Registered clusters are Kubernetes clusters deployed in data centers or on third-party cloud platforms. These clusters are connected to the Container Service for Kubernetes (ACK) console for central management. This topic describes how to use onectl to create a registered cluster and connect a Kubernetes cluster deployed in a data center to the registered cluster.
Prerequisites
Resource Access Management (RAM) is activated in the RAM console. Auto Scaling is activated in the Auto Scaling console.
onectl is installed and configured on your on-premises machine. For more information, see Use onectl to manage registered clusters.
Network connections are configured. You can connect a registered cluster to an external cluster through an Internet connection or a private connection. For more information, see What are the requirements for connecting an external cluster to the cluster registration proxy?
Procedure
You can use onectl to create a registered cluster by using one of the following methods:
ImportantWhen you create a registered cluster, you must specify the virtual private cloud (VPC), vSwitch, and region of the cluster. If the registered cluster is exposed to the Internet, to enhance security, you need to set the access control whitelist for the Server Load Balancer (SLB) instance of the registered cluster by using
--acl
. Make sure that the whitelist contains the following IP addresses: the CIDR block of outbound traffic in the external cluster and the source CIDR block of requests sent to the registered cluster.Non-interactive mode: Run the following command to create a registered cluster.
onectl cluster create --region **** --vpc **** --vswitch ****
Interactive mode: Run the following command to create a registered cluster.
onectl cluster create -i
You can run the following command to view the help information of the parameters:
onectl cluster create -h
After the registered cluster is created, ACK will initialize the registered cluster. In this scenario, the status of the registered cluster is
initial
. Expected output:Registered cluster test-registered-cluster created successfully, information of the cluster: name = test-registered-cluster state = initial cluster id = c3c277f2fc10f45c1b86473********** region id = cn-zhangjiakou node numbers = 0 vpc id = vpc-8vb95w2o172********** vswitch id = vsw-8vbv8bxhput**********
After the initialization is complete, the status of the registered cluster changes to
waiting
. Run the following command to query the status of the cluster:onectl cluster describe --cluster-id ****
Expected output:
name = test-registered-cluster state = waiting ...
When the status of the cluster is
waiting
, run the following command to connect the external cluster to the registered cluster:onectl cluster connect --cluster-id **** --kubeconfig ~/.kube/config --restricted true
Parameter
Required
Description
cluster-id
Yes
The ID of the registered cluster created in Step 1.
kubeconfig
No
The path of the kubeconfig file of the external cluster. If no path is specified, the kubeconfig file specified in the KUBECONFIG environment variable is used.
restricted
No
Specifies whether to connect to the registered cluster in restricted mode. For more information, see RBAC permissions required by the ack-cluster-agent component in a registered cluster.
You can run the following command to view the help information of the parameters:
onectl cluster connect -h
Run the following command to check whether the external cluster is connected to the registered cluster:
onectl cluster describe --cluster-id ****
Expected output:
name = test-registered-cluster state = running ...
If the registered cluster is in the running state, the external cluster is connected to the registered cluster.