Container Service for Kubernetes (ACK) edge clusters are designed to bring cloud computing to terminal devices at the edge. ACK edge clusters can be created, managed, and maintained in the ACK console. ACK is a platform that integrates cloud computing with edge computing on top of the edge computing infrastructure. This topic describes how to create an ACK edge cluster in the ACK console.
Table of contents
Links for increasing quota limits/references
ACK clusters support only VPCs.
The pay-as-you-go and subscription billing methods are supported. After an ECS instance is created, you can change its billing method from pay-as-you-go to subscription in the ECS console.
VPC route entries
By default, you can add at most 200 route entries to the VPC of an ACK cluster that runs Flannel. VPCs of ACK clusters that run Terway do not have this limit. If you want to add more route entries to the VPC of your ACK cluster, request a quota increase for the VPC.
By default, you can create at most 100 security groups with each account.
By default, you can create at most 60 pay-as-you-go SLB instances with each account.
By default, you can create at most 20 EIPs with each account.
For more information, see Billing of ACK edge clusters.
The sharp growth of smart devices connected to the Internet and the need to deploy business and process data at edges have significant impacts on edge computing services. To meet these requirements, a variety of new edge computing services have emerged, such as edge intelligence, real-time edge computing, and edge analytics. Traditional cloud computing platforms provide computing and storage services in the cloud. However, this no longer meets the requirements of edge devices for time-efficient computing, larger storage capacity, and enhanced computing capacity. To meet these requirements, ACK provides ACK edge clusters to coordinate services in the cloud and edges. An ACK edge cluster is a standard, secure, and highly-available Kubernetes cluster deployed in the cloud. This type of cluster is integrated with features of Alibaba Cloud, such as virtualization, storage, networking, and security. This simplifies how you manage and maintain clusters and allows you to focus on business development. In addition, quick access to a variety of heterogeneous edge computing services is supported at the edges. The cloud control center allows you to manage edge devices, such as IoT gateway devices, terminals, Content Delivery Network (CDN) resources, and data centers. The X86 and ARM architectures are supported. ACK edge clusters have been used in various sectors, such as edge intelligence, intelligent buildings, intelligent factories, audio and video live streaming, online education, and CDN.
Step 1: Log on to the ACK console
Log on to the ACK console. In the left-side navigation pane, click Clusters.
In the upper-right corner of the Clusters page, click Create Kubernetes Cluster.
On the Create Cluster page, click the Managed Edge Kubernetes tab.
Step 2: Configure a cluster
On the Managed Edge Kubernetes page, configure the basic and advanced settings for the cluster.
Move the pointer over All Resources at the top of the page and select the resource group that you want to use. After you select a resource group, virtual private clouds (VPCs) and vSwitches that belong to the resource group are displayed. When you create a cluster, only the VPCs and vSwitches that belong to the selected resource group are displayed in the console.
Enter a name for the cluster.
Note The name must be 1 to 63 characters in length, and can contain digits, letters, hyphens (-), and underscores (_). The name cannot start with an underscore (_).
Select a cluster type. You can select Professional or Standard edition.
Select Professional to create an ACK edge cluster.
Select a region to deploy the cluster.
The Kubernetes versions supported by ACK are displayed.
Select a VPC to deploy the cluster. Standard VPCs and shared VPCs are supported.
Note ACK clusters support only VPCs. You can select a VPC from the drop-down list. If no VPC is available, click Create VPC to create one. For more information, see Create and manage a VPC.
You can select up to three vSwitches that are deployed in different zones. If no vSwitch is available, click Create vSwitch to create one. For more information, see Create and manage a vSwitch.
Pod CIDR Block
The pod CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the Service CIDR block. The pod CIDR block cannot be modified after it is specified. For more information about how to plan CIDR blocks for an ACK cluster, see Plan CIDR blocks for an ACK cluster.
Number of Pods per Node
Specify the number of pods per node.
Set Service CIDR. The Service CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the pod CIDR block. The Service CIDR block cannot be modified after it is specified. For more information about how to plan CIDR blocks for an ACK cluster, see Plan CIDR blocks for an ACK cluster.
By default, the check box is selected. If the VPC that you select for the cluster cannot access the Internet, you can select Configure SNAT for VPC. This way, ACK will create a NAT gateway and configure SNAT rules to enable Internet access for the VPC.
Access to API Server
By default, an internal-facing SLB instance is created for the Kubernetes API server of the cluster. You can modify the specification of the SLB instance. For more information, see Instance specifications.
Important If you delete the SLB instance, you cannot access the API server of the cluster.
Select or clear Expose API Server with EIP. The ACK API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources, such as pods and Services.
Edge nodes interact with the API server in the cloud over the Internet. If you clear Expose API Server with EIP, the edge nodes cannot connect to the cluster in the cloud. As a result, the cluster cannot be used in edge computing scenarios.
Click Select RDS Instance to add node IP addresses to the whitelist of an ApsaraDB RDS instance.
You can select Create Basic Security Group, Create Advanced Security Group, or Select Existing Security Group. For more information about security groups, see Overview.
Specify whether to enable deletion protection for the cluster. Deletion protection can prevent clusters from being accidentally released by using the console or API.
The resource group that owns the cluster to be created. Each resource can belong only to one resource group. You can regard a resource group as a project, an application, or an organization based on your business scenarios. For more information, see Resource groups.
Click Show Advanced Options to configure the advanced settings of the cluster.
View advanced settings
iptables and IPVS are supported.
Add labels to nodes in the cluster. Enter a key and a value, and then click Add.
If you select Select Key, you can use a key that is created in the Key Management Service (KMS) console to encrypt Kubernetes Secrets. For more information about how to configure Secret encryption, see Use KMS to encrypt Secrets.
Step 3: Configure worker nodes
In an ACK edge cluster, you must configure at least one worker node to deploy components.
Specify the container runtime based on the Kubernetes version. The supported Kubernetes versions vary based on the container runtime:
You can select multiple instance types. You can filter instance types by vCPU, memory, architecture, or category.
When the node pool is scaled out, ECS instances of the instance types that you select for the Instance Type parameter are created. The scaling policy of the node pool determines which instance types are used to create new nodes during scale-out activities. Select multiple instance types to improve the success rate of node pool scale-out operations.
The instance types that you select are displayed in the Selected Types section.
To use advanced features such as logging, monitoring, and reverse tunneling, you must deploy the related components in the cloud. Therefore, you must create at least one Elastic Compute Service (ECS) instance as a worker node.
The selected instance types are displayed.
Specify the number of worker nodes (ECS instances) to be created.
Enhanced SSDs, standard SSDs, and ultra disks are supported. The types of system disks that you can select depend on the instance types that you select. For more information about the disk types supported by different instance types, see Overview of instance families. Disk types that are not displayed in the drop-down list are not supported by the instance types that you select.
Mount Data Disk
Enhanced SSDs (ESSDs), standard SSDs, and ultra disks are supported. The disk types that you can select depend on the instance types that you select. For more information about the disk types supported by different instance types, see Overview of instance families. Disk types that are not displayed in the drop-down list are not supported by the instance types that you select.
You must set the logon type if you select Install the CloudMonitor Agent on ECS Nodes or Enable Log Service.
Step 4: Configure components
Click Next:Component Configurations to configure the basic settings and advanced settings of cluster components.
Specify whether to install the CloudMonitor agent. After you install the CloudMonitor agent on ECS nodes, you can view the monitoring information about the nodes in the CloudMonitor console.
Note This parameter takes effect only on newly added nodes and does not take effect on existing nodes. If you want to install the CloudMonitor agent on an existing ECS node, go to the CloudMonitor console.
Specify whether to enable Log Service. You can select an existing Log Service project or create one. By default, Enable Log Service is selected. When you create an application, you can enable Log Service with a few steps. For more information, see Collect log data from containers by using Log Service.
Step 5: Confirm the cluster configurations
Click Next:Confirm Order. Confirm the cluster configurations, read the terms of service, and then select terms of service. Then, click Create Cluster.
It requires about 10 minutes to create an ACK cluster that contains multiple nodes.
What to do next
After the cluster is created, you can view the cluster on the Clusters page in the ACK console.
Click View Logs in the Actions column. On the Log Information page, you can view the cluster log. To view detailed log information, click Stack events.
On the Clusters page, find the created cluster and click Details in the Actions column. On the cluster details page, click the Basic Information tab to view the basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster.
The following information is displayed:
API Server Public Endpoint: the IP address and port that the Kubernetes API server of the cluster uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on your client.
Associate EIP and Disassociate EIP: These options are available only for ACK managed clusters.
Associate EIP: You can select an existing elastic IP address (EIP) or create one.
The API server restarts after you bind an EIP to the API server. We recommend that you do not perform operations on the cluster during the restart process.
Disassociate EIP: You cannot access the API server over the Internet after you unbind the EIP from the API server.
The API server restarts after you unbind the EIP from the API server. We recommend that you do not perform operations on the cluster during the restart process.
API Server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the Server Load Balancer (SLB) instance that is attached to the cluster.
Testing Domain: the domain name that is used for service tests. The suffix of the domain name is
To rebind the domain name, click Rebind Domain Name.
You can use kubectl to connect to the cluster and run the
kubectl get nodecommand to query information about the nodes in the cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.