Import Tencent Cloud TKE Cluster

Import existing Tencent Cloud TKE Dedicated clusters or Tencent Cloud TKE Managed clusters into the platform for unified management.

TIP

For product introduction of TKE Dedicated clusters or Tencent Cloud TKE Managed clusters, please refer to the official documentation.

Prerequisites

The Kubernetes version and parameters on the cluster meet the component version and parameter requirements for importing standard Kubernetes clusters.
The image registry must support HTTPS access and provide a valid TLS certificate issued by a public certificate authority.

Obtain Image Registry Address

To use the platform-deployed image registry configured during global cluster deployment, execute the following command on the control node of the global cluster to obtain the address:

if [ "$(kubectl get productbase -o jsonpath='{.items[].spec.registry.preferPlatformURL}')" = 'false' ]; then
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.registryAddress}')
else
    REGISTRY=$(kubectl get cm -n kube-public global-info -o jsonpath='{.data.platformURL}' | awk -F \// '{print $NF}')
fi
echo "Image registry address is: $REGISTRY"

To use an external image registry, manually set the REGISTRY variable.

REGISTRY=<external image registry address>  # Valid examples: registry.example.cn:60080 or 192.168.134.43
echo "Image registry address is: $REGISTRY"

Determine if Image Registry Requires Additional Configuration

Execute the following command to determine whether the specified image registry supports HTTPS access and uses a certificate issued by a trusted CA:

REGISTRY=<image registry address obtained from the "Obtain Image Registry Address" section>

if curl -s -o /dev/null --retry 3 --retry-delay 5 -- "https://${REGISTRY}/v2/"; then
    echo 'Verification passed: The image registry uses a certificate issued by a trusted CA. It is not necessary to execute the content in the "Trust Unsafe Image Registry" section.'
else
    echo 'Verification failed: The image registry does not support HTTPS or the certificate is not trusted. Please refer to the "Trust Unsafe Image Registry" section for configuration.'
fi

If verification fails, please refer to the FAQ How to trust an unsafe image registry?.

Obtain KubeConfig

Log in to the Tencent Cloud Container Service management platform.
In Cluster Details > Basic Information, view the Cluster APIServer information.
Select Internet Access or Intranet Access based on the actual customer network, then download Kubeconfig and save it to your local computer.

Import Cluster

In the left navigation bar, click Cluster Management > Clusters.
Click Import Cluster.

Configure the relevant parameters according to the following instructions.

Parameter	Description
Image Registry	Registry for storing platform component images required by the cluster. - Platform Default: Image registry configured during global deployment. - Private Registry: Pre-built registry that stores platform-required component images. You need to input the private image registry address, port, username, and password for accessing the image registry. - Public Registry: Use image registry services located on the public network. Before use, you need to first refer to Update Public Registry Cloud Credentials to obtain registry authentication permissions.
Cluster Information	Tip: Can be filled manually or uploaded via KubeConfig file for automatic parsing and filling by the platform. Parse KubeConfig File: After uploading the obtained KubeConfig file, the platform will automatically parse and fill in the Cluster Information, and you can modify the automatically filled information. Cluster Address: The access address of the cluster's externally exposed API Server, used by the platform to access the cluster's API Server. CA Certificate: The cluster's CA certificate. Note: When manually inputting, you need to input the Base64-decoded certificate. Authentication Method: Authentication method for accessing the cluster, requires using a token (Token) or certificate authentication (client certificate and key) with cluster management permissions.

Parameter

Description

Image Registry

Registry for storing platform component images required by the cluster. - Platform Default: Image registry configured during global deployment. - Private Registry: Pre-built registry that stores platform-required component images. You need to input the private image registry address, port, username, and password for accessing the image registry. - Public Registry: Use image registry services located on the public network. Before use, you need to first refer to Update Public Registry Cloud Credentials to obtain registry authentication permissions.

Cluster Information

Tip: Can be filled manually or uploaded via KubeConfig file for automatic parsing and filling by the platform. Parse KubeConfig File: After uploading the obtained KubeConfig file, the platform will automatically parse and fill in the Cluster Information, and you can modify the automatically filled information. Cluster Address: The access address of the cluster's externally exposed API Server, used by the platform to access the cluster's API Server. CA Certificate: The cluster's CA certificate. Note: When manually inputting, you need to input the Base64-decoded certificate. Authentication Method: Authentication method for accessing the cluster, requires using a token (Token) or certificate authentication (client certificate and key) with cluster management permissions.

Click Check Connectivity to verify network connectivity with the cluster to be imported and automatically identify the type of cluster to be imported. The cluster type will be displayed as a badge in the upper right corner of the form.
After connectivity check passes, click Import and confirm.

Tip:
- Click the Details icon on the right side of a cluster in Importing status to view the cluster's execution progress (status.conditions) in the popup Execution Progress dialog.
- After successful cluster import, you can view the cluster's key information in the cluster list. The cluster status displays as normal, and cluster-related operations can be performed.

Network Configuration

Ensure network connectivity between the global cluster and the cluster to be imported. You must refer to Network Configuration for Importing Clusters.

FAQ

After importing the cluster, the "Add Node" button is grayed out. How to add nodes?

Both TKE Dedicated clusters and TKE Managed clusters do not support adding nodes through the platform interface. Please add them in the backend or contact the cluster provider to add them.

What certificates does the certificate management function for imported clusters support?

Kubernetes Certificates: All imported clusters only support viewing APIServer certificate information in the platform certificate management interface. They do not support viewing other Kubernetes certificates and do not support automatic rotation.
Platform Component Certificates: All imported clusters can view platform component certificate information in the platform certificate management interface and support automatic rotation.

What other features are not supported for imported TKE Managed clusters and TKE Dedicated clusters?

TKE Managed clusters do not support obtaining audit data.
TKE Managed clusters do not support ETCD, Scheduler, Controller Manager related monitoring information, but support partial APIServer monitoring charts.
Both TKE Managed clusters and TKE Dedicated clusters do not support obtaining cluster certificate-related information except for Kubernetes APIServer certificates.

#Import Tencent Cloud TKE Cluster

#TOC

#Prerequisites

#Obtain Image Registry Address

#Determine if Image Registry Requires Additional Configuration

#Obtain KubeConfig

#Import Cluster

#Network Configuration

#FAQ

#After importing the cluster, the "Add Node" button is grayed out. How to add nodes?

#What certificates does the certificate management function for imported clusters support?

#What other features are not supported for imported TKE Managed clusters and TKE Dedicated clusters?