Flowchart

Procedure

The flowchart consists of the following steps:

1. Assign roles to your Alibaba Cloud account. For more information, see Default roles.
   For more information about RAM policies and role-based access control (RBAC), see Create a custom RAM policy and Assign RBAC roles to a RAM user.
2. Create a standard managed cluster. For more information, see Create a cluster of ACK Managed Edition.
   To create a cluster of another type, see the following topics:

   • Create an ASK cluster.
   • Create a dedicated Kubernetes cluster.
   • Create an ACK Pro cluster.
   • Create a managed edge cluster.
   • Create a managed GPU cluster and Create a dedicated GPU cluster for heterogeneous computing.
   • Create a managed Kubernetes cluster that runs sandboxed containers and Create a dedicated Kubernetes cluster that runs sandboxed containers.
   • Create a managed Kubernetes cluster that supports confidential computing.
3. Deploy an application by using an image or orchestration template.
   For more information, see Use an image to create a stateless application and Use an orchestration template to create a Linux application.

   Note If your application consists of multiple services created from different images, we recommend that you use a YAML file to deploy the application.
4. Perform O&M operations on the cluster and the application.

   Cluster O&M	Application O&M
   Cluster management Upgrade a cluster Expand a cluster Manage system components	Application deployment Deploy stateful applications from images Create a Job application by using an image Create an application from a private image repository
   Node maintenance Add existing ECS instances to an ACK cluster Mark a node as unschedulable Manage nodes in batches Attach a data disk to a node	Application and image updates Use an application trigger to redeploy an application Use aliyun-acr-credential-helper to pull images without a password Use kritis-validation-hook to automatically verify the signatures of container images
   Node pool management Create a node pool Scale out a node pool Schedule an application pod to a specified node pool	Application scaling Scale an application HPA Vertical pod autoscaling
   Monitoring Monitor application performance, Monitor application architecture, Event monitoring, Enable ARMS Prometheus, and Deploy Prometheus to a Kubernetes cluster Log management Audit logs, Use Log Service to collect container logs, Use log-pilot to collect logs of a cluster, and Configure Log4jAppender for Kubernetes and Log Service

FAQ

• How do I build a Docker image for an application that runs on an ACK cluster?

  Container Registry allows you to build a container image within a few clicks. For more information about how to build a Docker image for an application, see Build an image for a Java application by using a Dockerfile with multi-stage builds. You can also use the open source tool Derrick to dockerize an application in a simplified manner.

• If I do not want to build an image, how do I deploy an application to an ACK cluster?

  ACK allows you to create applications by using images of the following types: images stored in Container Registry, official images, favorite images, and public images. For more information, see Deploy stateless applications from images.

• How do I plan CIDR blocks before I create a cluster?

  Before you create a cluster, make sure that the CIDR blocks of virtual private clouds (VPCs), services, and pods do not overlap. You can select to create a VPC automatically. In this case, use the default network address when you create a cluster. However, in some complex scenarios, you must plan CIDR blocks for Elastic Compute Service (ECS) instances, pods, and services. For more information, see Assign CIDR blocks to resources in a Kubernetes cluster under a VPC.

• How do I select the Terway or Flannel plug-in when I create a cluster?

  Flannel is a simple and stable container network interface (CNI) plug-in developed by the community. However, Flannel only supports simple features and does not support standard Kubernetes network policies. Terway, a network plug-in developed by Alibaba Cloud, supports standard Kubernetes network policies and bandwidth throttling on containers. Terway outperforms Flannel in terms of network performance. For more information, see Use Terway.

• How do I handle a cluster creation failure?

  You can view the cluster events for troubleshooting. For more information, see Failed to create a Kubernetes cluster.

• How do I access Kubernetes workloads over the Internet?
  You can use the following methods to access workloads over the Internet:

  • Use a NodePort
  • Use Server Load Balancer (SLB) instances
  • Nginx Ingress
  • Use an external DNS
  • Use a Destination Network Address Translation (DNAT) gateway
• If multiple workloads exist in a cluster, how can a workload be accessed by other workloads in the cluster?

  To access a workload from other workloads in the same cluster, use the internal DNS or ClusterIP service.

  Assume that Workload A and Workload B exist in a cluster. To allow Workload A to access Workload B, create a service of the ClusterIP type for Workload B. For more information, see Create a service. After you create a ClusterIP service, Workload A can use one of the following methods to access Workload B:

  • <ClusterIP service name>. <Namespace to which Workload B belongs>.svc.cluster.local:<Port number>
  • ClusterIP:<Port number>
• What are the considerations when I access services through SLB instances?

  If you create a service of the LoadBalancer type, Cloud Controller Manager (CCM) automatically creates and configures an SLB instance for the service. We recommend that you do not configure the SLB instance in the SLB console. This may cause the unavailability of the service. For more information, see Considerations for configuring a LoadBalancer service.

• How do I pull private images from Container Registry?

  We recommend that you use the aliyun-acr-credential-helper component. By default, each cluster has aliyun-acr-credential-helper installed. You can use this component to pull images without a password from Container Registry. For more information, see Use aliyun-acr-credential-helper to pull images without a password.