Alauda Container Platform

Import GKE Cluster

The platform supports importing Google GKE clusters.

TOC

Prerequisites

  • The Kubernetes version and components on the cluster meet the version requirements for importing public cloud clusters.

  • Ensure the cluster type is a standard cluster and the account has permissions to maintain the control plane. Autopilot clusters are not currently supported.

  • The image repository must support HTTPS access and provide a valid TLS certificate authenticated by a public certification authority.

Preparing the Operating Environment

To comply with GKE security standards, the following steps must be performed using Cloud Shell.

  1. Ensure network connectivity with Google.

  2. Access the Clusters page in the Kubernetes Engine feature; find the cluster to be imported, click on cluster details, and select the Connect button.

  3. In the popup dialog, copy the command for configuring kubectl command-line access permissions and click the Run in Cloud Shell button.

  4. Wait for Cloud Shell to be ready, clear the command line, paste the content copied in the previous step, and execute it.

  5. The environment is now ready. All subsequent commands executed in the importing cluster environment for steps such as Obtaining Cluster Information and Importing Cluster should be executed in Cloud Shell.

Obtaining Cluster Information

Obtaining the API Server Address and CA Certificate of the Target Cluster

  1. Access the Clusters page in the Kubernetes Engine feature and click to enter the details page of the target cluster.

  2. The API Server address can be found in the External endpoints section.

  3. To obtain the CA certificate, use one of the following methods in Cloud Shell:

    Method A: Get the CA certificate from your kubeconfig:

    gcloud container clusters get-credentials <cluster-name> --zone <zone>
kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d

    Method B: Get the CA certificate directly from the cluster:

    gcloud container clusters describe <cluster-name> --zone <zone> --format='get(masterAuth.clusterCaCertificate)' | base64 -d

    Note: The certificate must be Base64-decoded before pasting into the import form.

Obtaining the Target Cluster Token

The KubeConfig file of public cloud clusters cannot be directly used for importing clusters.

Please refer to the FAQ How to obtain cluster information? to obtain the target cluster token.

Importing the Cluster

  1. In the left navigation bar, click Clusters > Clusters.

  2. Click Manage Cluster > Import Cluster.

  3. Configure the relevant parameters according to the following instructions.

    ParameterDescription
    Image RepositoryRepository for storing platform component images required by the cluster. - Platform Default: Image repository configured during global deployment. - Private Repository: Pre-built repository storing platform required components. Requires input of Private Image Repository Address, Port, Username, and Password for accessing the image repository. - Public Repository: Use public image repository services on the internet. Before use, you must first refer to Update Public Repository Cloud Credentials to obtain repository authentication permissions.
    Cluster InformationCluster Information: Includes the target cluster token and the API Server address and CA certificate of the target cluster. Cluster Address: The access address where the target cluster exposes the API Server for platform access to the cluster's API Server. CA Certificate: CA certificate of the target cluster. Note: When manually inputting, you need to enter the Base64 decoded certificate. Authentication Method: Authentication method for the target cluster, requires using the token (Token) with cluster management permissions created in the previous step for authentication.

  4. Click Check Connectivity to verify network connectivity with the target cluster and automatically identify the cluster type, which will be displayed as a badge in the top-right corner of the form.

  5. After connectivity check passes, click Import and confirm.

    TIP
    • Click the Details icon on the right side of clusters in Importing status to view the cluster execution progress (status.conditions) in the popup Execution Progress dialog.
    • After successful cluster import, you can view key cluster information in the cluster list, the cluster status shows as normal, and you can perform cluster-related operations.

Network Configuration

Ensure network connectivity between the global cluster and the imported cluster. See Network Configuration for Imported Clusters.

Post-Import Operations

Ingress and Storage Initialization

After importing the cluster, if you need to use Ingress and storage-related features, please refer to Google GKE Ingress Controller Configuration and Google GKE Storage Configuration.

Frequently Asked Questions

How to add nodes when the "Add Node" button is grayed out after importing the cluster?

Adding nodes through the platform interface is not supported. Please contact the cluster provider to add nodes.

What certificates are supported by the certificate management functionality for imported clusters?

  1. Kubernetes Certificates: All imported clusters only support viewing APIServer certificate information in the platform certificate management interface. Other Kubernetes certificates cannot be viewed and automatic rotation is not supported.

  2. Platform Component Certificates: All imported clusters can view platform component certificate information in the platform certificate management interface and support automatic rotation.