This topic describes how to get started with Container Service for Kubernetes (ACK) in steps and provides answers to some frequently asked questions about ACK.
Procedure
FAQ
- How do I create a Docker image for an application that runs on an ACK cluster?
Container Registry allows you to create a container image within a few clicks. For more information about how to create a Docker image for an application, see Build an image for a Java application by using a Dockerfile with multi-stage builds. You can also use the open source tool Derrick to simplify how to containerize your application.
- If I cannot create an image, how do I deploy an application to an ACK cluster?
ACK allows you to create applications by using images of the following types: images stored in Container Registry, official images, favorite images, and public images. For more information, see Deploy a stateless application from an image.
- How do I plan the network before I create a cluster?
Before you create a cluster, make sure that the CIDR block of the virtual private cloud (VPC) where you want to deploy the cluster, CIDR blocks of Services, and CIDR blocks of pods do not overlap. You can select an automatically created VPC. In this case, use the default IP addresses when you create a cluster. However, in some complex scenarios, you must plan the IP address of each Elastic Compute Service (ECS) instance, pod CIDR blocks, and Service CIDR blocks. For more information, see Plan CIDR blocks for an ACK cluster.
- Which network plug-in should I choose when I create a cluster, Terway or Flannel?
Flannel is a simple and stable container network interface (CNI) plug-in developed by the Kubernetes community. However, Flannel provides only basic features and does not support standard Kubernetes network policies. Terway is a network plug-in developed by Alibaba Cloud. Terway supports standard Kubernetes network policies and bandwidth throttling on containers. Terway outperforms Flannel in terms of network performance. For more information, see Use the Terway plug-in.
- What can I do if I failed to create a cluster?
You can view the cluster logs for troubleshooting. For more information, see Failed to create a Kubernetes cluster.
- How do I access Kubernetes workloads over the Internet?ACK allows you to use the following methods to access workloads over the Internet:
- Access a node port.
- Use a Server Load Balancer (SLB) instance.
- Nginx Ingress
- Use a Domain Name System (DNS) server.
- Use a NAT gateway. The NAT gateway must have Destination Network Address Translation (DNAT) entries configured.
- If multiple workloads exist in a cluster, how can a workload be accessed by other
workloads in the cluster?
To access a workload from other workloads in the same cluster, use the internal domain name or a ClusterIP Service.
Assume that Workload A and Workload B exist in the same cluster. To allow Workload A to access Workload B, create a ClusterIP Service for Workload B. For more information, see Manage Services. After you create a ClusterIP Service, Workload A can access Workload B by using the following connect strings:<The name of the ClusterIP Service>. <The namespace to which Workload B belongs>.svc.cluster.local:<Port number>ClusterIP:<Port number>
- What are the considerations when I expose Services through SLB instances?
If you create a LoadBalancer Service, cloud controller manager (CCM) automatically creates and configures an SLB instance for the Service. We recommend that you do not configure the SLB instance in the SLB console. Otherwise, the Service may be unavailable. For more information, see Considerations for configuring a LoadBalancer type Service.
- How do I pull private images from Container Registry?
We recommend that you use the aliyun-acr-credential-helper component. By default, each cluster has aliyun-acr-credential-helper installed. You can use this component to pull private images from Container Registry without a password. For more information, see Use aliyun-acr-credential-helper to pull images without a password.