Create an ACK edge cluster - Container Service for Kubernetes

Container Service for Kubernetes (ACK) edge clusters are designed to bring cloud computing to terminal devices at the edge. ACK edge clusters can be created, managed, and maintained in the ACK console. ACK is a platform that integrates cloud computing with edge computing on top of the edge computing infrastructure. This topic describes how to create an ACK edge cluster in the ACK console.

Prerequisites
Limits
Billing rules
Background information
Step 1: Log on to the ACK console
Step 2: Configure a cluster
Step 3: Configure worker nodes
Step 4: Configure components
Step 5: Confirm the configurations
What to do next
References

Prerequisites

Limits

Item		Limit	Links for increasing quota limits/references
Networks		ACK clusters support only VPCs.	What is a VPC?
Cloud resources	ECS	The pay-as-you-go and subscription billing methods are supported. After an ECS instance is created, you can change its billing method from pay-as-you-go to subscription in the ECS console.	Change the billing method of an ECS instance from pay-as-you-go to subscription
	VPC route entries	By default, you can add at most 200 route entries to the VPC of an ACK cluster that runs Flannel. VPCs of ACK clusters that run Terway do not have this limit. If you want to add more route entries to the VPC of your ACK cluster, request a quota increase for the VPC.	Quota Center
	Security groups	By default, you can create at most 100 security groups with each account.	View and increase resource quotas
	SLB instances	By default, you can create at most 60 pay-as-you-go SLB instances with each account.	Quota Center
	EIP	By default, you can create at most 20 EIPs with each account.	Quota Center

Billing rules

For more information, see Billing of ACK edge clusters.

Background Information

The sharp growth of smart devices connected to the Internet and the need to deploy business and process data at edges have significant impacts on edge computing services. To meet these requirements, a variety of new edge computing services have emerged, such as edge intelligence, real-time edge computing, and edge analytics. Traditional cloud computing platforms provide computing and storage services in the cloud. However, this no longer meets the requirements of edge devices for time-efficient computing, larger storage capacity, and enhanced computing capacity. To meet these requirements, ACK provides ACK edge clusters to coordinate services in the cloud and edges. An ACK edge cluster is a standard, secure, and highly-available Kubernetes cluster deployed in the cloud. This type of cluster is integrated with features of Alibaba Cloud, such as virtualization, storage, networking, and security. This simplifies how you manage and maintain clusters and allows you to focus on business development. In addition, quick access to a variety of heterogeneous edge computing services is supported at the edges. The cloud control center allows you to manage edge devices, such as IoT gateway devices, terminals, Content Delivery Network (CDN) resources, and data centers. The X86 and ARM architectures are supported. ACK edge clusters have been used in various sectors, such as edge intelligence, intelligent buildings, intelligent factories, audio and video live streaming, online education, and CDN.

Step 1: Log on to the ACK console

Log on to the ACK console. In the left-side navigation pane, click Clusters.
In the upper-right corner of the Clusters page, click Create Kubernetes Cluster.
On the Create Cluster page, click the Managed Edge Kubernetes tab.

Step 2: Configure a cluster

On the Managed Edge Kubernetes page, configure the basic and advanced settings for the cluster.

Basic settings

Parameter	Description
All Resources	Move the pointer over All Resources at the top of the page and select the resource group that you want to use. After you select a resource group, virtual private clouds (VPCs) and vSwitches that belong to the resource group are displayed. When you create a cluster, only the VPCs and vSwitches that belong to the selected resource group are displayed in the console.
Cluster Name	Enter a name for the cluster. Note The name must be 1 to 63 characters in length, and can contain digits, letters, hyphens (-), and underscores (_). The name cannot start with an underscore (_).
Cluster Type	Select a cluster type. You can select Professional or Standard edition. Select Professional to create an ACK edge cluster.
Region	Select a region to deploy the cluster.
Kubernetes Version	The Kubernetes versions supported by ACK are displayed.
VPC	Select a VPC to deploy the cluster. Standard VPCs and shared VPCs are supported. Shared VPC: The owner of a VPC (resource owner) can share the vSwitches in the VPC with other accounts in the same organization. Standard VPC: The owner of a VPC (resource owner) cannot share the vSwitches in the VPC with other accounts. Note ACK clusters support only VPCs. You can select a VPC from the drop-down list. If no VPC is available, click Create VPC to create one. For more information, see Create and manage a VPC.
vSwitch	Select vSwitches. You can select up to three vSwitches that are deployed in different zones. If no vSwitch is available, click Create vSwitch to create one. For more information, see Create and manage a vSwitch.
Pod CIDR Block	The pod CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the Service CIDR block. The pod CIDR block cannot be modified after it is specified. For more information about how to plan CIDR blocks for an ACK cluster, see Plan CIDR blocks for an ACK cluster.
Number of Pods per Node	Specify the number of pods per node.
Service CIDR	Set Service CIDR. The Service CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the pod CIDR block. The Service CIDR block cannot be modified after it is specified. For more information about how to plan CIDR blocks for an ACK cluster, see Plan CIDR blocks for an ACK cluster.
Configure SNAT	By default, the check box is selected. If the VPC that you select for the cluster cannot access the Internet, you can select Configure SNAT for VPC. This way, ACK will create a NAT gateway and configure SNAT rules to enable Internet access for the VPC.
Access to API Server	By default, an internal-facing SLB instance is created for the Kubernetes API server of the cluster. You can modify the specification of the SLB instance. For more information, see Instance specifications. Important If you delete the SLB instance, you cannot access the API server of the cluster. Select or clear Expose API Server with EIP. The ACK API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources, such as pods and Services. If you select this check box, an elastic IP address (EIP) is created and associated with an SLB instance. Port 6443 used by the API server is opened on master nodes. You can connect to and manage the cluster by using kubeconfig files over the Internet. If you clear this check box, no EIP is created. You can connect to and manage the cluster by using kubeconfig files only from within the VPC. Important Edge nodes interact with the API server in the cloud over the Internet. If you clear Expose API Server with EIP, the edge nodes cannot connect to the cluster in the cloud. As a result, the cluster cannot be used in edge computing scenarios.
RDS Whitelist	Click Select RDS Instance to add node IP addresses to the whitelist of an ApsaraDB RDS instance.
Security group	You can select Create Basic Security Group, Create Advanced Security Group, or Select Existing Security Group. For more information about security groups, see Overview. Note To enable the Select Existing Security Group option, apply to be added to the whitelist in Quota Center. If you select an existing security group, the system does not automatically configure security group rules. This may cause errors when you access the nodes in the cluster. You must manually configure security group rules. For more information, see Configure security group rules to enforce access control on ACK clusters.
Deletion Protection	Specify whether to enable deletion protection for the cluster. Deletion protection can prevent clusters from being accidentally released by using the console or API.
Resource group	The resource group that owns the cluster to be created. Each resource can belong only to one resource group. You can regard a resource group as a project, an application, or an organization based on your business scenarios. For more information, see Resource groups.

Advanced settings

Click Show Advanced Options to configure the advanced settings of the cluster.

View advanced settings

Parameter	Description
Kube-proxy Mode	iptables and IPVS are supported. iptables is a mature and stable kube-proxy mode. It uses iptables rules to conduct service discovery and load balancing. The performance of this mode is restricted by the size of the Kubernetes cluster. This mode is suitable for Kubernetes clusters that manage a small number of Services. IPVS is a high-performance kube-proxy mode. It uses Linux Virtual Server (LVS) to conduct service discovery and load balancing. This mode is suitable for clusters that manage a large number of Services. We recommend that you use this mode in scenarios where high-performance load balancing is required.
Labels	Add labels to nodes in the cluster. Enter a key and a value, and then click Add. Note Key is required. `Value` is optional. Keys are not case-sensitive. A key must be 1 to 64 characters in length and cannot start with aliyun, http://, or https://. `Values` are not case-sensitive. A value cannot exceed 128 characters in length and cannot contain http:// or https://. A value can be empty. The keys of labels that are added to the same resource must be unique. If you add a label with a used key, the label overwrites the label that uses the same key. If you add more than 20 labels to a resource, all labels become invalid. You must remove excess labels for the remaining labels to take effect.
Secret Encryption	If you select Select Key, you can use a key that is created in the Key Management Service (KMS) console to encrypt Kubernetes Secrets. For more information about how to configure Secret encryption, see Use KMS to encrypt Secrets.

Step 3: Configure worker nodes

Important

In an ACK edge cluster, you must configure at least one worker node to deploy components.

Parameter	Description
Container Runtime	Specify the container runtime based on the Kubernetes version. The supported Kubernetes versions vary based on the container runtime: containerd: supports all Kubernetes versions. We recommend that you use containerd. docker: supports Kubernetes 1.22 and earlier.
Instance Type	You can select multiple instance types. You can filter instance types by vCPU, memory, architecture, or category. Note The instance types that you select are displayed in the Selected Types section. When the node pool is scaled out, ECS instances of the instance types that you select for the Instance Type parameter are created. The scaling policy of the node pool determines which instance types are used to create new nodes during scale-out activities. Select multiple instance types to improve the success rate of node pool scale-out operations. Note To use advanced features such as logging, monitoring, and reverse tunneling, you must deploy the related components in the cloud. Therefore, you must create at least one Elastic Compute Service (ECS) instance as a worker node.
Selected Types	The selected instance types are displayed.
Quantity	Specify the number of worker nodes (ECS instances) to be created.
System Disk	Enhanced SSDs, standard SSDs, and ultra disks are supported. The types of system disks that you can select depend on the instance types that you select. For more information about the disk types supported by different instance types, see Overview of instance families. Disk types that are not displayed in the drop-down list are not supported by the instance types that you select. Note If you select enhanced SSD as the system disk type, you can set a custom performance level for the system disk. You can select higher performance levels for enhanced SSDs with larger storage capacities. For example, you can select performance level 2 for an enhanced SSD with a storage capacity of more than 460 GiB. You can select performance level 3 for an enhanced SSD with a storage capacity of more than 1,260 GiB. For more information, see Capacity and PLs. The Encrypt Disk option is available only for ESSDs. System disks support only the aes-256 encryption algorithm. For more information about system disk encryption, see Encrypt a system disk.
Mount Data Disk	Enhanced SSDs (ESSDs), standard SSDs, and ultra disks are supported. The disk types that you can select depend on the instance types that you select. For more information about the disk types supported by different instance types, see Overview of instance families. Disk types that are not displayed in the drop-down list are not supported by the instance types that you select. Note If you select ESSD as the system disk type, you can set a custom performance level for the system disk. You can select higher PLs for ESSDs with larger storage capacities. For example, you can select PL 2 for an ESSD with a storage capacity of more than 460 GiB. You can select PL 3 for an ESSD with a storage capacity of more than 1,260 GiB. For more information, see Capacity and PLs. The Encrypt Disk option is available only for ESSDs. Data disk encryption supports only the aes-256 algorithm. You can use only the default service Customer Managed Key (CMK) to encrypt data disks in the China (Nanjing - Local Region), China (Fuzhou - Local Region), Thailand (Bangkok), and South Korea (Seoul) regions. Bring Your Own Key (BYOK) is not supported. For more information about data disk encryption, see Encrypt a data disk. The maximum number of data disks that can be mounted depends on the instance types that you select. You can view the selected data disks and the remaining number of data disks that you can mount on the right side of Mount Data Disk.
Logon Type	Key pair logon. Key Pair: Select an SSH key pair from the drop-down list. create a key pair: Create an SSH key pair if none is available. For more information about how to create an SSH key pair, see Create an SSH key pair. After the key pair is created, set it as the credential that is used to log on to the cluster. Password logon. Password: Enter the password that is used to log on to the nodes. Confirm Password: Enter the password again. Note The password must be 8 to 30 characters in length, and must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. The password cannot contain underscores (_). Note You must set the logon type if you select Install the CloudMonitor Agent on ECS Nodes or Enable Log Service.

Step 4: Configure components

Click Next:Component Configurations to configure the basic settings and advanced settings of cluster components.

Parameter	Description
CloudMonitor Agent	Specify whether to install the CloudMonitor agent. After you install the CloudMonitor agent on ECS nodes, you can view the monitoring information about the nodes in the CloudMonitor console. Note This parameter takes effect only on newly added nodes and does not take effect on existing nodes. If you want to install the CloudMonitor agent on an existing ECS node, go to the CloudMonitor console.
Log Service	Specify whether to enable Log Service. You can select an existing Log Service project or create one. By default, Enable Log Service is selected. When you create an application, you can enable Log Service with a few steps. For more information, see Collect log data from containers by using Log Service.

Step 5: Confirm the cluster configurations

Click Next:Confirm Order. Confirm the cluster configurations, read the terms of service, and then select terms of service. Then, click Create Cluster.

Note

It requires about 10 minutes to create an ACK cluster that contains multiple nodes.

What to do next

After the cluster is created, you can view the cluster on the Clusters page in the ACK console.
Click View Logs in the Actions column. On the Log Information page, you can view the cluster log. To view detailed log information, click Stack events.
On the Clusters page, find the created cluster and click Details in the Actions column. On the cluster details page, click the Basic Information tab to view the basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster.
The following information is displayed:
- API Server Public Endpoint: the IP address and port that the Kubernetes API server of the cluster uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on your client.
  Associate EIP and Disassociate EIP: These options are available only for ACK managed clusters.
  - Associate EIP: You can select an existing elastic IP address (EIP) or create one.
    The API server restarts after you bind an EIP to the API server. We recommend that you do not perform operations on the cluster during the restart process.
  - Disassociate EIP: You cannot access the API server over the Internet after you unbind the EIP from the API server.
    The API server restarts after you unbind the EIP from the API server. We recommend that you do not perform operations on the cluster during the restart process.
- API Server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the Server Load Balancer (SLB) instance that is attached to the cluster.
- Testing Domain: the domain name that is used for service tests. The suffix of the domain name is <cluster_id>.<region_id>.alicontainer.com.
  Note
  To rebind the domain name, click Rebind Domain Name.
You can use kubectl to connect to the cluster and run the kubectl get node command to query information about the nodes in the cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.

Container Service for Kubernetes:Create an ACK edge cluster

Table of contents