All Products
Search
Document Center

Container Compute Service:Create an ACS cluster

Last Updated:Nov 06, 2024

Alibaba Cloud Container Compute Service (ACS) is a cloud computing service that provides container computing resources based on Kubernetes. ACS provides serverless container computing power that complies with container specifications. ACS allows you to scale CPU and memory resources within seconds, allocate resources to pods on demand, and pay for these resources on a pay-as-you-go basis. ACS can efficiently reduce the expenses on computing resources and is suitable for fluctuating workloads. ACS clusters are compatible with Kubernetes and make Kubernetes easier to use for beginners. With the help of ACS, you can focus on application development without the need to worry about the underlying infrastructure. This topic describes how to create an ACS cluster in the ACS console.

Procedure

  1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

  2. In the upper-left corner of the Clusters page, click Create Cluster.

  3. On the Create Cluster page, set relevant parameters.

    Parameter

    Description

    Cluster Name

    The name of the cluster.

    Region

    The region where the cluster is located. For more information about the available regions, see Supported regions.

    Kubernetes Version

    The Kubernetes versions supported by the ACS cluster.

    IPv6 Dual-stack

    If you enable IPv4/IPv6 dual stack, a dual-stack cluster is created.

    Note

    If you select Select Existing VPC, you must first enable IPv6 for the virtual private cloud (VPC) and vSwitch. For more information, see Enable IPv6 for a VPC and Enable IPv6 for a vSwitch.

    VPC

    The network of the cluster. ACS clusters support only VPCs. You can select Create VPC or Select Existing VPC.

    • Create VPC: If you select this option, ACK automatically creates a VPC and a NAT gateway in the VPC. ACK also configures SNAT rules on the NAT gateway.

    • Select Existing VPC: If you select this option, you must select a VPC from the VPC drop-down list and select vSwitches in the vSwitch section. If you want to download container images over the Internet, you must configure a NAT gateway. We recommend that you upload the container image to Alibaba Cloud Container Registry in the region where the cluster is deployed and pull the image by using the VPC endpoint.

    For more information, see Create and manage VPCs.

    Zone

    The zone where the cluster is located.

    Configure SNAT

    Specify whether to create a NAT gateway and configure SNAT rules on the NAT gateway. If a VPC is automatically created, you must configure SNAT. For more information, see Create and manage Internet NAT gateways.

    Service CIDR

    The Service CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACS clusters in the VPC, or the pod CIDR block. The Service CIDR block cannot be modified after the cluster is created.

    API Server Access Settings

    By default, an internal-facing Classic Load Balancer (CLB) instance is created for the API server. You can modify the specification of the CLB instance on demand. For more information, see Instance specifications.

    Note

    If you delete the default CLB instance, you cannot access the API server.

    You can choose whether to select the Expose API Server with EIP check box. The API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources such as pods and Services.

    • If you select this check box, an elastic IP address (EIP) is created and associated with the CLB instance. The API server is exposed through port 6443 of the EIP. You can connect to and manage the cluster over the Internet by using a kubeconfig file.

    • If you clear this check box, no EIP is created. You can use a kubeconfig file to connect to the cluster only from within the VPC and then manage the cluster.

    For more information, see Control public access to the API server of a cluster.

    Security Group

    You can select Create Basic Security Group or Create Advanced Security Group. For more information about security groups, see Overview.

    Time Zone

    The time zone of the cluster. By default, the time zone of your browser is selected.

    Deletion Protection

    Specify whether to enable deletion protection for the cluster. Deletion protection prevents the cluster from being deleted in the console or by calling the API. This prevents user errors.

    Resource Group

    Select the resource group to which the cluster belongs.

    Labels

    Add labels to the cluster. Enter a key and a value, and click the Add icon.

    Note

    • Key is required and Value is optional.

    • Key are not case-sensitive. A key must not exceed 64 characters in length, and cannot start with aliyun, http://, or https://.

    • Values are not case-sensitive. A value cannot exceed 128 characters in length, and cannot start with http:// or https://.

    • The keys of labels that are added to the same resource must be unique. If you add a label with a used key, this label overwrites the label that uses the same key.

    • If a resource already has 20 labels, new labels become invalid. You need to remove some labels before you can add new labels.

    Cluster Domain

    Enter a domain name for the cluster. Default value: cluster.local.

    Maintenance Window

    ACS generates an update plan based on the cluster maintenance window that you configured, and performs prechecks and updates only within the maintenance window. The automatic update feature is not enabled for the cluster.

  4. Optional. Click Show Advanced Options to configure advanced settings for the cluster.

    Parameter

    Description

    Service Discovery

    Configure the service discover feature for the cluster. You can choose Disable or CoreDNS.

    Note

    CoreDNS is a flexible and scalable DNS server that serves as a standard service discovery component in Kubernetes.

    Ingress

    Specify whether to install an Ingress controller. You can choose Do not install or ALB Ingress.

    ALB Ingress: The Application Load Balancer (ALB) Ingress controller is compatible with the NGINX Ingress controller, and provides improved traffic routing capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and HTTP, HTTPS, and QUIC protocols. The ALB Ingress controller meets the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. For more information, see Getting started with ALB Ingresses.

    Monitor containers

    Enable Managed Service for Prometheus is selected by default. You can choose whether to select the Install metrics-server check box. After you select this check box, a single-replica elastic container instance is started. The instance provides 0.25 vCPU and 500 MB of memory.

    Note

    The metrics-server component relies on CoreDNS. Select CoreDNS in the Service Discovery section.

    Log Service

    Enable Log Service is selected by default. You can select Select Project or Create Project.

    If Simple Log Service is disabled, you cannot use the cluster auditing feature. For more information about Simple Log Service, see Getting Started.

  5. After you complete the configuration, click Confirm Order. In the Confirm Configuration dialog box, confirm the configuration, read and select Terms of Service, and then click Create Cluster.

    After the cluster is created, you can find the cluster on the Clusters page.

    Note

    It requires approximately 10 minutes to create a cluster.

What to do next

  • View the basic information about the cluster

    On the Clusters page, find the cluster that you created and click Details in the Actions column. On the details page, click the Basic Information tab to view basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster. Field description:

    • API Server Public Endpoint: the IP address and port that the Kubernetes API Server uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on the client.

      Only ACK managed clusters support the Associate EIP and Disassociate EIP features.

      • Associate EIP: You can select an existing EIP or create an EIP.

        The API server restarts after you associate an EIP with the API server. We recommend that you do not perform operations during the restart process.

      • Disassociate EIP: After you disassociate the EIP, you can no longer access the API server over the Internet.

        The API server restarts after you disassociate the EIP from the API Server. We recommend that you do not perform operations on the cluster during the restart process.

    • API Server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the SLB instance that is associated with the cluster.

  • View cluster logs

    Click the Cluster Logs tab to view the logs of the cluster.