- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
-
UCS Clusters
- Overview
- Huawei Cloud Clusters
-
On-Premises Clusters
- Overview
- Service Planning for On-Premises Cluster Installation
- Registering an On-Premises Cluster
- Installing an On-Premises Cluster
- Managing an On-Premises Cluster
- Attached Clusters
- Multi-Cloud Clusters
- Single-Cluster Management
- Fleets
-
Cluster Federation
- Overview
- Enabling Cluster Federation
- Using kubectl to Connect to a Federation
- Upgrading a Federation
-
Workloads
- Workload Creation
-
Container Settings
- Setting Basic Container Information
- Setting Container Specifications
- Setting Container Lifecycle Parameters
- Setting Health Check for a Container
- Setting Environment Variables
- Configuring a Workload Upgrade Policy
- Configuring a Scheduling Policy (Affinity/Anti-affinity)
- Configuring Scheduling and Differentiation
- Managing a Workload
- ConfigMaps and Secrets
- Services and Ingresses
- MCI
- MCS
- DNS Policies
- Storage
- Namespaces
- Multi-Cluster Workload Scaling
- Adding Labels and Taints to a Cluster
- RBAC Authorization for Cluster Federations
- Image Repositories
- Permissions
-
Policy Center
- Overview
- Basic Concepts
- Enabling Policy Center
- Creating and Managing Policy Instances
- Example: Using Policy Center for Kubernetes Resource Compliance Governance
-
Policy Definition Library
- Overview
- k8spspvolumetypes
- k8spspallowedusers
- k8spspselinuxv2
- k8spspseccomp
- k8spspreadonlyrootfilesystem
- k8spspprocmount
- k8spspprivilegedcontainer
- k8spsphostnetworkingports
- k8spsphostnamespace
- k8spsphostfilesystem
- k8spspfsgroup
- k8spspforbiddensysctls
- k8spspflexvolumes
- k8spspcapabilities
- k8spspapparmor
- k8spspallowprivilegeescalationcontainer
- k8srequiredprobes
- k8srequiredlabels
- k8srequiredannotations
- k8sreplicalimits
- noupdateserviceaccount
- k8simagedigests
- k8sexternalips
- k8sdisallowedtags
- k8sdisallowanonymous
- k8srequiredresources
- k8scontainerratios
- k8scontainerrequests
- k8scontainerlimits
- k8sblockwildcardingress
- k8sblocknodeport
- k8sblockloadbalancer
- k8sblockendpointeditdefaultrole
- k8spspautomountserviceaccounttokenpod
- k8sallowedrepos
- Configuration Management
- Traffic Distribution
- Observability
- Container Migration
- Pipeline
- Error Codes
-
UCS Clusters
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
-
API
- UCS Cluster
-
Fleet
- Adding a Cluster to a Fleet
- Removing a Cluster from a Fleet
- Registering a Fleet
- Deleting a Fleet
- Querying a Fleet
- Adding Clusters to a Fleet
- Updating Fleet Description
- Updating Permission Policies Associated with a Fleet
- Updating the Zone Associated with the Federation of a Fleet
- Obtaining the Fleet List
- Enabling Fleet Federation
- Disabling Cluster Federation
- Querying Federation Enabling Progress
- Creating a Federation Connection and Downloading kubeconfig
- Creating a Federation Connection
- Downloading Federation kubeconfig
- Permissions Management
- Using the Karmada API
- Appendix
-
FAQs
- About UCS
-
Billing
- How Is UCS Billed?
- What Status of a Cluster Will Incur UCS Charges?
- Why Am I Still Being Billed After I Purchase a Resource Package?
- How Do I Change the Billing Mode of a Cluster from Pay-per-Use to Yearly/Monthly?
- What Types of Invoices Are There?
- Can I Unsubscribe from or Modify a Resource Package?
-
Permissions
- How Do I Configure Access Permissions for Each Function of the UCS Console?
- What Can I Do If an IAM User Cannot Obtain Cluster or Fleet Information After Logging In to UCS?
- How Do I Restore ucs_admin_trust I Deleted or Modified?
- What Can I Do If I Cannot Associate the Permission Policy with a Fleet or Cluster?
- How Do I Clear RBAC Resources After a Cluster Is Unregistered?
- Policy Center
-
Fleets
- What Can I Do If Cluster Federation Verification Fails to Be Enabled for a Fleet?
- What Can I Do If an Abnormal, Federated Cluster Fails to Be Removed from the Fleet?
- What Can I Do If an Nginx Ingress Is in the Unready State After Being Deployed?
- What Can I Do If "Error from server (Forbidden)" Is Displayed When I Run the kubectl Command?
- Huawei Cloud Clusters
- Attached Clusters
-
On-Premises Clusters
- What Can I Do If an On-Premises Cluster Fails to Be Connected?
- How Do I Manually Clear Nodes of an On-Premises Cluster?
- How Do I Downgrade a cgroup?
- What Can I Do If the VM SSH Connection Times Out?
- How Do I Expand the Disk Capacity of the CIA Add-on in an On-Premises Cluster?
- What Can I Do If the Cluster Console Is Unavailable After the Master Node Is Shut Down?
- What Can I Do If a Node Is Not Ready After Its Scale-Out?
- How Do I Update the CA/TLS Certificate of an On-Premises Cluster?
- What Can I Do If an On-Premises Cluster Fails to Be Installed?
- Multi-Cloud Clusters
-
Cluster Federation
- What Can I Do If the Pre-upgrade Check of the Cluster Federation Fails?
- What Can I Do If a Cluster Fails to Be Added to a Federation?
- What Can I Do If Status Verification Fails When Clusters Are Added to a Federation?
- What Can I Do If an HPA Created on the Cluster Federation Management Plane Fails to Be Distributed to Member Clusters?
- What Can I Do If an MCI Object Fails to Be Created?
- What Can I Do If I Fail to Access a Service Through MCI?
- What Can I Do If an MCS Object Fails to Be Created?
- What Can I Do If an MCS or MCI Instance Fails to Be Deleted?
- Traffic Distribution
- Container Intelligent Analysis
- General Reference
- Context
- Symptom 1: A Message Is Displayed Indicating that clusterrole and clusterrolebinding Already Exist
- Symptom 2: A Message Is Displayed Indicating that an EIP Needs to Be Bound to the CCE Cluster
- Symptom 3: An EIP Has Been Bound to a CCE Cluster, but the Cluster Still Fails to Be Added to a Federation. "network in cluster is unstable, please retry it later" Is Displayed
- Symptom 4: Cluster That Has Been Added to a Federation Is Abnormal. "cluster is not reachable" Is Displayed
- Symptom 5: "the same cluster has been registered with name xx" or "cluster xxx is joined successfully" Is Displayed When a Cluster Is Added to a Federation
Show all
Copied.
What Can I Do If Cluster Federation Verification Fails to Be Enabled for a Fleet?
Context
After cluster federation is enabled for a fleet, existing clusters and clusters newly added to the fleet will automatically join the federation. In this process, the fleet verifies the network status, cluster version, clusterrole, and clusterrolebinding of the cluster. If the verification fails, clusters cannot join the federation. After the fault is rectified, click Retry to join the cluster federation again.
Symptom 1: A Message Is Displayed Indicating that clusterrole and clusterrolebinding Already Exist
Cause: A cluster cannot join two or more federations at the same time. If this error message is displayed, the cluster has joined the federation, or joined the federation but has residual resources.
Solution: Manually clear residual resources.
Procedure:
- Obtain the kubeconfig file of the faulty cluster, prepare kubectl and the running node, and place the kubeconfig file in the /tmp directory of the running node.
- Run the following command to clear residual resources:
alias kubectl='kubectl --kubeconfig=/tmp/kubeconfig'
kubectl delete clusterrolebinding `kubectl get clusterrolebinding |grep karmada-controller-manager | awk '{print $1}'`
kubectl delete clusterrole `kubectl get clusterrole |grep karmada-controller-manager | awk '{print $1}'`
kubectl delete namespace `kubectl get namespace |egrep 'karmada-[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' |awk '{print $1}'`
Symptom 2: A Message Is Displayed Indicating that an EIP Needs to Be Bound to the CCE Cluster
Cause: After the federation function is enabled for the fleet, an EIP needs to be used to solve the network connection problem when the CCE cluster is accessed.
Solution: Bind an EIP to the CCE cluster.
Symptom 3: An EIP Has Been Bound to a CCE Cluster, but the Cluster Still Fails to Be Added to a Federation. "network in cluster is unstable, please retry it later" Is Displayed
Cause: The federation needs to access the CCE cluster over port 5443. The inbound rule of the security group on the control plane of the CCE cluster specifies that 94.74.86.108 (source address) is denied to access the CCE cluster over port 5443.
Solution: Modify the inbound rule of the security group on the control plane of the CCE cluster to allow 94.74.86.108 (source address) to access the CCE cluster over port 5443.
Symptom 4: Cluster That Has Been Added to a Federation Is Abnormal. "cluster is not reachable" Is Displayed
Run the following command in the corresponding member cluster to check whether ServiceAccount exists. Replace {cluster_name} with the name of the member cluster.
kubectl get sa -A|grep karmada-{cluster_name}.clusterspace.{cluster_name}
If the command output indicates that ServiceAccount does not exist, remove the member cluster from the fleet and add this cluster to the fleet again.
Symptom 5: "the same cluster has been registered with name xx" or "cluster xxx is joined successfully" Is Displayed When a Cluster Is Added to a Federation
Cause: The cluster stops unexpectedly when being added to the federation.
Solution: Remove the cluster from the federation and add it to the federation again.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot