Create an ACK managed cluster

Updated at:
Copy as MD

When you use Container Service for Kubernetes (ACK) for the first time, you must grant system role permissions to your Alibaba Cloud account. This allows you to create clusters, store logs, and access other cloud services such as ECS, OSS, NAS, and SLB. This topic guides you through authorizing roles, activating related services for free, and quickly creating an ACK managed cluster.

1. Activate Container Service and authorize roles

Before you create an ACK cluster, you must activate the required services for free to prevent potential creation failures. Follow the steps below to activate the service and authorize the default service roles.

  1. Activate ACK

    The first time you use ACK, go to the ACK activation page. Read and agree to the Container Service for Kubernetes Terms of Service, and then click Enable Now.

    In the Cluster type section, select ACK Pro or ACK Basic. If you select ACK Pro, both ACK Pro and ACK Basic are activated.

  2. Authorize roles

    When you log on to the Container Service console for the first time, you must authorize your Alibaba Cloud account to create default service roles for ACK. This authorization allows ACK to access other cloud resources to create, manage, and maintain clusters. Follow these steps:

    Log on to the Container Service console. Click Go to RAM console to open the Resource Access Management (RAM) quick authorization page, and then click Confirm. After you complete the authorization, refresh the console.

    For more information about the resource operation permissions of service roles, see ACK service roles.

2. Activate related cloud products

Using your Alibaba Cloud account, click the activation links to activate the related cloud services as needed. Only Alibaba Cloud accounts can activate cloud products. RAM users cannot activate cloud products. If you want to grant RAM users permissions to manage activated cloud products, see Authorization management FAQ.

  • Required: These services are hard dependencies for ACK clusters and must be enabled.

    Related products

    Product

    Activation link

    Description

    Virtual Private Cloud (VPC)

    Virtual Private Cloud (VPC)

    Provides the network environment and routing rules for your cluster.

    Server Load Balancer (SLB)

    Server Load Balancer (SLB)

    Creates load balancers for clusters and distributes traffic on demand. It scales application throughput by distributing traffic to different backend servers, eliminates single points of failure, and improves application availability.

    Auto Scaling

    Auto Scaling

    Creates worker nodes and enables automatic scaling for the cluster.

  • Recommended: These are common dependencies for cluster creation and application management.

    Related products

    Product

    Activation link

    Description

    NAT Gateway

    NAT Gateway

    Enables Internet access for the cluster and allows pulling images from public registries.

    File Storage NAS

    File Storage NAS

    Provides a high-performance, reliable, and elastic persistent file storage solution with shared access for cluster application data.

    Log Service (SLS)

    Log Service (SLS)

    Collects and retrieves logs from ACK cluster components and applications.

    Managed Service for Prometheus

    Managed Service for Prometheus

    Monitors and creates alerts for ACK clusters based on Prometheus.

    Container Registry (ACR)

    Container Registry (ACR)

    Provides secure hosting and full lifecycle management for container images.

    Elastic Container Instance (ECI)

    Elastic Container Instance (ECI)

    Runs serverless workloads on virtual nodes.

    Service Mesh

    Service Mesh (ASM)

    Provides unified traffic management for applications across multiple ACK clusters based on Service Mesh.

    CloudMonitor

    CloudMonitor

    Monitors the status of cluster nodes and applications.

  • Optional: Activate these services based on your business architecture and O&M requirements.

    Related products

    Product

    Activation Link

    Description

    Security Center

    Security Center

    Monitors runtime security events and alerts for cluster applications.

    Object Storage Service (OSS)

    Object Storage Service (OSS)

    Provides a secure and cost-effective object storage solution for cluster application data.

    Key Management Service (KMS)

    Key Management Service (KMS)

    Manages secrets for cluster applications and enables at-rest secret encryption for ACK Pro clusters.

    Alibaba Cloud DNS PrivateZone

    Alibaba Cloud DNS PrivateZone

    A private DNS service for Alibaba Cloud Virtual Private Cloud (VPC) environments. It lets you map private domain names to IP addresses in one or more custom VPCs. It provides a stable, secure, and efficient internal DNS solution for network architectures ranging from simple to complex.

    Cloud BackupCloud Backup

    Cloud Backup

    Provides backup, disaster recovery, and policy-based archive management.

3. Create a cluster

When creating an ACK managed cluster, enable Auto Mode. This mode requires only simple configuration to build a cluster that follows best practices. By default, ACK creates and manages the lifecycle of a node pool. For more information, see Create an ACK cluster in Auto Mode.

Note

If you need to specify detailed custom settings for the cluster, see the full procedure in Create an ACK managed cluster.

  1. Log on to the Container Service console. On the Clusters page, click Create Kubernetes Cluster.

  2. Select the ACK Managed Cluster tab and enable Auto Mode. If you want to access the cluster API server over the Internet, select Expose API server with EIP. This simplifies connecting to and managing the cluster. Then, click Confirm, review the settings, and click Create Cluster.

    In quick creation mode, the default network plugin is Terway (with Trunk ENI selected), the service CIDR block is 192.168.0.0/16, the system automatically creates a VPC with Configure SNAT for VPC selected, and an enterprise-level security group.