All Products
Search
Document Center

Container Service for Kubernetes:Quickly create an ACK managed cluster

Last Updated:Jan 17, 2025

The first time you use Container Service for Kubernetes (ACK), you must assign system roles to ACK with your Alibaba Cloud account. Only after you assign these roles to ACK, ACK can create clusters, save logs, and use resources in other cloud services, such as Elastic Compute Service (ECS), Object Storage Service (OSS), File Storage NAS (NAS), and Server Load Balancer (SLB). This topic describes how to activate ACK and other cloud services, assign system roles to ACK, and create an ACK managed cluster.

1. Activate ACK and assign roles to ACK

You must activate ACK before you can create an ACK cluster. If ACK is not activated, you cannot create ACK clusters. The following steps describe how to activate ACK and assign default roles to ACK.

  1. Activate ACK

    Go to the Container Service for Kubernetes page. Read and select Terms of Service. Then, click Activate Now.

    image

  2. Assign roles to ACK

    The first time you log on to the ACK console, click Agree to Authorization on the Container service needs to create default roles page. This way, ACK can assume the relevant default roles to use resources in other cloud services to create, manage, and maintain clusters. Perform the following steps to assign roles to ACK:

    Log on to the ACK console. Click Go to RAM console to go to the Cloud Resource Access Authorization page. On the Cloud Resource Access Authorization page, click Agree to Authorization. After you assign roles to ACK, refresh the ACK console to get started with ACK.

    image

    For more information about the permissions of the ACK roles, see ACK roles.

2. Activate other cloud services

The following table describes the cloud services that are required for creating, using, and managing ACK clusters. You can click the hyperlink in the Service link column to activate the corresponding cloud service with your Alibaba Cloud account. You must use your Alibaba Cloud account to activate cloud services. Resource Access Management (RAM) users are not allowed to activate cloud services. If you want to authorize a RAM user to manage activated cloud services, refer to FAQ about authorization management.

  • Required: the cloud services that you must activate. These services must be activated so that ACK clusters can function as normal.

    Click to view cloud services

    Cloud service

    Service link

    Description

    Virtual Private Cloud (VPC)

    Virtual Private Cloud (VPC)

    This service can be used to build networks and create routing rules for ACK clusters.

    SLB

    Server Load Balancer

    This service enables load balancing for ACK clusters to forward network traffic to backend servers to increase the throughput of your application. You can use SLB to prevent service interruptions that are caused by single points of failure (SPOFs) and improve service availability.

    Auto Scaling

    Auto Scaling

    This service allows ACK to automatically create worker nodes and enables ACK clusters to automatically scale in or out.

  • Recommended: the cloud services that we recommend you to activate. You can choose to use these services when you create ACK clusters and manage applications.

    Click to view cloud services

    Cloud service

    Service link

    Description

    NAT Gateway

    NAT Gateway

    This service enables ACK clusters to communicate with the Internet and pull images over the Internet.

    NAS

    File Storage NAS

    This service provides a persistent file storage solution for application data in your cluster. NAS provides the following benefits for your data: shared access, elastic storage, high reliability, and high performance.

    Simple Log Service

    Simple Log Service

    This service allows you to collect and query the log data of ACK components and applications.

    Managed Service for Prometheus

    Managed Service for Prometheus

    This service allows you to monitor ACK clusters and generate alerts when exceptions are detected.

    Container Registry

    Container Registry

    This service provides secure and full lifecycle management for images.

    Elastic Container Instance

    Elastic Container Instance

    This service allows you to run serverless elastic container instances on virtual nodes.

    Service Mesh

    Service Mesh

    This service allows you to manage the network traffic of applications that are deployed across multiple ACK clusters by using Service Mesh.

    CloudMonitor

    CloudMonitor

    This service allows you to monitor the status of nodes and applications in ACK clusters.

  • Optional: the services that you can activate based on the architecture and O&M strategy.

    Click to view cloud services

    Cloud service

    Service link

    Description

    Security Center

    Security Center

    This service allows you to monitor the security events of application runtimes in ACK clusters and generate alerts when exceptions are detected.

    OSS

    Object Storage Service (OSS)

    This service allows you to store application data in OSS buckets in a secure and cost-effective manner.

    Key Management Service (KMS)

    Key Management Service

    This service allows you to manage application Secrets and encrypt Secrets for ACK Pro clusters.

    Alibaba Cloud DNS PrivateZone

    Alibaba Cloud DNS PrivateZone

    This service provides a private domain name resolution and management solution based on VPC. You can use Alibaba Cloud DNS PrivateZone to resolve private domain names to IP addresses in one or more VPCs. Alibaba Cloud DNS PrivateZone aims to provide a stable, secure, and efficient resolution service for internal domain names. Alibaba Cloud DNS PrivateZone is suitable for both simple and complex network architectures.

    Cloud BackupCloud Backup

    Cloud Backup

    This service provides data backup, disaster recovery, and policy-based archive management.

3. Create a cluster

ACK provides various cluster parameters that you can configure to meet different requirements of your applications. If you want to create a test ACK managed cluster in the test environment, you can use the default settings for most cluster parameters. The following example shows how to quickly create an ACK managed cluster. For more information about how to create an ACK managed cluster in the production environment, see Create an ACK managed cluster.

  1. Log on to the ACK console. On the Clusters page, click Create Kubernetes Cluster.image

  2. In the upper part of the page that appears, click the ACK Managed Cluster tab. Select Professional for Cluster Specification. If you need to access the cluster over the Internet, select Expose API server with EIP. Then, click Next:Node Pool Configurations in the lower-right corner of the page.image

  3. In the Instance Type section, select an instance type that provides 4 vCores and 8 GiB of memory, such as ecs.c6.xlarge, which belongs to the c6 compute-optimized instance family. Then, click Next:Component Configurations in the lower-right corner of the page.image

  4. Select ACK Cluster Monitoring Basic Edition for Monitor container. You can use ACK Cluster Monitoring Basic Edition free of charge. Then, click Next:Confirm Order in the lower-right corner of the page.image

  5. Click Create Cluster in the lower-right corner of the page.