Limitations and Workarounds
The import process has certain limitations. Some of them have
workarounds.
- (NCP 3.0.1 only)IpPoolAllocationsfrom externalIpPools(user-createdIpPools) are not deleted once their associated Kubernetes resources are deleted by NCP running in Policy mode after import. For example, upon deletion of a namespace.Workaround: None
- The Manager to Policy importer cannot roll back completely once the distributed firewall sections and rules are imported in phase 2.Workaround: You must use the Backup and Restore feature in this case to restore the cluster to its original configuration in Manager.
- (NCP 3.0.1 only) Manager to Policy Import fails if there is a NAT rule with multiple destination ports. One such case is when the Kubernetesingress_modeisnatand there exists a pod with annotationncp/ingress-controller.Workaround: While NCP is not running and before initiating the import, edit the NAT rule and remove the "80" and "443" destination ports.
- (NCP 3.0.1 only) Auto-scaled load balancer tier-1s cannot be deleted if required by NCP in Policy mode after import.Workaround: Manually delete the tier-1 from UI if required.
- Clusters with load balancer CRD cannot be imported. Load balancer CRD have different spec in Manager and Policy mode and they cannot be transformed. Therefore, there must be no LB CRD present in the Kubernetes before initiating the import.Workaround: None