All Products
Search
Document Center

Container Service for Kubernetes:Create an ACK Edge cluster in the console

更新時間:Aug 14, 2024

ACK Edge clusters are designed to bring cloud computing to terminal devices at the edge. You can create, manage, and maintain ACK Edge clusters in the ACK console. ACK is a platform that integrates cloud computing with edge computing on top of the edge computing infrastructure. This topic describes how to create an ACK Edge cluster in the ACK console.

Table of contents

Prerequisites

Limits

Item

Limit

Links for increasing quota limits/references

Networks

ACK clusters support only VPCs.

What is a VPC?

Cloud resources

ECS

The pay-as-you-go and subscription billing methods are supported. After an ECS instance is created, you can change its billing method from pay-as-you-go to subscription in the ECS console.

Change the billing method of an ECS instance from pay-as-you-go to subscription

VPC route entries

By default, you can add at most 200 route entries to the VPC of an ACK cluster that runs Flannel. VPCs of ACK clusters that run Terway do not have this limit. If you want to add more route entries to the VPC of your ACK cluster, request a quota increase for the VPC.

Quota Center

Security groups

By default, you can create at most 100 security groups with each account.

View and increase resource quotas

SLB instances

By default, you can create at most 60 pay-as-you-go SLB instances with each account.

Quota Center

EIP

By default, you can create at most 20 EIPs with each account.

Quota Center

Billing rules

For more information about the billing rules of ACK Edge clusters, see Billing of ACK Edge clusters.

Background information

The rapid growth of smart devices connected to the Internet and the need to deploy business and process data at the edge have significant impacts on edge computing services. To meet these requirements, a variety of new edge computing services have emerged, such as edge intelligence, real-time edge computing, and edge analytics. Traditional cloud computing platforms provide computing and storage services in the cloud. However, this no longer meets the requirements of edge devices for time-efficient computing, larger storage capacity, and enhanced computing capacity. To meet these requirements, ACK provides ACK Edge clusters to coordinate services in the cloud and the edge. An ACK Edge cluster is a standard, secure, and highly-available Kubernetes cluster deployed on the cloud. This type of cluster is integrated with features of Alibaba Cloud, such as virtualization, storage, networking, and security. This simplifies cluster management and maintenance, which allows you to focus on business development. In addition, quick access to a variety of heterogeneous edge computing services is supported at the edge. The cloud control center allows you to manage edge devices, such as IoT gateway devices, terminals, Content Delivery Network (CDN) resources, and data centers. The X86 and ARM architectures are supported. ACK Edge clusters are used in various sectors, such as edge intelligence, intelligent buildings, intelligent factories, audio and video live streaming, online education, and CDN.

Step 1: Log on to the ACK console

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. In the upper-right corner of the Clusters page, click Create Kubernetes Cluster.

  3. On the Create Cluster page, click the ACK Edge tab.

Step 2: Configure a cluster

On the ACK Edge page, configure the basic and advanced settings for the cluster.

Basic settings

Parameter

Description

All Resources

Move the pointer over All Resources at the top of the page and select the resource group that you want to use. After you select a resource group, VPCs and vSwitches that belong to the selected resource group are displayed. When you create a cluster, only VPCs and vSwitches that belong to the specified resource group are displayed.资源组

Cluster Name

Enter a name for the cluster.

Note

The name must be 1 to 63 characters in length, and can contain digits, letters, hyphens (-), and underscores (_). The name must start with a letter or digit.

Cluster Specification

Select a cluster type. You can select Professional or Basic.

Select Professional to create an ACK Edge cluster.

Region

Select a region to deploy the cluster.

Kubernetes Version

The Kubernetes versions supported by ACK are displayed.

VPC

Select a VPC to deploy the cluster. Standard VPCs and shared VPCs are supported.

  • Shared VPC: The owner of a VPC (resource owner) can share the vSwitches in the VPC with other accounts in the same organization.

  • Standard VPC: The owner of a VPC (resource owner) cannot share the vSwitches in the VPC with other accounts.

Note

ACK clusters support only VPCs. You can select a virtual private cloud (VPC) from the drop-down list. If you do not have a VPC, click Create VPC to create one. For more information, see Create and manage a VPC.

vSwitch

Select vSwitches.

You can select up to three vSwitches that are deployed in different zones. If no vSwitch is available, click Create vSwitch. For more information, see Create and manage vSwitches.

Pod CIDR Block

The pod CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the Service CIDR block. The pod CIDR block cannot be modified after it is specified. For more information, see Plan Kubernetes cluster networks.

Number of Pods per Node

Specify the number of pods per node.

Service CIDR

Set Service CIDR. The Service CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the pod CIDR block. The Service CIDR block cannot be modified after it is specified. For more information about how to plan CIDR blocks for an ACK cluster, see Plan the network of an ACK cluster.

Configure SNAT

By default, the check box is selected. If the VPC that you select for the cluster cannot access the Internet, you can select Configure SNAT for VPC. This way, ACK will create a NAT gateway and configure SNAT rules to enable Internet access for the VPC.

Access to API Server

By default, ACK automatically creates an internal-facing SLB instance that uses the pay-as-you-go billing method for the API server. You can manually change the billing method. For more information, see Pay-as-you-go.

Important

If you delete the SLB instance, you cannot access the Kubernetes API server of the cluster.

Select or clear Expose API Server with EIP. The ACK API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources, such as pods and Services.

  • If you select this check box, an elastic IP address (EIP) is created and associated with the SLB instance. Port 6443 used by the API server is opened on master nodes. You can connect to and manage the cluster over the Internet by using a kubeconfig file.

  • If you clear this check box, no EIP is created. You can use a kubeconfig file to connect to the cluster only from within the VPC and then manage the cluster.

Important

Edge nodes interact with the API server in the cloud over the Internet. If you clear Expose API Server with EIP, the edge nodes cannot connect to the cluster in the cloud. As a result, the cluster cannot be used in edge computing scenarios.

RDS Whitelist

Click Select RDS Instance to add node IP addresses to the whitelist of an ApsaraDB RDS instance.

Security Group

You can select Create Basic Security Group, Create Advanced Security Group, or Select Existing Security Group. For more information about security groups, see Overview.

Note
  • To enable the Select Existing Security Group option, log on to the Quota Center console and acquire the privilege.

  • If you select an existing security group, the system does not automatically configure security group rules. This may cause errors when you access the nodes in the cluster. You must manually configure security group rules. For more information about how to manage security group rules, see Configure security groups for clusters.

  • By default, the security group used by ACK permits all outbound traffic. When you modify the security group due to business purposes, make sure that traffic destined for 100.64.0.0/10 is permitted. This CIDR block is used to pull images and query basic ECS information.

Deletion Protection

Specify whether to enable deletion protection for the cluster. Deletion protection can prevent clusters from being accidentally released by using the console or API.

Resource Group

The resource group to which the cluster belongs. Each resource can belong to only one resource group. You can regard a resource group as a project, an application, or an organization based on your business scenarios. For more information, see Resource groups.

Advanced settings

Click Show Advanced Options to configure the advanced settings for the cluster.

View advanced settings

Parameter

Description

Kube-proxy Mode

iptables and IPVS are supported.

  • iptables is a mature and stable kube-proxy mode. It uses iptables rules to conduct service discovery and load balancing. The performance of this mode is restricted by the size of the Kubernetes cluster. This mode is suitable for Kubernetes clusters that manage a small number of Services.

  • IPVS is a high-performance kube-proxy mode. It uses Linux Virtual Server (LVS) to conduct service discovery and load balancing. This mode is suitable for clusters that manage a large number of Services. We recommend that you use this mode in scenarios where high-performance load balancing is required.

Labels

Add labels to cluster nodes. Enter a key and a value, and then click Add.

Note
  • Key is required. Value is optional.

  • Keys are not case-sensitive. A key must be 1 to 64 characters in length, and cannot start with aliyun, http://, or https://.

  • Values are not case-sensitive. A value cannot exceed 128 characters in length, and cannot contain http:// or https://. A value can be empty.

  • The keys of labels that are added to the same resource must be unique. If you add a label with a used key, this label overwrites the label that uses the same key.

  • If you add more than 20 labels to a resource, all labels become invalid. You must remove excess labels for the remaining labels to take effect.

Secret Encryption

If you select Select Key, you can use a key that is created in the Key Management Service (KMS) console to encrypt Kubernetes Secrets. For more information about how to configure Secret encryption, see Use KMS to encrypt Secrets.

Step 3: Configure worker nodes

Important

You must configure at least one worker node in an ACK Edge cluster to deploy components.

Parameter

Description

Container Runtime

Specify the container runtime based on the Kubernetes version. The following list describes the Kubernetes versions supported by different container runtimes:

  • containerd: containerd is recommended for all Kubernetes versions.

  • docker: supports Kubernetes 1.22 and earlier.

Instance Type

You can select multiple instance types. You can filter instance types by vCPU, memory, architecture, or category.

Note

The instance types that you select are displayed in the Selected Types section.

When the node pool is scaled out, ECS instances of the instance types that you select for the Instance Type parameter are created. The scaling policy of the node pool determines which instance types are used to create new nodes during scale-out activities. Select multiple instance types to improve the success rate of node pool scale-out operations.

If the node pool fails to be scaled out because the instance types are unavailable or the instances are out of stock, you can specify more instance types for the node pool. The ACK console automatically evaluates the scalability of the node pool. You can view the scalability level when you create the node pool or after you create the node pool.

Note

ARM-based ECS instances support only images for ARM. For more information about ARM-based node pools, see Configure an ARM-based node pool.

Note

To use advanced features such as logging, monitoring, and reverse tunneling in ACK Edge clusters, you must deploy the related components in the cloud. Therefore, you must create at least one Elastic Compute Service (ECS) instance as a worker node.

Selected Types

The selected instance types are displayed.

Expected Nodes

The expected number of nodes in the node pool. You can modify the Expected Nodes parameter to adjust the number of nodes in the node pool. If you do not want to create nodes in the node pool, set this parameter to 0. For more information, see Scale a node pool.

System Disk

ESSD AutoPL, Enhanced SSD (ESSD), Standard SSD, and Ultra Disk are supported.

The types of system disks that you can select depend on the instance types that you select. Disk types that are not displayed in the drop-down list are not supported by the instance types that you select. For more information about the disk types supported by different instance types, see Instance families.

Note
  • If you select Enhanced SSD (ESSD) as the system disk type, you can set a custom performance level for the system disk. You can select higher PLs for ESSDs with larger storage capacities. For example, you can select PL 2 for an ESSD with a storage capacity of more than 460 GiB. You can select PL 3 for an ESSD with a storage capacity of more than 1,260 GiB. For more information, see Capacities and performance levels.

  • You can select Encryption only if you set the system disk type to Enhanced SSD (ESSD). By default, the default service CMK is used to encrypt the system disk. You can also use an existing CMK generated by using BYOK in KMS.

You can select More System Disk Types and select a disk type other than the current one in the System Disk section to improve the success rate of system disk creation. The system will attempt to create a system disk based on the specified disk types in sequence.

Mount Data Disk

ESSD AutoPL, Enhanced SSD (ESSD), SSD, and Ultra Disk are supported.

The disk types that you can select depend on the instance types that you select. Disk types that are not displayed in the drop-down list are not supported by the instance types that you select. For more information about the disk types supported by different instance types, see Instance families.

Note
  • If you select Enhanced SSD (ESSD) as the system disk type, you can set a custom performance level for the system disk. You can select higher PLs for ESSDs with larger storage capacities. For example, you can select PL 2 for an ESSD with a storage capacity of more than 460 GiB. You can select PL 3 for an ESSD with a storage capacity of more than 1,260 GiB. For more information, see Capacities and performance levels.

  • You can select Encryption for all disk types when you specify the type of data disk. By default, the default service CMK is used to encrypt the data disk. You can also use an existing CMK generated by using BYOK in KMS.

  • The maximum number of data disks that can be mounted depends on the instance types that you select. You can view the selected data disks and the remaining number of data disks that you can mount on the right side of Mount Data Disk.

Logon Type

  • Key pair logon.
    • Key Pair: Select an SSH key pair from the drop-down list.
    • create a key pair: Create an SSH key pair if none is available. For more information about how to create an SSH key pair, see Create an SSH key pair. After the key pair is created, set it as the credential that is used to log on to the cluster.
  • Password logon.
    • Password: Enter the password that is used to log on to the nodes.
    • Confirm Password: Enter the password again.
    Note The password must be 8 to 30 characters in length, and must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. The password cannot contain underscores (_).
Note

You must set the logon type if you select Install the CloudMonitor Agent on ECS Nodes or Enable Log Service.

Step 4: Configure components

Click Next:Component Configurations to configure the basic settings and advanced settings for cluster components.

Parameter

Description

CloudMonitor Agent

Specify whether to install the CloudMonitor agent. After you install the CloudMonitor agent on ECS nodes, you can view the monitoring information about the nodes in the CloudMonitor console.

Note

This parameter takes effect only on newly added nodes and does not take effect on existing nodes. If you want to install the CloudMonitor agent on an existing ECS node, go to the CloudMonitor console.

Log Service

Specify whether to enable Simple Log Service. You can select an existing Simple Log Service project or create one. By default, Enable Log Service is selected. For more information about how to quickly configure Simple Log Service when you create an application, see Collect log data from containers by using Simple Log Service.

Step 5: Confirm the cluster configurations

Click Next:Confirm Order, confirm the configurations, read and select the terms of service, and then click Create Cluster.

After the cluster is created, you can find the cluster on the Clusters page in the ACK console.

Note

It requires about 10 minutes to create a cluster that contains multiple nodes.

What to do next

  • View the basic information about the cluster

    On the Clusters page, find the created cluster and click Details in the Actions column. On the cluster details page, click the Basic Information tab to view the basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster. The following information is displayed:

    • API Server Public Endpoint: the IP address and port that the API server of the cluster uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on your client.

      Only ACK managed clusters support the Associate EIP and Disassociate EIP features.

      • Associate EIP: You can select an existing EIP or create an EIP.

        The API server restarts after you associate an EIP with the API server. We recommend that you do not perform operations on the cluster during the restart process.

      • Disassociate EIP: After you disassociate the EIP, you can no longer access the API server over the Internet.

        The API server restarts after you disassociate the EIP from the API server. We recommend that you do not perform operations on the cluster during the restart process.

    • API Server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the Server Load Balancer (SLB) instance that is associated with the cluster.