EDAS runs a precheck when you import a Kubernetes cluster, validating the cluster version, available resources, security groups, networking, and installed components.
If specific precheck items fail, the cluster import may fail or the cluster may not work as expected. Identify and resolve the issues before you proceed.
Warnings affect only specific features. If you do not need those features, you can ignore the warnings and continue the import.
If the precheck is interrupted unexpectedly, join DingTalk Group (ID: 23197114) for technical support, or try importing a new cluster.
The following table summarizes each precheck item, its severity, and the recommended action.
| Category | Error message | Severity | Action |
|---|---|---|---|
| Cluster version | *(Version check failure)* | Error | Use an earlier Kubernetes version |
| Resources | Some nodes not ready | Warning | Troubleshoot nodes in the ACK console |
| Resources | the quota of Pod is not enough | Error | Add nodes; reserve ~12 pod IPs (Flannel) or use a larger ECS instance type (Terway) |
| Resources | the quota of Memory Max is not enough | Error | Reserve ~1.5 GB memory on at least one node |
| Resources | the quota of Memory total is not enough | Error | Reserve ~3 GB total memory across all nodes |
| Resources | the quota of CPU Max is not enough | Error | Reserve ~1.5 CPU cores on at least one node |
| Resources | the quota of CPU Total is not enough | Error | Reserve ~2 CPU cores total across all nodes |
| Resources | No node available / No node ready | Error | Add valid worker nodes |
| Security | Worker not in Cluster SecurityGroup | Error | Associate ECS instances with the cluster security group |
| Security | Security group rule disabled Port: 6443 | Error | Add the worker node to the whitelist |
| Security | Security group rule not found, rule name: xxx | Error | Check if manual changes affect network access |
| SLB | ApiServerSLB modified | Error | Check the API server SLB configuration |
| SLB | ApiServerSLB inactive | Error | Check the API server SLB configuration |
| RAM | RAM check failed, reason: node xxx not attached to cluster RamRole: yyy | Error | Associate the RAM role with the node |
| Networking | the quota of pod cidr is not enough | Error | Reserve at least 2 pod CIDR IPs, or reconfigure the VPC |
| Components | current cluster doesn't install plugin of acr-credential-helper | Warning | Install the component if you use Container Registry Enterprise Edition |
| CRD | Found CRD | Warning | Uninstall OAM-related Custom Resource Definitions (CRDs) if you installed OAM components |
Cluster version check failed
Severity: Error
EDAS may not yet support the latest Kubernetes version. If the version check fails, use a cluster running an earlier Kubernetes version. You can upgrade the cluster after EDAS adds support for the newer version.
Resource check errors
"Some nodes not ready"
Severity: Warning
Some nodes in your cluster are not in the Ready state. This does not block the import. However, troubleshoot those nodes in the ACK console to avoid problems later.
"the quota of Pod is not enough"
Severity: Error
Your cluster does not have enough pod capacity for EDAS management components. Add nodes to the cluster, then ensure enough pod IP addresses are available:
-
Flannel network plug-in: On the Create Cluster page in the ACK console, configure the IP Addresses per Node parameter. Reserve approximately 12 pod IP addresses for EDAS management components.
-
Terway network plug-in: The number of pods per node depends on the Elastic Network Interfaces (ENIs) available for your ECS instance type. Select a higher-spec ECS instance type. For details, see Work with Terway.
"the quota of Memory Max is not enough"
Severity: Error
At least one node must have approximately 1.5 GB of available memory for Prometheus. Add nodes to the cluster to free up enough memory.
"the quota of Memory total is not enough"
Severity: Error
The cluster needs approximately 3 GB of total available memory across all nodes for EDAS management components. Add nodes to increase the total available memory.
"the quota of CPU Max is not enough"
Severity: Error
At least one node must have approximately 1.5 CPU cores available for Prometheus. Add nodes to the cluster to free up enough CPU.
"the quota of CPU Total is not enough"
Severity: Error
The cluster needs approximately 2 CPU cores total across all nodes for EDAS management components. Add nodes to increase the total available CPU.
"No node available" or "No node ready"
Severity: Error
Your cluster has no available worker nodes. Log on to the ACK console to check the node status and add valid nodes.
Security group check errors
"Worker not in Cluster SecurityGroup"
Severity: Error
One or more ECS instances are not in the cluster security group. Verify that each ECS instance is associated with the Kubernetes cluster security group, and add any missing associations.
"Security group rule disabled Port: 6443"
Severity: Error
This rule blocks EDAS scaling components from reaching the cluster API server on port 6443. To fix this, schedule pods in the edas-oam-system namespace to a specific worker node, then add that node to the whitelist.
"Security group rule not found, rule name: xxx"
Severity: Error
A security group rule is missing, likely due to manual modifications. Check whether the changes affect network access to the cluster. If network access is unaffected, you can ignore this error.
SLB check errors
"ApiServerSLB modified"
Severity: Error
The SLB instance configuration for the cluster API server may have been modified or deleted. Verify the SLB settings and restore them if needed.
"ApiServerSLB inactive"
Severity: Error
The SLB instance for the cluster API server may be inactive. Check whether the SLB instance configurations of the API server are modified.
RAM role check error
"RAM check failed, reason: node xxx not attached to cluster RamRole: yyy"
Severity: Error
Node xxx is not associated with the cluster's RAM role yyy. Verify the association by following these steps:
-
Log on to the ACK console.
-
In the left-side navigation pane, click Clusters.
-
On the Clusters page, find your cluster and click Details in the Actions column.
-
Click the Cluster Resources tab and note the worker RAM role name.
-
Log on to the ECS console, find the ECS instance for node
xxx, and confirm the RAM role is associated with it.
Network resource check error
"the quota of pod cidr is not enough"
Severity: Error
The cluster needs at least two valid IP addresses in the pod CIDR blocks for EDAS management components. If no IP addresses are available, reconfigure the virtual private cloud (VPC).
Component and CRD warnings
"current cluster doesn't install plugin of acr-credential-helper"
Severity: Warning
The aliyun-acr-credential-helper component is not installed. This only affects Container Registry Enterprise Edition features.
-
If you do not use Container Registry Enterprise Edition, ignore this warning.
-
If you need Container Registry Enterprise Edition, install the aliyun-acr-credential-helper component. EDAS automatically configures it when you update an application. For details, see Use the aliyun-acr-credential-helper component to pull images without secrets.
"Found CRD"
Severity: Warning
A Custom Resource Definition (CRD) conflict was detected.
-
If you installed Open Application Model (OAM)-related components, the conflict may affect EDAS features. Manually uninstall all OAM-related CRDs before importing the cluster.
-
If you did not install OAM-related components, ignore this warning and proceed with the import in the EDAS console.