Import Alibaba Cloud ACK Cluster

Import existing Alibaba Cloud ACK managed clusters (Managed Kubernetes) or Alibaba Cloud ACK dedicated clusters (Dedicated Kubernetes) for unified platform management.

TIP

For product information about ACK managed clusters (Managed Kubernetes) or Alibaba Cloud ACK dedicated clusters (Dedicated Kubernetes), refer to the official documentation.

Prerequisites

The Kubernetes version and parameters on the cluster meet the component version and parameter requirements for importing standard Kubernetes clusters.

Get Image Registry Address

To use the platform-deployed image registry from the global cluster deployment, execute the following command on the control node of the global cluster to get the address:

if [ "$(kubectl get productbase -o jsonpath='{.items[].spec.registry.preferPlatformURL}')" = 'false' ]; then
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.registryAddress}')
else
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.platformURL}' | awk -F \// '{print $NF}')
fi
echo "Image registry address is: $REGISTRY"

To use an external image registry, manually set the REGISTRY variable.

REGISTRY=<external image registry address>  # Valid examples: registry.example.cn:60080 or 192.168.134.43
echo "Image registry address is: $REGISTRY"

Determine if Image Registry Requires Additional Configuration

Execute the following command to determine if the specified image registry supports HTTPS access and uses certificates issued by trusted CA authorities:

REGISTRY=<image registry address obtained from the "Get Image Registry Address" section>

if curl -s -o /dev/null --retry 3 --retry-delay 5 -- "https://${REGISTRY}/v2/"; then
    echo 'Test passed: The image registry uses certificates issued by trusted CA authorities. You do not need to execute the content in the "Trust Insecure Image Registry" section.'
else
    echo 'Test failed: The image registry does not support HTTPS or the certificate is not trusted. Please refer to the "Trust Insecure Image Registry" section for configuration.'
fi

If the test fails, refer to the FAQ How to trust insecure image registries?.

Get KubeConfig

Log in to the Alibaba Cloud Container Service management platform.
In the left navigation bar of the console, click Clusters.
On the Cluster List page, click the target cluster name or Details under the Actions column on the right side of the target cluster.
On the Cluster Information page, click the Connection Information tab, then click Generate Temporary KubeConfig.
In the Temporary KubeConfig dialog, set the validity period of the temporary credentials and the method to access the cluster (including public network access and internal network access).
Click Generate Temporary KubeConfig, then click Copy to copy the content and save it to the KubeConfig file on your local computer.
After the cluster is successfully imported, you can revoke the temporary credentials.

Import Cluster

In the left navigation bar, click Cluster Management > Clusters.
Click Import Cluster.

Configure the relevant parameters according to the following instructions.

Parameter	Description
Image Registry	Repository for storing platform component images required by the cluster. - Platform Default: Image registry configured during global cluster deployment. - Private Registry: Pre-built registry that stores platform-required component images. You need to enter the private image registry address, port, username, and password for accessing the image registry. - Public Registry: Use public image registry services on the internet. Before use, you need to refer to Update Public Repository Cloud Credentials to obtain repository authentication permissions.
Cluster Information	Tip: Can be filled manually or uploaded via KubeConfig file for automatic parsing and filling by the platform. Parse KubeConfig File: After uploading the obtained KubeConfig file, the platform will automatically parse and fill the Cluster Information. You can modify the automatically filled information. Cluster Address: The access address of the cluster's externally exposed API Server, used by the platform to access the cluster's API Server. CA Certificate: The cluster's CA certificate. Note: When entering manually, you need to enter the Base64-decoded certificate. Authentication Method: Authentication method for accessing the cluster. You need to use a token or certificate authentication (client certificate and key) with cluster management permissions for authentication.

Parameter

Description

Image Registry

Repository for storing platform component images required by the cluster. - Platform Default: Image registry configured during global cluster deployment. - Private Registry: Pre-built registry that stores platform-required component images. You need to enter the private image registry address, port, username, and password for accessing the image registry. - Public Registry: Use public image registry services on the internet. Before use, you need to refer to Update Public Repository Cloud Credentials to obtain repository authentication permissions.

Cluster Information

Tip: Can be filled manually or uploaded via KubeConfig file for automatic parsing and filling by the platform. Parse KubeConfig File: After uploading the obtained KubeConfig file, the platform will automatically parse and fill the Cluster Information. You can modify the automatically filled information. Cluster Address: The access address of the cluster's externally exposed API Server, used by the platform to access the cluster's API Server. CA Certificate: The cluster's CA certificate. Note: When entering manually, you need to enter the Base64-decoded certificate. Authentication Method: Authentication method for accessing the cluster. You need to use a token or certificate authentication (client certificate and key) with cluster management permissions for authentication.

Click Check Connectivity to check network connectivity with the cluster to be imported and automatically identify the type of cluster to be imported. The cluster type will be displayed as a badge in the upper right corner of the form.
After connectivity check passes, click Import and confirm.
TIP
- Click the Details icon on the right side of a cluster in Importing status to view the cluster's execution progress (status.conditions) in the popup Execution Progress dialog.
- After the cluster is successfully imported, you can view the cluster's key information in the cluster list. The cluster status shows as normal and you can perform cluster-related operations.

Network Configuration

Ensure network connectivity between the global cluster and the cluster to be imported. See Network Configuration for Imported Clusters.

FAQ

How to handle port conflicts between Alibaba Cloud monitoring and platform monitoring components?

When Alibaba Cloud's built-in monitoring and platform monitoring components coexist, port conflicts will occur. It is recommended to uninstall Alibaba Cloud monitoring and keep only platform monitoring.

How to use public network access for Alibaba Cloud clusters?

If using public network access for Alibaba Cloud clusters, you can bind a public IP on Alibaba Cloud.

After importing a cluster, the add node button is grayed out. How to add nodes?

Both Alibaba Cloud ACK managed clusters and ACK dedicated clusters do not support adding nodes through the platform interface. Please add them in the backend or contact the cluster provider to add them.

Which certificates are supported by the certificate management function for imported clusters?

Kubernetes Certificates: All imported clusters only support viewing APIServer certificate information in the platform certificate management interface. They do not support viewing other Kubernetes certificates and do not support automatic rotation.
Platform Component Certificates: All imported clusters can view platform component certificate information in the platform certificate management interface and support automatic rotation.

What other features are not supported for imported Alibaba Cloud ACK managed clusters and ACK dedicated clusters?

Alibaba Cloud ACK managed clusters do not support obtaining audit data.
Alibaba Cloud ACK managed clusters do not support ETCD, Scheduler, Controller Manager related monitoring information, but support some APIServer monitoring charts.
Both Alibaba Cloud ACK managed clusters and ACK dedicated clusters do not support obtaining cluster certificate-related information except for Kubernetes APIServer certificates.

View full docs as PDF

Import Alibaba Cloud ACK Cluster

Import existing Alibaba Cloud ACK managed clusters (Managed Kubernetes) or Alibaba Cloud ACK dedicated clusters (Dedicated Kubernetes) for unified platform management.

TIP

For product information about ACK managed clusters (Managed Kubernetes) or Alibaba Cloud ACK dedicated clusters (Dedicated Kubernetes), refer to the official documentation.

Prerequisites

The Kubernetes version and parameters on the cluster meet the component version and parameter requirements for importing standard Kubernetes clusters.

Get Image Registry Address

To use the platform-deployed image registry from the global cluster deployment, execute the following command on the control node of the global cluster to get the address:

if [ "$(kubectl get productbase -o jsonpath='{.items[].spec.registry.preferPlatformURL}')" = 'false' ]; then
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.registryAddress}')
else
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.platformURL}' | awk -F \// '{print $NF}')
fi
echo "Image registry address is: $REGISTRY"

To use an external image registry, manually set the REGISTRY variable.

REGISTRY=<external image registry address>  # Valid examples: registry.example.cn:60080 or 192.168.134.43
echo "Image registry address is: $REGISTRY"

Determine if Image Registry Requires Additional Configuration

Execute the following command to determine if the specified image registry supports HTTPS access and uses certificates issued by trusted CA authorities:

REGISTRY=<image registry address obtained from the "Get Image Registry Address" section>

if curl -s -o /dev/null --retry 3 --retry-delay 5 -- "https://${REGISTRY}/v2/"; then
    echo 'Test passed: The image registry uses certificates issued by trusted CA authorities. You do not need to execute the content in the "Trust Insecure Image Registry" section.'
else
    echo 'Test failed: The image registry does not support HTTPS or the certificate is not trusted. Please refer to the "Trust Insecure Image Registry" section for configuration.'
fi

If the test fails, refer to the FAQ How to trust insecure image registries?.

Get KubeConfig

Log in to the Alibaba Cloud Container Service management platform.
In the left navigation bar of the console, click Clusters.
On the Cluster List page, click the target cluster name or Details under the Actions column on the right side of the target cluster.
On the Cluster Information page, click the Connection Information tab, then click Generate Temporary KubeConfig.
In the Temporary KubeConfig dialog, set the validity period of the temporary credentials and the method to access the cluster (including public network access and internal network access).
Click Generate Temporary KubeConfig, then click Copy to copy the content and save it to the KubeConfig file on your local computer.
After the cluster is successfully imported, you can revoke the temporary credentials.

Import Cluster

In the left navigation bar, click Cluster Management > Clusters.
Click Import Cluster.

Configure the relevant parameters according to the following instructions.

Parameter	Description
Image Registry	Repository for storing platform component images required by the cluster. - Platform Default: Image registry configured during global cluster deployment. - Private Registry: Pre-built registry that stores platform-required component images. You need to enter the private image registry address, port, username, and password for accessing the image registry. - Public Registry: Use public image registry services on the internet. Before use, you need to refer to Update Public Repository Cloud Credentials to obtain repository authentication permissions.
Cluster Information	Tip: Can be filled manually or uploaded via KubeConfig file for automatic parsing and filling by the platform. Parse KubeConfig File: After uploading the obtained KubeConfig file, the platform will automatically parse and fill the Cluster Information. You can modify the automatically filled information. Cluster Address: The access address of the cluster's externally exposed API Server, used by the platform to access the cluster's API Server. CA Certificate: The cluster's CA certificate. Note: When entering manually, you need to enter the Base64-decoded certificate. Authentication Method: Authentication method for accessing the cluster. You need to use a token or certificate authentication (client certificate and key) with cluster management permissions for authentication.

Parameter

Description

Image Registry

Cluster Information

Click Check Connectivity to check network connectivity with the cluster to be imported and automatically identify the type of cluster to be imported. The cluster type will be displayed as a badge in the upper right corner of the form.
After connectivity check passes, click Import and confirm.
TIP
- Click the Details icon on the right side of a cluster in Importing status to view the cluster's execution progress (status.conditions) in the popup Execution Progress dialog.
- After the cluster is successfully imported, you can view the cluster's key information in the cluster list. The cluster status shows as normal and you can perform cluster-related operations.

Network Configuration

Ensure network connectivity between the global cluster and the cluster to be imported. See Network Configuration for Imported Clusters.

FAQ

How to handle port conflicts between Alibaba Cloud monitoring and platform monitoring components?

How to use public network access for Alibaba Cloud clusters?

If using public network access for Alibaba Cloud clusters, you can bind a public IP on Alibaba Cloud.

After importing a cluster, the add node button is grayed out. How to add nodes?

Which certificates are supported by the certificate management function for imported clusters?

Kubernetes Certificates: All imported clusters only support viewing APIServer certificate information in the platform certificate management interface. They do not support viewing other Kubernetes certificates and do not support automatic rotation.
Platform Component Certificates: All imported clusters can view platform component certificate information in the platform certificate management interface and support automatic rotation.

What other features are not supported for imported Alibaba Cloud ACK managed clusters and ACK dedicated clusters?

Alibaba Cloud ACK managed clusters do not support obtaining audit data.
Alibaba Cloud ACK managed clusters do not support ETCD, Scheduler, Controller Manager related monitoring information, but support some APIServer monitoring charts.
Both Alibaba Cloud ACK managed clusters and ACK dedicated clusters do not support obtaining cluster certificate-related information except for Kubernetes APIServer certificates.

Node Management

Managed Clusters

Import Clusters

Public Cloud Cluster Initialization

Network Initialization

Storage Initialization

How to

How to

Backup Management

Recovery Management

Architecture

Concepts

Guides

How To

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

Compliance

Install

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Concepts

Guides

Namespaces

Pre-Application-Creation Preparation

Creating Applications

Post-Application-Creation Configuration

Operation and Maintenance

Application Observability

Workloads

Pod

Container

How To

Install

How To

Install

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application