If you select endpoint as the connection type when you create a data source or data migration task with Huawei Cloud as the cloud vendor, you must add the account ID displayed on the page to the allowlist of your endpoint service. This way, the endpoint of this account can connect to your endpoint service. This topic describes how to obtain the account ID and add it to the allowlist of your endpoint service.
Prerequisites
You have created a database instance of the corresponding type and obtained its connection address in your virtual private cloud (VPC). For example, for a MySQL database instance, the connection address is usually a single address-port pair in the format of
address:port. For a Kafka instance, multiple address-port pairs in the format ofbroker_address1:broker_port1,broker_address2:broker_port2, and so on, are possible.If the load balancing service or virtual server associated with the endpoint service has enabled security group, add the private IP address of the OceanBase Cloud data source to the corresponding security group. For more information, see Private IP address segments.
Limitations
The endpoint and endpoint service must be in the same region.
Before you configure the allowlist of the endpoint service, you must obtain the account ID of the endpoint.
Use data source addresses proxied by Nginx as endpoint service backend
Each forwarding server configuration in Nginx corresponds to an address used for exposing a data source instance. Here is an example with the Nginx port 3306:
server {
listen 3306;
proxy_pass address:port;
proxy_timeout 60s;
}
If a data source (for example, a Kafka data source) has multiple connection addresses, you must use Nginx to forward requests to those addresses simultaneously. Here is an example with two brokers and Nginx ports 19092 and 19093:
server {
listen 19092;
proxy_pass broker_address1:broker_port1;
proxy_timeout 60s;
}
server {
listen 19093;
proxy_pass broker_address2:broker_port2;
proxy_timeout 60s;
}
Notice
Nginx must support
ngx_stream_module.We recommend that you set
proxy_timeoutto 60 seconds or more.
Create an elastic load balancer
Log in to the Elastic Load Balance page.
On the Elastic Load Balance page, click Buy Elastic Load Balancer in the upper-right corner.
On the Buy Elastic Load Balancer page, configure the parameters based on business needs.
For more information, see Creating a Dedicated Load Balancer.
Notice
You must create an elastic IP address (EIP) and bind it to the elastic load balancer.
When you create an elastic load balancer for a Kafka instance, make sure that IP Type Backend (Cross VPC Backend) is enabled.
Click Buy Now.
Configure a listener for the elastic load balancer.
Return to the Elastic Load Balance page, click Add Listener next to the created elastic load balancer.
In the Add Listener dialog box, configure the parameters as prompted.
Notice
Select TCP as the frontend protocol and specify the Nginx forwarding port as the frontend port.
If the instance (for example, a Kafka instance) has multiple forwarding addresses, you must configure a listener for each forwarding address.
After you add a backend server, click Next: Confirm.
In the Add Backend Server step, click Add Cloud Server. After you select the cloud server to add, you must enter the Nginx forwarding port in Backend Port.
Confirm the configurations and click Submit.
Create an endpoint service
Log in to the Huawei Cloud console and go to the VPC Endpoint Services page.
Click Create VPC Endpoint Service in the upper-right corner.
On the Create VPC Endpoint Service page, complete the configurations.
Parameter Description Region The region where the endpoint service resides. Name (optional) The name of the endpoint service. It can contain letters, digits, underscores (_), and hyphens (-), and cannot exceed 16 characters in length. VPC Select the VPC to which the endpoint service belongs from the drop-down list. Service Type The type of the endpoint service. At present, only Interface is supported. Connection Approval Choose whether to enable connection approval based on the actual situation. If it is enabled, an endpoint connection to the current endpoint service must be approved. You can approve endpoint connections on the Connection Management tab of the endpoint service details page. Port Mapping Select TCP for Protocol and specify the ports of the instance. Backend Resource Type The backend resource that actually provides services. Select Elastic Load Balancer here. Load Balancer Select the elastic load balancer created earlier from the drop-down list. Tag (optional) Tags are used to classify and identify resources. Description (optional) The description of the endpoint service to be created. Click Create Now.
Add an account ID to the allowlist of the endpoint service
After the endpoint service is created, you must add the account that needs to access the created endpoint service to its allowlist.
Obtain the account ID to be added to the allowlist
Log in to the OceanBase Cloud console.
Access the Create Data Source page.
Here takes the procedure on the Create Data Source page as an example. You can also click Data Services > Migrations > Migrate Data, and obtain the IP address to be added to the allowlist from the Create Task page.
In the left-side navigation pane, click Data Services > Data Sources.
On the Data Sources page, click Create Data Source in the upper-right corner and select the data source type.
On the Create Data Source page, select Huawei Cloud for Cloud Vendor, Endpoint for Connection Method, and the instance type as needed.
Copy the account ID displayed below the Connection Information text box.
Note
The account ID to be added to the allowlist is displayed only after you select a region. The region selected here must be the same as the region where the Huawei Cloud instance is located.
Add the account ID to the allowlist of the endpoint service
Log in to the Huawei Cloud console.
Go to the VPC endpoint service list page, then click the name of the target endpoint service.
On the Permission Management tab, click Add to Whitelist.
In the Add to Whitelist dialog box, enter the account ID to be added to the allowlist.
Note
domain_id indicates the account ID of the authorized user. For example, ff******59374311b2f90f******fa3c.
You can add * to the allowlist to allow access from all users.
Click OK.
Use an endpoint service
After you create an endpoint service and add the obtained account ID to its allowlist, copy the endpoint service name, then enter it in Connection if you select Endpoint for Connection Type when you create a data source or data migration task with Huawei Cloud as the cloud vendor in the OceanBase Cloud console. For more information about how to create a data source, see Create a data source. For more information about how to create a data migration task, see the corresponding topic under Migrate data.
To copy the endpoint service name, perform the following steps:
Log in to the Huawei Cloud console and go to the VPC Endpoint Services page.
Click the name of the target endpoint service to go to its details page.
On the Summary tab, hover over the Name field and click the copy icon to copy the service name.
