All Products
Search
Document Center

Container Service for Kubernetes:Create an ACK Serverless cluster

Last Updated:Jan 17, 2025

Container Service for Kubernetes (ACK) Serverless clusters are a container service provided by Alibaba Cloud to allow you to deploy workloads without the need to purchase nodes. ACK Serverless clusters can scale within seconds and schedule resources based on the predefined CPU and memory requests of application pods. These on-demand resource scheduling capabilities can greatly reduce the computing costs of fluctuating workloads. ACK Serverless clusters provide comprehensive Kubernetes-compatible capabilities to narrow the technical gap for beginners. You can focus on application development without the need to worry about infrastructure management. This topic describes how to create an ACK Serverless cluster in the ACK console.

Prerequisites

Step 1: Log on to the ACK console

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, click Create Kubernetes Cluster.

Step 2: Create a cluster

Click the ACK Serverless tab and configure the cluster.

Basic settings

Parameter

Description

Cluster Name

The name of the cluster. The name must be 1 to 63 characters in length, and can contain digits, letters, hyphens (-), and underscores (_). The name must start with a letter or digit.

Cluster Specification

Select a cluster type. You can select Professional or Basic. We recommend that you use Container Service for Kubernetes (ACK) Pro clusters in the production environment and test environment. ACK Basic clusters can meet the learning and testing needs of individual users.

For more information about the differences between cluster specifications, see Comparison.

Region

The region of the cluster.

Kubernetes Version

The supported Kubernetes versions. For more information, see Kubernetes versions supported by ACK.

Automatic Update

Enable the auto update feature for the cluster to ensure periodic automatic updates of control plane components. ACK automatically updates the cluster within the maintenance window based on your configurations. For more information about the auto update policy and usage method, see Automatically update a cluster.

Maintenance Window

ACK automatically updates the cluster within the maintenance window based on your configurations. You can click Set to configure the detailed maintenance policies.

Network settings

Parameter

Description

IPv6 Dual-stack

This feature is in public preview. To use it, submit an application in the Quota Center console.

If you enable IPv4/IPv6 dual-stack, a dual-stack cluster will be created.

Important
  • Only clusters that run Kubernetes 1.20.11-aliyun.1 and later support this feature.

  • The VPC in which the cluster is deployed supports IPv4/IPv6 dual stack.

VPC

Configure the VPC of the cluster. You can specify a zone to automatically create a VPC. You can also select an existing VPC in the VPC list.

Configure SNAT

If the VPC that you created or selected cannot access the Internet, you can select this check box. This way, ACK automatically creates a NAT gateway and configures SNAT rules.

If you do not select this check box, you can manually configure a NAT gateway and configure SNAT rules to ensure that instances in the VPC can access the Internet. For more information, see Create and manage an Internet NAT gateway.

vSwitch

Select an existing vSwitch from the vSwitch list or click Create vSwitch to create a vSwitch. The control plane and the default node pool use the vSwitch that you select. We recommend that you select multiple vSwitches in different zones to ensure high availability.

Security Group

Only users in the whitelist can select the Select Existing Security Group option. To apply to be added to the whitelist, log on to the Quota Center console and submit an application.

You can select Create Basic Security Group, Create Advanced Security Group, or Select Existing Security Group.

  • By default, automatically created security groups allow all outbound traffic. When you modify the security group for business purposes, make sure that traffic destined for 100.64.0.0/10 is allowed. This CIDR block is used to access other Alibaba Cloud services to pull images and query basic ECS information.

  • If you select an existing security group, the system does not automatically configure security group rules. This may cause errors when you access the nodes in the cluster. You must manually configure security group rules. For more information, see Configure security groups for clusters.

Access to API Server

Create a pay-as-you-go internal-facing Classic Load Balancer (CLB) instance for the API server to serve as the internal endpoint of the API server in the cluster.

Important
  • If you delete the default CLB instance, you cannot access the API server.

  • Starting from December 1, 2024, an instance fee will be charged for newly created CLB instances. For more information, see CLB billing adjustments.

You can select or clear Expose API server with EIP. The API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources such as pods and Services.

  • If you select this check box, an elastic IP address (EIP) is created and associated with an CLB instance. Port 6443 used by the API server is opened on master nodes. You can connect to and manage the cluster over the Internet by using a kubeconfig file.

  • If you clear this check box, no EIP is created. You can use a kubeconfig file to connect to the cluster only from within the VPC and then manage the cluster.

Service CIDR

The Service CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACK clusters in the VPC, or the pod CIDR block. The Service CIDR block cannot be modified after it is specified. For more information about how to plan CIDR blocks for a cluster, see Plan the network of an ACK cluster.

IPv6 Service CIDR Block

Configure this parameter only if you enable IPv4/IPv6 dual stack.

Configure an IPv6 CIDR block for Services. You must specify a Unique Local Unicast Address (ULA) space within the address range fc00::/7. The prefix must be 112 bits to 120 bits in length. We recommend that you specify an IPv6 CIDR block that has the same number of IP addresses as the Service CIDR block.

For more information about how to plan CIDR blocks for a cluster, see Plan the network of an ACK cluster.

Advanced settings

Parameter

Description

Deletion Protection

We recommend that you enable deletion protection in the console or by using API to prevent clusters from being accidentally released.

Resource Group

The resource group to which the cluster belongs. Each resource can belong to only one resource group. You can regard a resource group as a project, an application, or an organization based on your business scenarios.

Labels

Enter a key and a value to add a label to the cluster. Keys are required and must be unique. A key must not exceed 64 characters in length. Values are optional. A value must not exceed 128 characters in length.

  • A key or a value cannot start with aliyun, acs:, https://, or http://. Keys and values are not case-sensitive.

  • The keys of labels that are added to the same resource must be unique. If you add a label with a used key, the label overwrites the label that uses the same key.

  • If you add more than 20 labels to a resource, all labels become invalid. You must remove the excessive labels so that the remaining labels can take effect.

Cluster Domain

Configure the cluster domain. The default domain name is cluster.local. You can enter a custom domain name. The cluster domain is the top-level domain name (standard suffix) used by all Services in the cluster. For example, the DNS name of the Service named my-service in the default namespace is my-service.default.svc.cluster.local.

Time Zone

The time zone of the cluster. By default, the time zone of your browser is selected.

Step 3: Configure components

Click Next: Component Configurations to configure components.

Parameter

Description

Service Discovery

Configure service discovery for the cluster. You can select Disable, PrivateZone, or CoreDNS.

  • PrivateZone is a DNS resolution service for private domain names within VPCs. You can use PrivateZone to resolve private domain names to IP addresses in one or more VPCs.

  • CoreDNS is a flexible and scalable DNS server that serves as a standard service discovery component in Kubernetes.

Ingress

Specify whether to install an Ingress controller. You can select Do Not Install, Nginx Ingress, ALB Ingress, or MSE Ingress.

  • Nginx Ingress: The NGINX Ingress controller is optimized based on open source ingress-nginx and provides flexible and reliable routing services based on Ingresses.

  • ALB Ingress: The Application Load Balancer (ALB) Ingress controller is compatible with the NGINX Ingress controller, and provides improved traffic routing capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and HTTP, HTTPS, and QUIC protocols. The ALB Ingress controller meets the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7.

  • MSE Ingress: An Ingress is an API object that provides Layer-7 load balancing to manage external access to Services in a Kubernetes cluster. To better support cloud-native scenarios, Alibaba Cloud provides Microservices Engine (MSE) Ingress gateways that are developed based on deep integration and optimization of MSE cloud-native gateways and ACK. MSE Ingress gateways help you manage ingress traffic of clusters in an efficient manner.

Monitor containers

You can view predefined dashboards and performance metrics by using Managed Service for Prometheus. For more information, see Managed Service for Prometheus.

You can also install the metrics-server component. The metrics-server component is an offline monitoring data component that is modified and enhanced based on open source monitoring components. The component allows you to view the offline monitoring data of clusters.

Log Service

Specify whether to enable Simple Log Service. You can select an existing project or create a project.

If Simple Log Service is disabled, you cannot use the cluster auditing feature. For more information about Simple Log Service, see Getting Started.

Knative

Specify whether to enable Knative. Knative is a Kubernetes-based serverless framework that supports request-based auto scaling, scaling to zero, version management, and canary release.

Step 4: Confirm the configuration

Click Next: Confirm Order to confirm the configuration and terms of service. Read carefully and click Create Cluster.

After the cluster is created, you can find the cluster on the Clusters page in the ACK console.

Note

It requires approximately 10 minutes to create a cluster.

What to do next

  • View the basic information about the cluster

    On the Clusters page, find the cluster that you created and click Details in the Actions column. On the details page, click the Basic Information tab to view basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster. The following information is displayed:

    • API server Public Endpoint: the IP address and port that the Kubernetes API Server uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on the client.

      Only ACK managed clusters support the Associate EIP and Disassociate EIP features.

      • Associate EIP: You can select an existing EIP or create an EIP.

        The API server restarts after you associate an EIP with the API server. We recommend that you do not perform operations during the restart process.

      • Disassociate EIP: After you disassociate the EIP, you can no longer access the API server over the Internet.

        The API server restarts after you disassociate the EIP from the API Server. We recommend that you do not perform operations on the cluster during the restart process.

    • API server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the SLB instance that is associated with the cluster.

  • View cluster logs

    Click the Cluster Logs tab to view the logs of the cluster.