Alauda Container Platform

Import Huawei Cloud CCE Cluster (Public Cloud)

Import an existing CCE (Cloud Container Engine) cluster (public cloud) into the platform for unified management.

TOC

Prerequisites

  • The Kubernetes version and parameters on the cluster meet the Standard Kubernetes Cluster Component Version and Parameter Requirements.

  • Ensure the cluster type is Huawei Cloud CCE cluster and the account has permissions to maintain the control plane. Turbo clusters are not currently supported.

  • Huawei Cloud CCE clusters do not have the ability to access external network resources by default after creation. Before importing the cluster, ensure that the cluster to be imported can access the platform access address.

Obtain Image Registry Address

  • To use the platform-deployed image registry from the global cluster deployment, execute the following command on the control node of the global cluster to obtain the address:

    if [ "$(kubectl get productbase -o jsonpath='{.items[].spec.registry.preferPlatformURL}')" = 'false' ]; then
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.registryAddress}')
else
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.platformURL}' | awk -F \// '{print $NF}')
fi
echo "Image registry address is: $REGISTRY"

  • To use an external image registry, manually set the REGISTRY variable.

    REGISTRY=<external image registry address>  # Valid examples: registry.example.cn:60080 or 192.168.134.43
echo "Image registry address is: $REGISTRY"

Determine if Image Registry Requires Additional Configuration

  1. Execute the following command to determine whether the specified image registry supports HTTPS access and uses certificates issued by trusted CA authorities:

    REGISTRY=<image registry address obtained from the "Obtain Image Registry Address" section>

if curl -s -o /dev/null --retry 3 --retry-delay 5 -- "https://${REGISTRY}/v2/"; then
    echo 'Test passed: The image registry uses certificates issued by trusted CA authorities. You do not need to execute the content in the "Trust Insecure Image Registry" section.'
else
    echo 'Test failed: The image registry does not support HTTPS or the certificate is not trusted. Please refer to the "Trust Insecure Image Registry" section for configuration.'
fi

  2. If the test fails, please refer to the FAQ How to trust an insecure image registry?.

Obtain Cluster Information

  1. Ensure network connectivity with the Huawei Cloud console.

  2. Access the Cluster Management page of the Cloud Container Engine CCE feature; find the cluster to be imported and click the cluster name to enter the details page.

  3. As shown in the figure below, follow the navigation to find the download KubeConfig file button: Cluster Information - Connection Information - kubectl - Configuration, and download the KubeConfig file.

Obtain Import Cluster Token

The KubeConfig file of public cloud clusters cannot be directly used for cluster import.

Please refer to the FAQ How to obtain cluster information? to obtain the import cluster token.

Import Cluster

  1. In the left navigation bar, click Cluster Management > Clusters.

  2. Click Import Cluster.

  3. Configure the Image Registry related parameters according to the following instructions.

    ParameterDescription
    Image RegistryRepository for storing platform component images required by the cluster.
    - Platform Default: Image registry configured during global cluster deployment.
    - Private Registry: Pre-built registry storing platform required components. You need to enter the private image registry address, port, username, and password for accessing the image registry.
    - Public Registry: Use image registry services located on the public network. Before use, you need to first refer to Update Public Image Registry Cloud Credentials to obtain registry authentication permissions.
    Cluster InformationTip: Please upload the KubeConfig file for automatic parsing and filling by the platform.

    Cluster Address: The access address of the API Server exposed by the imported cluster, used for the platform to access the API Server of the imported cluster.

    CA Certificate: The CA certificate of the imported cluster.

    Authentication Method: The authentication method of the imported cluster, which requires using a token with cluster management permissions created in the previous step for authentication.

  4. Click the Parse KubeConfig File button and submit the KubeConfig file downloaded in the previous step. The platform will automatically parse and fill in the Cluster Information related parameters.

  5. Click Check Connectivity to check network connectivity with the imported cluster and automatically identify the type of the imported cluster. The cluster type will be displayed as a badge in the upper right corner of the form.

  6. After connectivity check passes, click Import and confirm.

    Tips:

    • Click the icon on the right side of a cluster in Importing status to view the cluster's execution progress (status.conditions) in the popup Execution Progress dialog.
    • After successful cluster import, you can view the cluster's key information in the cluster list. The cluster status displays as normal and you can perform cluster-related operations.

Network Configuration

To ensure network connectivity between the global cluster and the imported cluster, you must refer to Imported Cluster Network Configuration.

Follow-up Operations

Ingress (Inbound Rules) and Storage Initialization

After importing the cluster, if you need to use Ingress (inbound rules) and storage-related features, please refer to Huawei Cloud CCE Cluster Ingress Initialization Configuration and Huawei Cloud CCE Cluster Storage Initialization Configuration.

FAQ

After importing the cluster, the add node button is grayed out. How to add nodes?

Adding nodes through the platform interface is not supported. Please contact the cluster provider to add nodes.

What certificates does the certificate management feature support for imported clusters?

  1. Kubernetes Certificates: All imported clusters only support viewing APIServer certificate information in the platform certificate management interface. Viewing other Kubernetes certificates and automatic rotation are not supported.

  2. Platform Component Certificates: All imported clusters can view platform component certificate information in the platform certificate management interface and support automatic rotation.

What other features are not supported for imported Huawei Cloud CCE clusters?

  • Audit data retrieval is not supported.

  • ETCD, Scheduler, and Controller Manager related monitoring information are not supported. APIServer partial monitoring charts are supported.

  • Cluster certificate related information other than Kubernetes APIServer certificates cannot be retrieved.

View full docs as PDF