Alauda Container Platform

Import Standard Kubernetes Cluster

Supports integrating standard native Kubernetes clusters deployed with kubeadm into the platform for unified management.

TOC

Terminology

TermDescription
Managed Kubernetes ClusterA type of Kubernetes cluster provided by cloud vendors, where the Master nodes and their components are managed by the vendor. Users cannot log in or manage the Master nodes.
Unmanaged Kubernetes ClusterIn contrast, some cloud vendors provide clusters where users manage the Master nodes, such as Alibaba Cloud ACK Dedicated Edition or Tencent Cloud TKE Independent Cluster.

Prerequisites

Notes

By default, the platform monitors NIC traffic matching eth.*|en.*|wl.*|ww.*. If your NIC uses a different naming convention, update the configuration after integration following [Custom NIC Monitoring].

Obtain Registry Address

  • To use the registry deployed by the platform during global cluster installation, run the following on a global control node:

    if [ "$(kubectl get productbase -o jsonpath='{.items[].spec.registry.preferPlatformURL}')" = 'false' ]; then
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.registryAddress}')
else
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.platformURL}' | awk -F // '{print $NF}')
fi
echo "Registry address: $REGISTRY"

  • To use an external registry, set REGISTRY manually:

    REGISTRY=<external-registry-address>  # e.g., registry.example.cn:60080 or 192.168.134.43
echo "Registry address: $REGISTRY"

Check if Extra Registry Config is Needed

  1. Run the following to check if the registry supports HTTPS with a trusted CA certificate:

    REGISTRY=<registry-address-from-previous-step>

if curl -s -o /dev/null --retry 3 --retry-delay 5 -- "https://${REGISTRY}/v2/"; then
    echo 'Pass: Registry uses a trusted CA certificate. No extra config needed.'
else
    echo 'Fail: Registry does not support HTTPS or uses an untrusted certificate. Follow "Trust Insecure Registry".'
fi

  2. If check fails, see How to trust an insecure registry?

Get Cluster Info

Refer to How to fetch cluster information?.

Integrate Cluster

  1. In the left navigation, go to Cluster Management > Clusters.

  2. Click Import Cluster.

  3. Configure parameters as below:

    ParameterDescription
    RegistryRegistry storing required platform component images. Options: Platform Default (configured during global setup), Private Registry (requires address, port, username, password), Public Registry (requires cloud credential update).
    Cluster InfoCan be entered manually or parsed from a KubeConfig file. Required fields: Cluster Address, CA Certificate (Base64 decoded if entered manually), and Authentication (token or client certificate with cluster-admin rights).

  4. Click Check Connectivity. The platform verifies network access and auto-detects cluster type.

  5. If successful, click Import to complete.

    Progress can be viewed via the execution progress dialog (status.conditions). Once integrated, the cluster appears as healthy in the list.

Network Configuration

Ensure connectivity between the global cluster and the imported cluster.

FAQ

Why is the "Add Node" button disabled?

For both managed and unmanaged clusters, adding nodes through the platform UI is not supported. Add nodes directly or via the vendor.

Which certificates are supported?

  1. Kubernetes Certificates: Only API Server certificates can be viewed; other certificates are unsupported and will not auto-rotate.
  2. Platform Component Certificates: Viewable and auto-rotatable.

Which features are unsupported?

  • Managed clusters: Audit logs are not available.
  • Managed clusters: ETCD, Scheduler, Controller Manager monitoring not supported (only API Server metrics available).
  • All clusters: Certificates other than API Server are not supported.

How to fix Containerd runtime causing distributed storage deployment failures?

When using Containerd, distributed storage deployment fails unless you adjust Containerd settings on all nodes:

  1. Edit /etc/systemd/system/containerd.service, set LimitNOFILE=1048576.
  2. Run systemctl daemon-reload.
  3. Restart Containerd: systemctl restart containerd.
  4. On control nodes, restart distributed storage pods: 
    kubectl delete pod --all -n rook-ceph