Import Standard Kubernetes Cluster

Supports integrating standard native Kubernetes clusters deployed with kubeadm into the platform for unified management.

Terminology

Term	Description
Managed Kubernetes Cluster	A type of Kubernetes cluster provided by cloud vendors, where the Master nodes and their components are managed by the vendor. Users cannot log in or manage the Master nodes.
Unmanaged Kubernetes Cluster	In contrast, some cloud vendors provide clusters where users manage the Master nodes, such as Alibaba Cloud ACK Dedicated Edition or Tencent Cloud TKE Independent Cluster.

Prerequisites

Kubernetes and related components in the cluster must meet the version and parameter requirements.
If the runtime is Containerd, update the Containerd configuration before integration to ensure distributed storage can be deployed successfully.

Notes

By default, the platform monitors NIC traffic matching eth.*|en.*|wl.*|ww.*. If your NIC uses a different naming convention, update the configuration after integration following [Custom NIC Monitoring].

Obtain Registry Address

To use the registry deployed by the platform during global cluster installation, run the following on a global control node:

if [ "$(kubectl get productbase -o jsonpath='{.items[].spec.registry.preferPlatformURL}')" = 'false' ]; then
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.registryAddress}')
else
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.platformURL}' | awk -F // '{print $NF}')
fi
echo "Registry address: $REGISTRY"

To use an external registry, set REGISTRY manually:

REGISTRY=<external-registry-address>  # e.g., registry.example.cn:60080 or 192.168.134.43
echo "Registry address: $REGISTRY"

Check if Extra Registry Config is Needed

Run the following to check if the registry supports HTTPS with a trusted CA certificate:

REGISTRY=<registry-address-from-previous-step>

if curl -s -o /dev/null --retry 3 --retry-delay 5 -- "https://${REGISTRY}/v2/"; then
    echo 'Pass: Registry uses a trusted CA certificate. No extra config needed.'
else
    echo 'Fail: Registry does not support HTTPS or uses an untrusted certificate. Follow "Trust Insecure Registry".'
fi

If check fails, see How to trust an insecure registry?

Get Cluster Info

Refer to How to fetch cluster information?.

Integrate Cluster

In the left navigation, go to Cluster Management > Clusters.
Click Import Cluster.

Configure parameters as below:

Parameter	Description
Registry	Registry storing required platform component images. Options: Platform Default (configured during global setup), Private Registry (requires address, port, username, password), Public Registry (requires cloud credential update).
Cluster Info	Can be entered manually or parsed from a KubeConfig file. Required fields: Cluster Address, CA Certificate (Base64 decoded if entered manually), and Authentication (token or client certificate with cluster-admin rights).

Click Check Connectivity. The platform verifies network access and auto-detects cluster type.
If successful, click Import to complete.

Progress can be viewed via the execution progress dialog (status.conditions). Once integrated, the cluster appears as healthy in the list.

Network Configuration

Ensure connectivity between the global cluster and the imported cluster.

FAQ

Why is the "Add Node" button disabled?

For both managed and unmanaged clusters, adding nodes through the platform UI is not supported. Add nodes directly or via the vendor.

Which certificates are supported?

Kubernetes Certificates: Only API Server certificates can be viewed; other certificates are unsupported and will not auto-rotate.
Platform Component Certificates: Viewable and auto-rotatable.

Which features are unsupported?

Managed clusters: Audit logs are not available.
Managed clusters: ETCD, Scheduler, Controller Manager monitoring not supported (only API Server metrics available).
All clusters: Certificates other than API Server are not supported.

How to fix Containerd runtime causing distributed storage deployment failures?

When using Containerd, distributed storage deployment fails unless you adjust Containerd settings on all nodes:

Edit /etc/systemd/system/containerd.service, set LimitNOFILE=1048576.
Run systemctl daemon-reload.
Restart Containerd: systemctl restart containerd.
On control nodes, restart distributed storage pods:
```
kubectl delete pod --all -n rook-ceph
```

View full docs as PDF

Supports integrating standard native Kubernetes clusters deployed with kubeadm into the platform for unified management.

Terminology

Term	Description
Managed Kubernetes Cluster	A type of Kubernetes cluster provided by cloud vendors, where the Master nodes and their components are managed by the vendor. Users cannot log in or manage the Master nodes.
Unmanaged Kubernetes Cluster	In contrast, some cloud vendors provide clusters where users manage the Master nodes, such as Alibaba Cloud ACK Dedicated Edition or Tencent Cloud TKE Independent Cluster.

Prerequisites

Kubernetes and related components in the cluster must meet the version and parameter requirements.
If the runtime is Containerd, update the Containerd configuration before integration to ensure distributed storage can be deployed successfully.

Notes

Obtain Registry Address

To use the registry deployed by the platform during global cluster installation, run the following on a global control node:

if [ "$(kubectl get productbase -o jsonpath='{.items[].spec.registry.preferPlatformURL}')" = 'false' ]; then
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.registryAddress}')
else
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.platformURL}' | awk -F // '{print $NF}')
fi
echo "Registry address: $REGISTRY"

To use an external registry, set REGISTRY manually:

REGISTRY=<external-registry-address>  # e.g., registry.example.cn:60080 or 192.168.134.43
echo "Registry address: $REGISTRY"

Check if Extra Registry Config is Needed

Run the following to check if the registry supports HTTPS with a trusted CA certificate:

REGISTRY=<registry-address-from-previous-step>

if curl -s -o /dev/null --retry 3 --retry-delay 5 -- "https://${REGISTRY}/v2/"; then
    echo 'Pass: Registry uses a trusted CA certificate. No extra config needed.'
else
    echo 'Fail: Registry does not support HTTPS or uses an untrusted certificate. Follow "Trust Insecure Registry".'
fi

If check fails, see How to trust an insecure registry?

Get Cluster Info

Refer to How to fetch cluster information?.

Integrate Cluster

In the left navigation, go to Cluster Management > Clusters.
Click Import Cluster.

Configure parameters as below:

Parameter	Description
Registry	Registry storing required platform component images. Options: Platform Default (configured during global setup), Private Registry (requires address, port, username, password), Public Registry (requires cloud credential update).
Cluster Info	Can be entered manually or parsed from a KubeConfig file. Required fields: Cluster Address, CA Certificate (Base64 decoded if entered manually), and Authentication (token or client certificate with cluster-admin rights).

Click Check Connectivity. The platform verifies network access and auto-detects cluster type.
If successful, click Import to complete.

Progress can be viewed via the execution progress dialog (status.conditions). Once integrated, the cluster appears as healthy in the list.

Network Configuration

Ensure connectivity between the global cluster and the imported cluster.

FAQ

Why is the "Add Node" button disabled?

For both managed and unmanaged clusters, adding nodes through the platform UI is not supported. Add nodes directly or via the vendor.

Which certificates are supported?

Kubernetes Certificates: Only API Server certificates can be viewed; other certificates are unsupported and will not auto-rotate.
Platform Component Certificates: Viewable and auto-rotatable.

Which features are unsupported?

Managed clusters: Audit logs are not available.
Managed clusters: ETCD, Scheduler, Controller Manager monitoring not supported (only API Server metrics available).
All clusters: Certificates other than API Server are not supported.

How to fix Containerd runtime causing distributed storage deployment failures?

When using Containerd, distributed storage deployment fails unless you adjust Containerd settings on all nodes:

Edit /etc/systemd/system/containerd.service, set LimitNOFILE=1048576.
Run systemctl daemon-reload.
Restart Containerd: systemctl restart containerd.
On control nodes, restart distributed storage pods:
```
kubectl delete pod --all -n rook-ceph
```

Node Management

Managed Clusters

Import Clusters

Public Cloud Cluster Initialization

Network Initialization

Storage Initialization

How to

How to

Backup Management

Recovery Management

Architecture

Concepts

Guides

How To

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

Compliance

Install

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Concepts

Guides

Namespaces

Pre-Application-Creation Preparation

Creating Applications

Post-Application-Creation Configuration

Operation and Maintenance

Application Observability

Workloads

Pod

Container

How To

Install

How To

Install

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application