This topic describes how to get started with Container Service for Kubernetes (ACK) in steps and provides answers to some frequently asked questions about ACK.
- Assign roles to your Alibaba Cloud account. For more information, see ACK default roles.
- Create a standard managed Kubernetes cluster. For more information, see Create a managed Kubernetes cluster.To create a cluster of another type, see the following topics:
- Create an ASK cluster.
- Create a dedicated Kubernetes cluster.
- Create a professional managed Kubernetes cluster.
- Create a managed edge Kubernetes cluster.
- Create a managed Kubernetes cluster with GPU-accelerated nodes and Create a dedicated Kubernetes cluster with GPU-accelerated nodes.
- Create a managed Kubernetes cluster that runs sandboxed containers and Create a dedicated Kubernetes cluster that supports sandboxed containers.
- Create a managed Kubernetes cluster for confidential computing.
- Deploy an application by using an image or orchestration template.For more information, see Create a stateless application by using a Deployment.Note If your application consists of multiple Services created from different images, we recommend that you use a YAML file to deploy the application.
- Perform O&M operations on the cluster and the application.
Cluster O&M Application O&M Cluster management Application deployment Node maintenance Application and image updates Node pool management Application scaling
- Monitoring management
- Log management
Audit logs, Collect log files from containers by using Log Service, Configure Log4jAppender for Kubernetes and Log Service, Collect the logs of control plane components in a managed Kubernetes cluster, and Monitor and analyze the log of CoreDNS
- How do I create a Docker image for an application that runs on an ACK cluster?
Container Registry allows you to create a container image within a few clicks. For more information about how to create a Docker image for an application, see Build an image for a Java application by using a Dockerfile with multi-stage builds. You can also use the open source tool Derrick to simplify how to containerize your application.
- If I cannot create an image, how do I deploy an application to an ACK cluster?
ACK allows you to create applications by using images of the following types: images stored in Container Registry, official images, favorite images, and public images. For more information, see Deploy a stateless application from an image.
- How do I plan the network before I create a cluster?
Before you create a cluster, make sure that the CIDR block of the virtual private cloud (VPC) where you want to deploy the cluster, CIDR blocks of Services, and CIDR blocks of pods do not overlap. You can select an automatically created VPC. In this case, use the default IP addresses when you create a cluster. However, in some complex scenarios, you must plan the IP address of each Elastic Compute Service (ECS) instance, pod CIDR blocks, and Service CIDR blocks. For more information, see Plan CIDR blocks for an ACK cluster.
- Which network plug-in should I choose when I create a cluster, Terway or Flannel?
Flannel is a simple and stable container network interface (CNI) plug-in developed by the Kubernetes community. However, Flannel provides only basic features and does not support standard Kubernetes network policies. Terway is a network plug-in developed by Alibaba Cloud. Terway supports standard Kubernetes network policies and bandwidth throttling on containers. Terway outperforms Flannel in terms of network performance. For more information, see Use the Terway plug-in.
- What can I do if I failed to create a cluster?
You can view the cluster logs for troubleshooting. For more information, see Failed to create a Kubernetes cluster.
- How do I access Kubernetes workloads over the Internet?ACK allows you to use the following methods to access workloads over the Internet:
- If multiple workloads exist in a cluster, how can a workload be accessed by other
workloads in the cluster?
To access a workload from other workloads in the same cluster, use the internal domain name or a ClusterIP Service.Assume that Workload A and Workload B exist in the same cluster. To allow Workload A to access Workload B, create a ClusterIP Service for Workload B. For more information, see Manage Services. After you create a ClusterIP Service, Workload A can access Workload B by using the following connect strings:
<The name of the ClusterIP Service>. <The namespace to which Workload B belongs>.svc.cluster.local:<Port number>
- What are the considerations when I expose Services through SLB instances?
If you create a LoadBalancer Service, cloud controller manager (CCM) automatically creates and configures an SLB instance for the Service. We recommend that you do not configure the SLB instance in the SLB console. Otherwise, the Service may be unavailable. For more information, see Considerations for configuring a LoadBalancer type Service.
- How do I pull private images from Container Registry?
We recommend that you use the aliyun-acr-credential-helper component. By default, each cluster has aliyun-acr-credential-helper installed. You can use this component to pull private images from Container Registry without a password. For more information, see Use aliyun-acr-credential-helper to pull images without a password.