Skip to content

Import Failures

If the cluster import process was not successful, follow the steps described below to debug and diagnose the issue. Some common scenarios when import can fail are described below

Typical Failure Scenarios

Blueprint Sync Failure

By default, the "minimal cluster blueprint" is selected for imported clusters. Users can override the default and specify a different blueprint.

Note that the minimal blueprint is extremely lightweight and should not collide/conflict with any existing resources on the cluster. Users are recommended to import a Kubernetes cluster with the minimal blueprint first before trying a custom blueprint.

Common scenarios for potential collision are

  • Metrics Server already exists on imported cluster
  • Ingress Controller already exists on imported cluster and using port 443

Insufficient Resources

Imported cluster does not have the Insufficient Resources for the k8s mgmt Operator and the specified addons in the blueprint.

Incompatible Kubernetes Version

Imported cluster is running an incompatible, older version of Kubernetes

Security Block

3rd Party security product already in cluster blocking the creation of required k8s resources such as namespaces etc.

Network Security

Imported cluster unable to pull required container images from the container registry due to existing network security policies.

Privileged Namespaces

When you run "kubectl apply..", two namespaces for the controller will be created on the imported cluster.

  • rafay-system
  • rafay-infra

"rafay-system" Namespace

The "rafay-system" namespace is a critical, monitored namespace. It should contain several pods as listed below. Users can use the following kubectl command to list the pods in this namespace.

kubectl get po -n rafay-system

NAME                                           READY    STATUS    RESTARTS   AGE
controller-manager-588577488f-9vs29             1/1     Running   0          8d
debug-client-7cd86579bd-bcj8f                   1/1     Running   0          8d
edge-client-769767854b-m8r7w                    1/1     Running   0          8d
rafay-connector-5ffddccd99-gn6gl                1/1     Running   6          8d
relay-agent-585c799cbd-2bj5m                    1/1     Running   0          8d
secretstore-admission-webhook-b57c94688-46v62   1/1     Running   0          63d
l4err-77b5c5b949-kmbzs                          1/1     Running   0          8d
nginx-ingress-controller-2jlwb                  1/1     Running   0          8d
nginx-ingress-controller-qz4j6                  1/1     Running   0          8d

"rafay-infra" Namespace

The "rafay-infra" namespace contains the Kubernetes resources for infrastructural components managed by the controller.

kubectl get po -n rafay-infra

NAME                                                   READY   STATUS    RESTARTS   AGE
log-aggregator-6847784f79-tbb5z                        1/1     Running   0          151d
log-router-qtc4f                                       2/2     Running   0          77d
log-router-zmfkf                                       2/2     Running   0          77d
rafay-metrics-server-58689d8d66-njxgm                  1/1     Running   0          77d
rafay-prometheus-adapter-7cc76d654c-cwrx7              1/1     Running   0          7h37m
rafay-prometheus-alertmanager-0                        2/2     Running   0          7h37m
rafay-prometheus-kube-state-metrics-567cff6b85-rqntx   1/1     Running   0          77d
rafay-prometheus-node-exporter-mh9sc                   1/1     Running   0          7h37m
rafay-prometheus-node-exporter-rgwzk                   1/1     Running   0          7h37m
rafay-prometheus-server-0                              2/2     Running   0          7h37m

Refer to the Troubleshooting page for more information about failure scenarios.