tencent cloud


Accessing Internet through NAT Gateway

Last updated: 2022-04-18 16:35:22


    Elastic Kubernetes Service (EKS) allows you to enable services in a cluster to access internet by configuring the NAT Gateway and route table. This document guides you through the configuration.


    Creating an NAT gateway

    1. Log in to the Tencent Cloud VPC console and click NAT Gateway on the left sidebar.
    2. On the NAT Gateway page, click +Create.
    3. In the pop-up Create NAT Gateway window, create an NAT gateway in the same region and same VPC as the EKS cluster. For more information, see Getting Started.

    Creating a route table for the NAT gateway

    1. On the left sidebar, click Route Table to go to the Route Table management page.
    2. On the Route Table management page, click +Create.
    3. In the pop-up Create Route Table window, create a route table in the same region and same VPC as the EKS cluster, as shown in the figure below:

      Main parameters are described as follows:
    • Destination: select the public IP address to be accessed. You can configure a CIDR block for this parameter. For example, if you enter, all traffic will be forwarded to the NAT gateway.
    • Next Hop Type: select NAT Gateway.
    • Next Hop: select the NAT gateway created in Creating an NAT Gateway.
    1. Click Create.

    Associating subnets with the route table

    After configuring routes, you need to select subnets and associate them with the route table. Then, traffic from the selected subnets to internet will be routed to the NAT gateway.

    1. On the Route Table page, find the route table created in the Creating a route table for the NAT gateway step and click Associate Subnets on the right.
    2. In the pop-up Associate Subnets window, select the subnets to be associated and click OK.

      This subnet is not a Service CIDR block but a container network.

      After associating the route table with the subnets, resources in the same VPC can access internet through the public IP address of the NAT gateway.

    Configuration Verification

    1. On the Elastic Cluster list page, click the ID of the target cluster to go to the management page of the cluster.
    2. Click Remote Login for the target container and run a ping command to check whether its pods can access internet. If the results in the figure below are returned, it means the pods have successfully accessed the internet.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support