Create a control plane managed ACK managed cluster - Container Service for Kubernetes

When creating an ACK managed cluster, you only need to configure the worker nodes. The master nodes are created and managed by Alibaba Cloud Container Service, reducing operation and maintenance costs and allowing you to focus more on business applications. This topic describes how to create an ACK managed cluster through the Container Service console.

Before you start creating an ACK cluster, it is recommended that you have understood basic Kubernetes concepts, Container Service ACK, ACK managed cluster, and other basic information.

If you are using an ACK managed cluster for the first time, you can refer to Quickly Set Up a Rubik's Cube Game Application with ACK to start the beginner experience. After the experience, please release resources in time to avoid unexpected charges.

Planning and design

Before creating a cluster, plan and design the cluster according to business needs to ensure that the cluster can run stably, efficiently, and securely. Most configuration items can be adjusted after the cluster is created, but some configuration items cannot be changed after creation, especially those related to cluster availability and network. When planning, ensure that the following factors have been considered.

Classification	Description
Deployment location	Region: The closer the selected region is to the user and resource deployment region, the lower the network latency and the faster the access speed. Zone: It is recommended to configure multiple zones to ensure high availability of the cluster.
Version and specifications	Kubernetes version: Plan the Kubernetes version to use. It is recommended to use the latest version available. Cluster specifications: Provides Pro Edition and Basic Edition. The Pro Edition is more suitable for production environments and provides SLA guarantees. The Basic Edition is more suitable for testing environments and has limited resource quotas.
Network planning	Network plug-in: Select the Terway or Flannel pattern. Simply put, if you have strong requirements for network security, IP Address Management (IPAM) such as fixed Pod IP and Network Policy, it is recommended to use Terway. If the cluster size is relatively small, such as less than 500 nodes, and there are no special network requirements, you can use Flannel. For specific differences, seeComparison of container network plug-ins Terway and Flannel. Network address planning: Plan the VPC CIDR block (VPC CIDR block and vSwitch CIDR block) and Kubernetes CIDR block (pod address segment and service address segment) according to the business scenario and cluster size, define the IP address range for the entire cluster and the number of IP addresses available to pods and nodes. Public access: Whether the cluster nodes need to access the public network (public access is required when pulling public images). IPv6 dual-stack: Whether the cluster needs to support both IPv4 and IPv6 protocols. If enabled, the VPC where the cluster is located must support dual-stack, and the IPv6 CIDR block must be planned. Security group: The security group where the cluster resources are located and the type of security group used. Cluster local domain name: The top-level domain name (standard suffix) used by all services in the cluster, allowing pods and other resources to access each other by name instead of IP address. The default is`cluster.local`. If customization is needed, please plan accordingly.

Creation process

Note

This topic describes how to create a cluster in the console. ACK also supports creation through OpenAPI, creation through CLI, and creation through Terraform.
If you need to use a RAM user to create a cluster in the console, you need to configure the corresponding permissions before you can use it normally. Please refer to Container Service Console Permission Dependencies to complete fine-grained authorization.

You can refer to the console guide to create a cluster based on the default cluster configuration of ACK. If you want to control the cluster configuration more finely, please refer to Description of ACK Managed Cluster Configuration Items to understand and enable the corresponding configuration items. The following is an overview of the process.

Step 1: Complete preparations and enter the creation page

Before creating a cluster, ensure that you have enabled Container Service ACK, granted the ACK system server role to your Alibaba Cloud account or RAM account (ACK needs these permissions to call related services or perform cluster operations), and enabled related cloud products (such as VPC, Server Load Balancer, NAT Gateway, etc.). For specific operations, please refer to Quickly Create an ACK Managed Cluster.

Note

Your account must have at least 100 yuan, otherwise you cannot create pay-as-you-go resources.

Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Cluster List page, click Create Cluster. On the ACK Managed Cluster page, complete the cluster configuration, node pool configuration, and component configuration according to the page guide.

Step 2: Configure the cluster

Configuration type	Description	Example style
Basic configuration	Basic information of the cluster, including name, specifications, region, version, etc. Supports enabling automatic upgrade of cluster version and configuring the maintenance window for scheduled execution.
Network configuration	IPv6 dual-stack switch, VPC and vSwitch configuration, whether to allow public network access to the API Server, security group, network plug-in, CIDR block configuration, etc.
Advanced configuration	Cluster resource management and cluster security-related configurations.

For detailed configuration item descriptions, see Cluster Configuration.

Step 3: Configure the node pool

The node pool is used for grouped management of nodes. It is a logical collection of nodes with the same attributes and is not charged. Simply put, the node pool is similar to a configuration template. The nodes scaled out from the node pool will use this template configuration. The node pool you configure in this step will serve as the default node pool for the cluster.

Note

If you want to skip node creation or add purchased ECS instances to the cluster after the cluster is created, you can configure the Expected Number Of Nodes to 0 during the configuration process, which means the number of instances in the cluster is 0, and complete the configuration of other required options.
You can also refer to Create and Manage Node Pools to create more node pools after the cluster is created, achieving mixed deployment and isolation of nodes of different types (such as operating system, CPU architecture, billing type, instance type, etc.).

Configuration type	Description	Example style
Basic configuration	Basic information of the nodes, including name and runtime. Supports enabling automated operation and maintenance capabilities.
Instance and image configuration	Billing type of the nodes, instance type used (it is recommended to select multiple), operating system, etc.
Storage configuration	System disk (for installing and running the operating system) and data disk (for persistent storage of business data) used by the nodes.
Instance quantity configuration	The expected number of instances to be maintained by the node pool.
Advanced configuration	ECS tags, node tags, taints, and other advanced configurations.

For detailed configuration item descriptions, see Node Pool Configuration.

Step 4: Configure components

To further expand the cluster's capabilities, in addition to system components, ACK also provides various types of functional components, offering features such as cluster networking, observability, and cost optimization.

Note

ACK installs some components by default based on best practices. You can view and confirm them in this step, or perform operations such as installation, uninstallation, and upgrade after the cluster is created. Please refer to Manage Components.

Configuration type	Description	Example style
Basic components	Network, storage, and observability components.
More components	Components for scenarios such as application management, log monitoring, and storage.

For detailed configuration item descriptions, see Component Configuration.

Step 5: Confirm configuration and billing information

On the Confirm Configuration page, confirm the cluster's configuration information, including feature configuration, resource billing, cloud product dependency checks, and read the service agreement.

ACK managed cluster involves cluster management fees (charged only for Pro Edition) and cloud product fees. You can view the total cost overview of the cluster at the bottom of the creation page, or view the billing documents for ACK and each product. Please refer to Billing Overview, Cloud Product Resource Fees.

What to do next

Application deployment: Create and manage workloads, including deployment, StatefulSet, Job, etc. Please refer to Create Workloads.
Service discovery and network management
- Service: Provides a fixed access entry for a group of pods, enabling intra-cluster access, public network access, and more.
- Ingress: Configure different forwarding rules, such as routing to different services through domain names or access paths, to achieve load balancing.
- Service discovery DNS: This feature facilitates domain name resolution for workloads within the cluster, allowing internal services to communicate using service names without the need to know specific IP addresses.
Observability configuration: Achieve cluster log collection and monitoring alerts, facilitating cluster diagnosis and status observation. Please refer to Observability to understand the observability solutions provided by ACK in dimensions such as infrastructure, containers, and workloads.
Storage: Achieve application data persistent storage, sensitive and configuration data storage, dynamic provisioning of storage resources, and other storage needs based on the CSI plug-in.
Auto Scaling configuration: For businesses with unpredictable resource demands or cyclical patterns, such as web applications, gaming services, or online education platforms, enabling Auto Scaling is advisable. This includesworkload scaling (HPA, CronHPA, VPA, etc.) and auto scaling of nodes, along with instant elasticity of nodes, among other capabilities.
Fine-grained authorization

If you need to perform more fine-grained access control on the basic resource layer (cloud products that ACK depends on) and internal resources of the cluster (Kubernetes resource objects), ACK provides multiple permission management solutions based on Alibaba Cloud RAM and Kubernetes native RBAC mechanism. Please refer to Authorization.

Limits

If the cluster size is large or the account resources are abundant, please follow the quotas and limits involved when using ACK clusters. For detailed information, see Quotas and Limits.

Usage limits encompass both ACK configuration constraints (such as account balance) and individual cluster capacity limitations (the maximum capacity for various Kubernetes resources in a single cluster).
Quota limits and upgrade methods: ACK cluster quota limits and ACK dependent cloud product (such as ECS, VPC, etc.) quota limits. If you need to upgrade the quota, please refer to the document to obtain the upgrade method.

FAQ

If you encounter problems while using ACK clusters, you can refer to Troubleshooting, FAQ for self-troubleshooting.

Can I create a cluster with 0 nodes?

Yes. If you want to skip node creation or add purchased ECS instances to the cluster after the cluster is created, you can configure the Expected Number Of Nodes to 0 during the configuration process, which means the number of instances in the cluster is 0, and complete the configuration of other required options. Then refer to Create and Manage Node Pools to complete the configuration update of the node pool or create more node pools. If you need to add purchased ECS instances to the cluster, please refer to Add Existing Nodes.

How to add purchased ECS instances to the cluster?

ACK supports manually or automatically adding existing ECS instances to the node pool. The automatic addition method will replace the original operating system of the ECS instance according to the current operating system of the node pool, and the original system disk will be released. If you need to retain the operating system of the ECS instance, please choose the manual addition method. For related precautions and operation steps, please refer to Add Existing Nodes.

It is recommended that the ECS instances to be added have the same or similar configuration (such as billing type, disk configuration, instance type, etc.) as the node pool to be joined, to facilitate unified management of subsequent nodes.

Can purchased pay-as-you-go ECS instances be added to a subscription node pool?

Yes, you can refer to Add Existing Nodes to complete the operation. However, when the node pool billing type is subscription, the nodes scaled out from the node pool will all be of the subscription type. It is recommended that you create different node pools to manage nodes of different types (such as billing type, disk configuration, instance type, etc.). For specific operations, please refer to Create and Manage Node Pools.

Why is there a shortage of Pods just after creating the cluster?

There may be the following reasons.

Component occupation: Cluster components exist in the form of Pods and occupy node resources. Some components may require multiple pods. If you enable many features when creating cluster configuration components, it may occupy many Pods on the nodes.
Small instance type: In Terway mode, the maximum number of Pods supported by a single node depends on the number of Elastic Network Interfaces (ENIs) provided by the ECS instance family. Although the maximum number of Pods supported by a node is not directly linearly related to CPU and memory, smaller ECS instance types generally support fewer ENIs, and the Pod limit per node is also smaller.

When the number of Pods on a node reaches the limit, new Pods will fail to schedule, affecting service performance. You can increase the number of available Pods by scaling out the node pool to add more available nodes or upgrading the nodes to increase the maximum number of Pods per node. Please refer to Adjust the Number of Usable Node Pods.

Why are the available CPU and memory resources of the nodes less than those defined by the instance type after purchase?

ACK needs to occupy a certain amount of node resources to reserve resources for Kubernetes components and system processes, ensuring the normal operation of the OS kernel, system services, and Kubernetes daemons. This leads to a difference between the total resources of the node (Capacity) and the allocatable resources (Allocatable). For detailed information, please refer to Node Resource Reservation Policy.

References

When utilizing ACK clusters, incorrect operations can lead to business disruptions. For guidance, please see Usage Notes and Important Risk Operation Instructions.
For information on how to connect to the cluster, please refer to Obtain Cluster KubeConfig and Connect to the Cluster Using kubectl Tool.
To avoid security and stability risks of expired version clusters, it is recommended that you upgrade the cluster in a timely manner. Please refer to Manually Upgrade the Cluster, Automatically Upgrade the Cluster.
For instructions on pulling container images from overseas sources for ACK clusters across domains, see Cross-Domain Accelerated Pulling of Container Images.
If you have any product suggestions or questions, please Contact Us.