Skip to content

Commit 842e672

Browse files
yiyang-shaoyiyang-shao
committed
Update BYOC VPC Peering with Security Group change
1 parent 1d947a7 commit 842e672

File tree

4 files changed

+44
-6
lines changed

4 files changed

+44
-6
lines changed

docs/en/cloud/reference/byoc.md

Lines changed: 44 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,10 @@ After creating the CloudFormation stack, you will be prompted to set up the infr
6464

6565
To create or delete VPC peering for ClickHouse BYOC, follow the steps:
6666

67-
#### Step 1 Create a peering connection
67+
#### Step 1 Enable Private Load Balancer for ClickHouse BYOC
68+
Contact ClickHouse Support to enable Private Load Balancer.
69+
70+
#### Step 2 Create a peering connection
6871
1. Navigate to the VPC Dashboard in ClickHouse BYOC account.
6972
2. Select Peering Connections.
7073
3. Click Create Peering Connection
@@ -82,7 +85,7 @@ To create or delete VPC peering for ClickHouse BYOC, follow the steps:
8285

8386
<br />
8487

85-
#### Step 2 Accept the peering connection request
88+
#### Step 3 Accept the peering connection request
8689
Go to the peering account, in the (VPC -> Peering connections -> Actions -> Accept request) page customer can approve this VPC peering request.
8790

8891
<br />
@@ -95,7 +98,7 @@ Go to the peering account, in the (VPC -> Peering connections -> Actions -> Acce
9598

9699
<br />
97100

98-
#### Step 3 Add destination to ClickHouse VPC route tables
101+
#### Step 4 Add destination to ClickHouse VPC route tables
99102
In ClickHouse BYOC account,
100103
1. Select Route Tables in the VPC Dashboard.
101104
2. Search for the ClickHouse VPC ID. Edit each route table attached to the private subnets.
@@ -114,7 +117,7 @@ In ClickHouse BYOC account,
114117

115118
<br />
116119

117-
#### Step 4 Add destination to the target VPC route tables
120+
#### Step 5 Add destination to the target VPC route tables
118121
In the peering AWS account,
119122
1. Select Route Tables in the VPC Dashboard.
120123
2. Search for the target VPC ID.
@@ -133,8 +136,43 @@ In the peering AWS account,
133136

134137
<br />
135138

136-
#### Step 5 Enable Private Load Balancer for ClickHouse BYOC
137-
Contact ClickHouse support to enable Private Load Balancer.
139+
#### Step 6 Edit Security Group to allow Peered VPC access
140+
In ClickHouse BYOC account,
141+
1. In the ClickHouse BYOC account, navigate to EC2 and locate the Private Load Balancer named like infra-xx-xxx-ingress-private.
142+
143+
<br />
144+
145+
<img src={require('./images/byoc-plb.png').default}
146+
alt='BYOC Private Load Balancer'
147+
class='image'
148+
style={{width: '800px'}}
149+
/>
150+
151+
<br />
152+
153+
2. Under the Security tab on the Details page, find the associated Security Group, which follows a naming pattern like k8s-istioing-istioing-xxxxxxxxx.
154+
155+
<br />
156+
157+
<img src={require('./images/byoc-securitygroup.png').default}
158+
alt='BYOC Private Load Balancer Security Group'
159+
class='image'
160+
style={{width: '800px'}}
161+
/>
162+
163+
<br />
164+
165+
3. Edit the Inbound Rules of this Security Group and add the Peered VPC CIDR range (or specify the required CIDR range as needed).
166+
167+
<br />
168+
169+
<img src={require('./images/byoc-inbound-rule.png').default}
170+
alt='BYOC Security Group Inbound Rule'
171+
class='image'
172+
style={{width: '800px'}}
173+
/>
174+
175+
<br />
138176

139177
---
140178
The ClickHouse service should now be accessible from the peered VPC.

docs/en/cloud/reference/images/byoc-inbound-rule.png

521 KB
Loading

docs/en/cloud/reference/images/byoc-plb.png

229 KB
Loading

docs/en/cloud/reference/images/byoc-securitygroup.png

402 KB
Loading

0 commit comments

Comments
 (0)