All Products
Search
Document Center

Container Service for Kubernetes:Quick start for first-time users

Last Updated:Jan 29, 2024

When you use Container Service for Kubernetes (ACK) for the first time, you must assign default roles to ACK with your Alibaba Cloud account. Only after you assign these roles to ACK, ACK can use resources in other cloud services to create clusters or save log files. These cloud services include Elastic Compute Service (ECS), Object Storage Service (OSS), Apsara File Storage NAS (NAS), and Server Load Balancer (SLB). This topic describes how to assign default roles to ACK and activate the associated cloud services when you use ACK for the first time.

Step 1: Activate ACK

ACK is available for commercial use. You must activate ACK before you can create an ACK cluster. To do this, perform the following steps.

  1. Go to the Container Service for Kubernetes page.

  2. Read and select Container Service for Kubernetes Terms of Service.

  3. Click Activate Now.

Note

If you have not activated ACK before, you are prompted to activate ACK in the Dependency Check section of the cluster creation page when you create an ACK cluster.

Step 2: Assign default roles to ACK

When you use ACK for the first time, you must assign default roles to ACK with your Alibaba Cloud account. To do this, perform the following steps.

Note

You can use Alibaba Cloud accounts or Resource Access Management (RAM) users that have administrator permissions to assign default roles to ACK.

  1. Log on to the ACK console.

  2. If you have not assigned your Alibaba Cloud account the default roles, click Go to RAM console and the Cloud Resource Access Authorization page appears. Click Confirm Authorization Policy.

  3. After you assign the RAM roles to ACK, log on to the ACK console again to get started with ACK.

Step 3: Activate the associated cloud services

Some features provided by ACK are reliant on or associated with other cloud services. Therefore, you must activate the cloud services before you can use these features.

Note

You must use your Alibaba Cloud account to activate cloud services. RAM users are not allowed to activate cloud services.

Log on to the Alibaba Cloud official website with your Alibaba Cloud account and activate the following cloud services based on your requirements.

  • Required: the cloud services that you must activate. These services must be activated so that ACK clusters can function as normal.

  • Recommended: the cloud services that we recommend you to activate. You can choose to use these services when you create ACK clusters and manage applications.

  • Optional: the cloud services that you can activate based on your business architecture and O&M requirements.

Cloud service

Service link

Activation

Description

Virtual Private Cloud (VPC)

https://www.alibabacloud.com/product/vpc

Required

This service can be used to build networks and create routing rules for clusters.

Server Load Balancer (SLB)

https://www.alibabacloud.com/product/server-load-balancer

Required

This service allows you to enable load balancing for ACK clusters.

Auto Scaling

https://www.alibabacloud.com/product/auto-scaling

Required

This service allows ACK to automatically create worker nodes and enables ACK clusters to automatically scale in or out.

NAT Gateway

https://www.alibabacloud.com/product/nat

Recommended

This service enables Internet access for clusters and allows clusters to pull images over the Internet.

Container Registry

https://www.alibabacloud.com/product/container-registry

Recommended

This service ensures the security of cloud-native applications that are fully managed on the cloud and allows you to manage the lifecycle of these applications.

Elastic Container Instance

https://www.alibabacloud.com/products/elastic-container-instance

Recommended

This service allows you to deploy ACK Serverless clusters.

Service Mesh

https://servicemesh.console.aliyun.com/#/instances

Recommended

This service allows you to manage the network traffic of applications that are deployed across multiple ACK clusters by using Service Mesh.

Simple Log Service

https://www.alibabacloud.com/product/log-service

Recommended

This service allows you to collect and query the log data of ACK components and applications.

CloudMonitor

https://www.alibabacloud.com/product/cloud-monitor

Recommended

This service allows you to monitor the status of nodes and applications in ACK clusters.

Managed Service for Prometheus

https://arms.console.aliyun.com/#/home

Recommended

This service allows you to monitor ACK clusters and generate alerts when exceptions are detected.

Security Center (SAS)

https://www.alibabacloud.com/product/security-center

Optional

This service allows you to monitor the security events of application runtimes in ACK clusters and generate alerts when exceptions are detected.

Apsara File Storage NAS (NAS)

https://www.alibabacloud.com/product/nas

Optional

This service allows you to store application data in NAS file systems.

Object Storage Service (OSS)

https://www.alibabacloud.com/product/oss

Optional

This service allows you to store application data in OSS buckets.

Key Management Service (KMS)

https://www.alibabacloud.com/product/kms

Optional

This service allows you to manage application Secrets and encrypt Secrets for ACK Pro clusters.

Alibaba Cloud DNS PrivateZone

https://www.alibabacloud.com/products/private-zone

Optional

This service is intended for resolving private domain names in VPCs. You can use this service to resolve the domain names of applications in ACK Serverless clusters.

Cloud Backup

https://www.alibabacloud.com/product/hybrid-backup-recovery

Optional

This service provides data backup, disaster recovery, and policy-based archive management.

ACK default roles

Role

Description

AliyunCSDefaultRole

ACK assumes this role to access your resources in other cloud services when ACK manages clusters. These cloud services include ECS, Virtual Private Cloud (VPC), SLB, Auto Scaling, and Resource Orchestration Service (ROS).

AliyunCSManagedKubernetesRole

By default, an ACK managed cluster assumes this role to access your resources in other cloud services. These cloud services include ECS, VPC, SLB, and Container Registry.

AliyunCSServerlessKubernetesRole

By default, an ACK Serverless cluster assumes this role to access your resources in other cloud services. These cloud services include ECS, VPC, SLB, and Alibaba Cloud DNS PrivateZone.

AliyunCSKubernetesAuditRole

The audit feature of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Simple Log Service.

AliyunCSManagedNetworkRole

The network component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in other cloud services. These cloud services include ECS and VPC.

AliyunCSManagedCsiRole

The storage component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in other cloud services. These cloud services include ECS and NAS.

AliyunCSManagedCmsRole

The monitoring component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in other cloud services. These cloud services include CloudMonitor and Simple Log Service.

AliyunCSManagedLogRole

The logging component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Simple Log Service.

AliyunCSManagedVKRole

The virtual node component of an ACK Serverless cluster assumes this role to access your resources in other cloud services. These cloud services include ECS, VPC, and Elastic Container Instance (ECI).

AliyunCSManagedArmsRole

The Application Real-Time Monitoring Service (ARMS) component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in ARMS.

AliyunCSManagedAcrRole

The password-free image pulling plug-in of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Container Registry.

AliyunCSManagedNlcRole

The managed node pool controller of an ACK managed cluster assumes this role to access your node pool resources in ECS and ACK.

AliyunCSManagedAutoScalerRole

The auto scaling component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Auto Scaling and ECS.

AliyunCSManagedSecurityRole

The disk encryption component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Key Management Service (KMS).

AliyunCSManagedCostRole

The cost analysis component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in ECS and ECI and call API operations of Transactions and Bills Management (BSS).

AliyunCSManagedNimitzRole

The network component of an ACK Lingjun managed cluster assumes this role to access your resources in Intelligent Computing Lingjun.

AliyunCSManagedBackupRestoreRole

The backup center component of an ACK managed cluster assumes this role to access your resources in Cloud Backup and OSS.

AliyunCSManagedEdgeRole

By default, the control component of an ACK Edge cluster assumes this role to access your resources in Smart Access Gateway (SAG), VPC, and Cloud Enterprise Network (CEN).