP column.

    2. In the dialog box, configure the EIP and click OK.

    Step 3: Create an SNAT entry

    1. On the Internet NAT Gateway page, click the NAT gateway ID.

    2. On the SNAT tab, click Create SNAT Entry.

    3. Configure the following parameters and click OK. For more details, see Create and manage SNAT entries.

      Parameter Description
      SNAT Entry Select an access mode based on your network conditions and security requirements. Select Specify vSwitch.
      Select vSwitch Select the vSwitch used by the cluster. To find the vSwitch ID, go to the Cluster Information page of your ACS cluster and check the Basic Information tab.
      Select EIP Select the EIP associated with the NAT gateway.

    Step 4: Confirm the configuration

    Verify that the following conditions are met:

    1. The NAT gateway and the ACS cluster are in the same VPC, and an EIP is associated with the NAT gateway.

      NAT网关.png

    2. The SNAT entry is associated with the vSwitch used by the cluster.

      SNAT条目.png

    Verify the result

    Use either method to confirm that pods can access the Internet:

    • Verify image pulling: Create a pod using an image from a public registry. A successful image pull and pod start confirm that Internet access is working.

      拉取公网镜像.png

    • Verify network connectivity: Log on to a pod in the cluster and run the ping command against a public domain name. No packet loss confirms that Internet access is working.

      ping.png

    What's next