Import Alibaba Cloud Cluster

Describes the detailed steps to import an Alibaba Cloud cluster.
Tags:
Categories:

This section describes the detailed steps for importing Alibaba Cloud clusters.

Preconditions

  1. Obtain the Alibaba Cloud Access Key and Access Key Secret and have the following permissions. For the specific application process, please refer to Create Access Key.

    Services Permissions Description
    Cloud Server (ECS) ecs:DescribeDisks
    ecs:DescribeInstances
    ecs:DescribeRegions    		 This permission is required to obtain disk, instance and region information
    Container Service Kubernetes version (CS) cs:DescribeClusterNodePools
    cs:DescribeClusterNodePoolDetail
    cs:DescribeClusters
    cs:DescribeClusterUserKubeconfig
    cs:DescribeClusterNodes    		 This permission is required to obtain the cluster, node group, Node, Kubeconfig and other information

    The permission policy file is described as follows. You can import the policy directly in the Alibaba Cloud console. For details, please refer to Creating a custom permission policy through script editing mode

    {
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:DescribeDisks",
        "ecs:DescribeInstances"
        "ecs:DescribeRegions"
      ],
      "Resource": [
        "*"
      ],
      "Condition": {}
    },
    {
      "Effect": "Allow",
      "Action": [
        "cs:DescribeClusterNodePools",
        "cs:DescribeClusterNodePoolDetail",
        "cs:DescribeClusters",
        "cs:DescribeClusterUserKubeconfig",
        "cs:DescribeClusterNodes"
      ],
      "Resource": [
        "*"
      ],
      "Condition": {}
    }
  ]
}

  2. Alibaba Cloud Kubernetes cluster Kubeconfig. For cluster versions 1.22 and above, it is recommended to use ACK cluster. For details, please see Container Service Kubernetes.

  3. Kubeconfig requires the following permissions.

    Resources Permissions Description
    Node List
    Get
    Watch    		 Get node information
    Pod List
    Get
    Watch    		 Get Pod information
    Namespace List
    Get
    Watch    		 Get Namespace information
    Service List
    Get
    Watch    		 Get Service information
    Persistent Volume
    Persistent Volume Claim    		 List
    Get
    Watch    		 Get Persistent Volume, Persistent Volume Claim information
    Deployment
    StatefulSet
    DaemonSet

    ReplicaSet
    ReplicationControllers
    		 List
    Get
    Watch    		 Get Deployment, StatefulSet, DaemonSet, ReplicaSet , ReplicationContoller information
    Job
    CronJob    		 List
    Get
    Watch    		 Get Job and CronJob information

    The permissions file is as follows:

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: optimizer
rules:
  - apiGroups:
      - ""
    resources:
      -nodes
      -pods
      -pods/status
      - persistentvolumes
      - persistentvolumeclaims
      - services
      - namespaces
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "apps/v1"
    resources:
      -deployments
      -replicasets
      -replicationcontollers
      - statefulsets
      -daemonsets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "batch/v1"
    resources:
      - jobs
      - cronjobs
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "storage/v1"
    resources:
      -storageclasses
    verbs:
      - get
      - list
      - watch

  4. Prometheus monitoring or Thanos monitoring. This monitoring is used to provide monitoring data for nodes, containers, etc. in the cluster.

Import steps

Add Alibaba Cloud account

  1. Select the Settings menu and select the Cloud Account tab to enter the cloud account management page. By default, this page will display all cloud accounts managed by the platform in pages, including names and corresponding cloud service providers. It also provides an operation bar to facilitate users to perform corresponding operations, as shown in the figure below.

    Cloud account management main page
    Wiseinf Inc.

  2. On the cloud account management page, click the Add button to add a cloud account. The interface is as shown below. In this interface, the user enters the cloud account name, selects the corresponding cloud service provider, enters the Access Key and Access Key Secret, and clicks the OK button to complete adding the cloud account. After adding parameters, users can also click the Test Connectivity button to test whether the cloud account is correct. The platform currently supports Alibaba Cloud, which can be selected from the cloud service provider drop-down box. Access Key and Access Key Secret is the account information for accessing the cloud service. Please obtain it from the corresponding cloud service provider.

    Add cloud account interface
    Wiseinf Inc.

Add Alibaba Cloud cluster

  1. Select the Settings menu and select the cluster tab to enter the cluster management page. By default, this page will display all clusters managed by the platform in pages, including name, cluster ID, cluster region, Access Token name, corresponding cloud service provider and Prometheus address. It also provides an operation bar to facilitate users to perform corresponding operations. As shown below.

    Cluster management main page
    Wiseinf Inc.

  2. Click the Import Cluster button to pop up the import dialog box, where you can import the cluster. There are 5 steps to import a cluster. Currently, only Alibaba Cloud clusters are supported.

    1. Set Alibaba Cloud access credentials
    2. Connect to the Kubernetes cluster
    3. Connect to Prometheus
    4. View configuration
    5. Complete

  3. The interface for setting Alibaba Cloud access credentials is as shown in the figure below. In the Alibaba Cloud access credentials interface, set the Alibaba Cloud access credentials by using existing credentials. Here, select the Alibaba Cloud account added in Add Alibaba Cloud Account, as shown in the figure below.

    Import cluster interface-set Alibaba Cloud access credentials
    Wiseinf Inc.

  4. After setting the Alibaba Cloud access credentials, click the Next button to enter the page for connecting to the Kubernetes cluster, as shown in the figure below. The platform supports connecting to two types of Kubernetes clusters, including managed clusters and self-built clusters. The Connect Hosting Cluster page is shown in the figure below. Here we choose the managed cluster. The platform automatically obtains the user cluster through the cloud account. The user selects the corresponding cluster through the cluster drop-down box, enters the description field, selects whether to use the API Server private network address, selects whether to automatically refresh KubeConfig and the KubeConfig life cycle. Finally enter the node group label.

    Connect to Kubernetes cluster page
    Wiseinf Inc.

  5. The connection page to Prometheus is as shown in the figure below. After the user enters information on this page, click the Next button to enter the view configuration page. The input information details are shown in the table below.

    Connect to Prometheus page
    Wiseinf Inc.

    The parameter description for connecting to Prometheus is as shown in the table:

    Parameters Description
    Whether Thanos If the backend cluster is Thanos, this should be checked.
    Prometheus address Prometheus address, must be accessible.
    Limit access rate If you need the current platform’s access rate to Prometheus, you should check this option.
    Maximum number of concurrencies The maximum number of concurrencies for the platform to access Prometheus.
    Cluster label Cluster label is used to filter the monitoring indicators of the cluster from Prometheus or Thanos
    Cluster tag value Cluster tag value is used to filter the monitoring indicators of the cluster from Prometheus or Thanos

  6. View the configuration page as shown in the figure below. This page displays Alibaba Cloud access credentials, detailed parameters for connecting to the Kubernetes cluster and connecting to the Prometheus cluster, which is convenient for users to confirm. When the user completes the confirmation, click the Import button to enter the completion page.

    View configuration page
    Wiseinf Inc.

  7. The completed page is as shown below, and the submission status will be displayed on the page. Click Finish to complete the cluster import.

    Complete page
    Wiseinf Inc.

Next steps

After importing the cluster, wait for a period of time (waiting for the optimization strategy to complete scheduling and execution), and then you can view optimization suggestions for the cluster in multiple dimensions, including: