- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
-
UCS Clusters
- Overview
- Huawei Cloud Clusters
-
On-Premises Clusters
- Overview
- Service Planning for On-Premises Cluster Installation
- Registering an On-Premises Cluster
- Installing an On-Premises Cluster
- Managing an On-Premises Cluster
- Attached Clusters
- Multi-Cloud Clusters
- Single-Cluster Management
- Fleets
-
Cluster Federation
- Overview
- Enabling Cluster Federation
- Using kubectl to Connect to a Federation
- Upgrading a Federation
-
Workloads
- Workload Creation
-
Container Settings
- Setting Basic Container Information
- Setting Container Specifications
- Setting Container Lifecycle Parameters
- Setting Health Check for a Container
- Setting Environment Variables
- Configuring a Workload Upgrade Policy
- Configuring a Scheduling Policy (Affinity/Anti-affinity)
- Configuring Scheduling and Differentiation
- Managing a Workload
- ConfigMaps and Secrets
- Services and Ingresses
- MCI
- MCS
- DNS Policies
- Storage
- Namespaces
- Multi-Cluster Workload Scaling
- Adding Labels and Taints to a Cluster
- RBAC Authorization for Cluster Federations
- Image Repositories
- Permissions
-
Policy Center
- Overview
- Basic Concepts
- Enabling Policy Center
- Creating and Managing Policy Instances
- Example: Using Policy Center for Kubernetes Resource Compliance Governance
-
Policy Definition Library
- Overview
- k8spspvolumetypes
- k8spspallowedusers
- k8spspselinuxv2
- k8spspseccomp
- k8spspreadonlyrootfilesystem
- k8spspprocmount
- k8spspprivilegedcontainer
- k8spsphostnetworkingports
- k8spsphostnamespace
- k8spsphostfilesystem
- k8spspfsgroup
- k8spspforbiddensysctls
- k8spspflexvolumes
- k8spspcapabilities
- k8spspapparmor
- k8spspallowprivilegeescalationcontainer
- k8srequiredprobes
- k8srequiredlabels
- k8srequiredannotations
- k8sreplicalimits
- noupdateserviceaccount
- k8simagedigests
- k8sexternalips
- k8sdisallowedtags
- k8sdisallowanonymous
- k8srequiredresources
- k8scontainerratios
- k8scontainerrequests
- k8scontainerlimits
- k8sblockwildcardingress
- k8sblocknodeport
- k8sblockloadbalancer
- k8sblockendpointeditdefaultrole
- k8spspautomountserviceaccounttokenpod
- k8sallowedrepos
- Configuration Management
- Traffic Distribution
- Observability
- Container Migration
- Pipeline
- Error Codes
-
UCS Clusters
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
-
API
- UCS Cluster
-
Fleet
- Adding a Cluster to a Fleet
- Removing a Cluster from a Fleet
- Registering a Fleet
- Deleting a Fleet
- Querying a Fleet
- Adding Clusters to a Fleet
- Updating Fleet Description
- Updating Permission Policies Associated with a Fleet
- Updating the Zone Associated with the Federation of a Fleet
- Obtaining the Fleet List
- Enabling Fleet Federation
- Disabling Cluster Federation
- Querying Federation Enabling Progress
- Creating a Federation Connection and Downloading kubeconfig
- Creating a Federation Connection
- Downloading Federation kubeconfig
- Permissions Management
- Using the Karmada API
- Appendix
-
FAQs
- About UCS
-
Billing
- How Is UCS Billed?
- What Status of a Cluster Will Incur UCS Charges?
- Why Am I Still Being Billed After I Purchase a Resource Package?
- How Do I Change the Billing Mode of a Cluster from Pay-per-Use to Yearly/Monthly?
- What Types of Invoices Are There?
- Can I Unsubscribe from or Modify a Resource Package?
-
Permissions
- How Do I Configure Access Permissions for Each Function of the UCS Console?
- What Can I Do If an IAM User Cannot Obtain Cluster or Fleet Information After Logging In to UCS?
- How Do I Restore ucs_admin_trust I Deleted or Modified?
- What Can I Do If I Cannot Associate the Permission Policy with a Fleet or Cluster?
- How Do I Clear RBAC Resources After a Cluster Is Unregistered?
- Policy Center
-
Fleets
- What Can I Do If Cluster Federation Verification Fails to Be Enabled for a Fleet?
- What Can I Do If an Abnormal, Federated Cluster Fails to Be Removed from the Fleet?
- What Can I Do If an Nginx Ingress Is in the Unready State After Being Deployed?
- What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?
- Huawei Cloud Clusters
- Attached Clusters
-
On-Premises Clusters
- What Can I Do If an On-Premises Cluster Fails to Be Connected?
- How Do I Manually Clear Nodes of an On-Premises Cluster?
- How Do I Downgrade a cgroup?
- What Can I Do If the VM SSH Connection Times Out?
- How Do I Expand the Disk Capacity of the CIA Add-on in an On-Premises Cluster?
- What Can I Do If the Cluster Console Is Unavailable After the Master Node Is Shut Down?
- What Can I Do If a Node Is Not Ready After Its Scale-Out?
- How Do I Update the CA/TLS Certificate of an On-Premises Cluster?
- What Can I Do If an On-Premises Cluster Fails to Be Installed?
- Multi-Cloud Clusters
-
Cluster Federation
- What Can I Do If the Pre-upgrade Check of the Cluster Federation Fails?
- What Can I Do If a Cluster Fails to Be Added to a Federation?
- What Can I Do If Status Verification Fails When Clusters Are Added to a Federation?
- What Can I Do If an HPA Created on the Cluster Federation Management Plane Fails to Be Distributed to Member Clusters?
- What Can I Do If an MCI Object Fails to Be Created?
- What Can I Do If I Fail to Access a Service Through MCI?
- What Can I Do If an MCS Object Fails to Be Created?
- What Can I Do If an MCS or MCI Instance Fails to Be Deleted?
- Traffic Distribution
- Container Intelligent Analysis
- General Reference
Copied.
Using the Karmada API
Karmada API Description
Karmada API is the application that serves Karmada functionality through a RESTful interface and stores the state of Karmada. Federated resources can be obtained, created, updated, and deleted via HTTP calls (POST, PUT, PATCH, DELETE, and GET) to the API. For details, see Karmada API.
UCS can call Karmada API through API Gateway.
Calling Karmada API Through API Gateway
Parameter |
Description |
---|---|
{Fleet name} |
Fleet name, which can be obtained from the basic fleet information on the console. |
{Region} |
URL of the region that the service belongs to, which can be obtained from Endpoints. Example: The region of CN North-Beijing4 is cn-north-4. |
{URI} |
Access path of an API for performing a specified operation. Obtain the value from the URI of the API. For details, see Karmada API. Example: Set this parameter based on the API to be called. For example, if you want to view details about a Deployment, the request method is GET and the API URI is apis/apps/v1/{namespaces}/default/deployments. {namespace} indicates the cluster namespace name. In this example, the value is default. |
- Log in to the UCS console and click the name of the target fleet to go to its details page. Then, click kubectl in Fleet Info.
- Select a project, VPC, master node subnet, and validity period as prompted and click Download to download the kubectl configuration file.
The name of the downloaded file is kubeconfig.json.
NOTICE:
If the kubeconfig.json file is leaked, your clusters may be attacked. Keep it secure.
The validity period of the kubectl configuration file can be set as required. The options are 5 years, 1 year, 6 months, 30 days, and 15 days to 1 day. The minimum value is 1 day.
- Install and configure kubectl on the executor.
- Determine the requested URL based on the URL format.
- {Fleet name} indicates the fleet name, which can be obtained from the basic fleet information on the console.
- {Region} indicates the URL of the region that the service belongs to, which can be obtained from Endpoints.
- {URL} Access path of an API for performing an operation on resources. Obtain the value from the URI of the API. For details, see Karmada API.
The following is an example URL for calling the API to view information about all Deployments in the federation:
https://r******.fleet.ucs.cn-north-4-dev.myhuaweicloud.com/apis/apps/v1/namespaces/default/deployments
- Obtain the bearer token corresponding to the request for creating an Admin Role.
- Save the following content to the admin-role.yaml file:
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile
- Run the kubectl apply -f admin-role.yaml command to create the service account and permissions.
- Run the kubectl create token admin --namespace kube-system command to obtain the bearer token of the service account.
- Set the environment variable token to the bearer token obtained in the previous step.
- Save the following content to the admin-role.yaml file:
- Use the request method specified by the API and set the request header parameters. If parameters in the body need to be added, add the structure corresponding to the API by referring to Karmada API.
Example curl command to call the API for creating a Deployment using POST and adding the corresponding body:
In this example, the nginx.json file is used to create a Deployment named nginx. The Deployment uses the nginx:latest image and contains two pods. Each pod occupies 100m CPU and 200 MiB memory. After the Deployment is created, you can refer to the preceding steps to obtain the URI of PropagationPolicy from Karmada API and create a distribution policy.
curl --location --request POST 'https://r*****.fleet.ucs.cn-north-4-dev.myhuaweicloud.com/apis/apps/v1/deployments' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer $token' \ --data @nginx.json
The following table lists the header parameters contained in the request.Table 2 Parameters in the request header Parameter
Mandatory
Data Type
Description
Content-Type
Yes
String
Message body type (format), for example, application/json.
Authorization
Yes
String
For details about how to obtain the bearer token, see 5.
The content of the nginx.json file is as follows:
{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "name": "nginx" }, "spec": { "replicas": 2, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "labels": { "app": "nginx" } }, "spec": { "containers": [ { "image": "nginx:latest", "name": "container-0", "resources": { "limits": { "cpu": "100m", "memory": "200Mi" }, "requests": { "cpu": "100m", "memory": "200Mi" } } } ], "imagePullSecrets": [ { "name": "default-secret" } ] } } } }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot