All Products
Search
Document Center

Container Service for Kubernetes:Create an ACK Serverless cluster

Last Updated:Nov 12, 2024

ACK Serverless clusters are a container service provided by Alibaba Cloud to allow you to deploy workloads without the need to purchase nodes. ACK Serverless clusters can scale within seconds and schedule resources based on the predefined CPU and memory requests of application pods. These on-demand resource scheduling capabilities can greatly reduce the computing costs of fluctuating workloads. ACK Serverless clusters provide comprehensive Kubernetes-compatible capabilities to narrow the technical gap for beginners. You can focus on application development without the need to worry about infrastructure management. This topic describes how to create an ACK Serverless cluster in the ACK console.

Table of contents

Prerequisites

Step 1: Log on to the ACK console

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, click Create Kubernetes Cluster.

Step 2: Create a cluster

Click the ACK Serverless tab and configure the cluster.

Parameter

Description

All Resources

Move the pointer over All Resources at the top of the page and select the resource group that you want to use. After you select a resource group, virtual private clouds (VPCs) and vSwitches that belong to the resource group are displayed. When you create a cluster, only VPCs and vSwitches that belong to the specified resource group are displayed.资源组

Cluster Name

The name of the cluster. The name must be 1 to 63 characters in length, and can contain digits, letters, hyphens (-), and underscores (_). The name must start with a letter or digit.

Cluster Specification

Select a cluster type. You can select Professional or Basic. We recommend that you use ACK Pro clusters in the production environment and test environment. ACK Basic clusters can meet the learning and testing needs of individual users.

Select Professional to create an ACK Serverless Pro cluster. For more information, see ACK Serverless Pro cluster overview.

Region

The region of the cluster.

Kubernetes Version

The Kubernetes versions that are supported by ACK Serverless are displayed.

IPv6 Dual-stack

You can select Enable to create an ACK Serverless cluster that has IPv4/IPv6 dual stack enabled. This feature is in public preview. To use this feature, go to the Quota Center console and submit an application.

Note
  • Only 1.20.11-aliyun.1 and later versions support IPv4/IPv6 dual stack.

  • To enable IPv4/IPv6 dual stack for an ACK Serverless cluster, you must first enable IPv4/IPv6 dual stack for the virtual private cloud (VPC) where you want to deploy the cluster.

VPC

Set the VPC where you want to deploy the cluster. Kubernetes clusters support only VPCs. You can select Create VPC or Select Existing VPC.

  • Create VPC: If you select this option, ACK automatically creates a VPC and a NAT gateway in the VPC. ACK also configures SNAT rules on the NAT gateway.

  • Select Existing VPC: If you select this option, you must select a VPC from the VPC drop-down list and select vSwitches in the vSwitch section. If you want to enable Internet access, for example, to download container images, you must configure a NAT gateway. We recommend that you upload container images to a Container Registry instance in the region where the cluster is deployed. This way, you can pull images through the VPC.

For more information, see Create and manage VPCs.

Zone

Select the zone where you want to deploy the cluster.

Configure SNAT

Specify whether to automatically create a NAT gateway and configure SNAT rules on the NAT gateway. This check box is selected by default when you create a cluster.

This parameter is required only when you select Create VPC for VPC.

Note

After you select Create VPC, you can select or clear Configure SNAT. If you clear this check box, you need to manually create a NAT gateway and configure SNAT rules on the VPC. Otherwise, the cluster deployed in the VPC cannot access the Internet.

For more information, see Create and manage Internet NAT gateways.

Service CIDR

Set Service CIDR. The Service CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the pod CIDR block. The Service CIDR block cannot be modified after it is specified. For more information about how to plan CIDR blocks for a cluster, see Plan the network of an ACK cluster.

IPv6 Service CIDR

If you enable IPv4/IPv6 dual stack, you must specify an IPv6 CIDR block for Services. When you set this parameter, take note of the following items:

  • You must specify a Unique Local Unicast Address (ULA) space within the address range fc00::/7. The prefix must be 112 bits to 120 bits in length.

  • We recommend that you specify an IPv6 CIDR block that has the same number of IP addresses as the Service CIDR block.

For more information about how to plan CIDR blocks for a cluster, see Plan the network of an ACK cluster.

Access to API Server

By default, an internal-facing Server Load Balancer (SLB) instance is created for the Kubernetes API server of an ACK Serverless cluster. The SLB instance is billed on a pay-as-you-go basis. You can manually change the billing method. For more information, see Pay-as-you-go.

Select or clear Expose API Server with EIP. The ACK API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources, such as pods and Services.

  • If you select this check box, an elastic IP address (EIP) is created and associated with the SLB instance used by the ACK Serverless cluster. In this case, the Kubernetes API server is publicly exposed through port 6443 of the EIP. You can use kubeconfig to connect to and manage the cluster over the Internet.

  • If you clear this check box, no EIP is created. You can connect to and manage the cluster by using kubeconfig files only from within the VPC.

For more information, see Control public access to the API server of a cluster.

Security Group

You can select Create Basic Security Group, Create Advanced Security Group, or Select Existing Security Group. For more information about security groups, see Overview.

Note
  • Only users in the whitelist can select the Select Existing Security Group option. To apply to be added to the whitelist, log on to the Quota Center console and submit an application.

  • If you select an existing security group, the system does not automatically configure security group rules. This may cause errors when you access the nodes in the cluster. You must manually configure security group rules. For more information about how to manage security group rules, see Configure security group rules to enforce access control on ACK clusters.

  • By default, the security group used by ACK permits all outbound traffic. When you modify the security group due to business purposes, make sure that traffic destined for 100.64.0.0/10 is permitted. This CIDR block is used to pull images and query basic ECS information.

Time Zone

The time zone of the cluster. By default, the time zone of your browser is selected.

Deletion Protection

Specify whether to enable deletion protection for the cluster. Deletion protection prevents the cluster from being deleted in the console or by calling the API. This prevents user errors.

Resource Group

Move the pointer over All Resources at the top of the page and select the resource group that you want to use. After you select a resource group, virtual private clouds (VPCs) and vSwitches that belong to the resource group are displayed. When you create a cluster, only VPCs and vSwitches that belong to the specified resource group are displayed.资源组

Move the pointer over All Resources in the upper part of the page and select the resource group to which the cluster belongs. The name of the selected resource group is displayed.

Labels

Add labels to the cluster. Enter a key and a value, and then click Add.

Note
  • Key is required. Value is optional.

  • Keys are not case-sensitive. A key must not exceed 64 characters in length, and cannot start with aliyun, http://, or https://.

  • Values are not case-sensitive. A value cannot exceed 128 characters in length, and cannot start with http:// or https://.

  • The keys of labels that are added to the same resource must be unique. If you add a label with a used key, the label overwrites the label that uses the same key.

  • If you add more than 20 labels to a resource, all labels become invalid. You must remove excess labels for the remaining labels to take effect.

Cluster Domain

Enter a domain name for the cluster. Default value: cluster.local.

Step 3: Configure components

Click Next:Component Configurations to configure components.

Parameter

Description

Service Discovery

Configure service discovery for the cluster. You can select Disable, PrivateZone, or CoreDNS.

Note
  • Alibaba Cloud DNS PrivateZone is a DNS resolution service for private domain names within VPCs. You can use Alibaba Cloud DNS PrivateZone to resolve private domain names to IP addresses in one or more VPCs.

  • CoreDNS is a flexible and scalable DNS server that serves as a standard service discovery component in Kubernetes.

Ingress

Specify whether to install an Ingress controller. You can select Do Not Install, Nginx Ingress, ALB Ingress, or MSE Ingress.

  • Nginx Ingress: The NGINX Ingress controller is optimized based on open source ingress-nginx and provides flexible and reliable routing services based on Ingresses. For more information, see Overview of NGINX Ingresses.

  • ALB Ingress: The Application Load Balancer (ALB) Ingress controller is compatible with the NGINX Ingress controller, and provides improved traffic routing capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and HTTP, HTTPS, and QUIC protocols. The ALB Ingress controller meets the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. For more information, see Overview of ALB Ingresses.

  • MSE Ingress: An Ingress is an API object that provides Layer-7 load balancing to manage external access to Services in a Kubernetes cluster. To better support cloud-native scenarios, Alibaba Cloud provides Microservices Engine (MSE) Ingress gateways that are developed based on deep integration and optimization of MSE cloud-native gateways and ACK. MSE Ingress gateways help you manage ingress traffic of clusters in an efficient manner. For more information about how to use an MSE Ingress to access applications in an ACK cluster, see Use MSE Ingresses to access applications in ACK clusters.

Monitor containers

Specify whether to enable Managed Service for Prometheus.

Log Service

Specify whether to enable Simple Log Service. You can select an existing project or create a project.

If Simple Log Service is disabled, you cannot use the cluster auditing feature. For more information about Simple Log Service, see Getting Started.

Knative

Specify whether to enable Knative. Knative is a Kubernetes-based serverless framework. The main objective of Knative is to develop a cloud-native and cross-platform orchestration standard for serverless applications. For more information, see Overview.

Step 4: Confirm the configuration

Click Next:Confirm Order to confirm the configuration, read and select I have read and understand the ACK Terms of Service and Disclaimer, and then click Create Cluster.

After the cluster is created, you can find the cluster on the Clusters page in the ACK console.

Note

It requires approximately 10 minutes to create a cluster.

What to do next

  • View the basic information about the cluster

    On the Clusters page, find the cluster that you created and click Details in the Actions column. On the details page, click the Basic Information tab to view basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster. The following information is displayed:

    • API Server Public Endpoint: the IP address and port that the Kubernetes API Server uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on the client.

      Only ACK managed clusters support the Associate EIP and Disassociate EIP features.

      • Associate EIP: You can select an existing EIP or create an EIP.

        The API server restarts after you associate an EIP with the API server. We recommend that you do not perform operations during the restart process.

      • Disassociate EIP: After you disassociate the EIP, you can no longer access the API server over the Internet.

        The API server restarts after you disassociate the EIP from the API Server. We recommend that you do not perform operations on the cluster during the restart process.

    • API Server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the SLB instance that is associated with the cluster.

  • View cluster logs

    Click the Cluster Logs tab to view the logs of the cluster.