Compute Nest:Create a fully managed service

Log on to the Compute Nest console.

In the navigation pane on the left, choose My Services. On the My Services page, choose the Created Services tab, and then click Create Service.

On the Create Service page, configure the service information.

1. Select a method to create the service.

   You can select Create Service from Featured Templates or Build Custom Service.

   • Create Service from Featured Templates: Compute Nest provides service templates for different architectures and applications to help you quickly create services.

   • Build Custom Service: Compute Nest provides a complete process to create a service. You need to configure service information, service deployment, O&M, and advanced settings.

2. For service type, select Fully Managed Service.

   If you select Create Service from Featured Template, you must first select Fully Managed Service and then select a service template.

   Note

   After you select a service template, you can click View Details to view its deployment description and configuration files.

3. Click Next: Configure Settings.

4. On the service configuration page, configure the service information.

   • If you select Create Service from Featured Template, you only need to configure the basic information for the service.

     Note

     The service icon and service name are automatically populated with the icon and name from the service template. You can change them as needed.

   • If you select Build Custom Service, you must configure the complete service information.

     1. In the Basic Information section, configure the basic information for the service.

        	Description
        Service Icon	The icon of the service. The JPG and PNG formats are supported. We recommend that you upload an image whose resolution is 192 × 192 pixels for optimal clarity.
        Service Name	The name of the service. The name must be 3 to 200 characters in length, and can contain digits, letters, and underscores (_).
        Service Description	The description of the service. The description must be 10 to 500 characters in length.
        Service Agreement Document	Enter the name and URL of the service agreement document that you defined for the service.
        Version Description	The description of the service version. The version description must be 1 to 200 characters in length. We recommend that you include a version number in the description. The description of each version of a service must be unique.
        Default Prefix for Service Instance Name	The default prefix of service instance names. The prefix can be up to 40 characters in length, and can contain digits, letters, hyphens (-), and underscores (_). The prefix must start with a letter. After you specify the default prefix, the prefix is automatically entered in the Service Instance Name field when customers create a service instance. Customers can modify the prefix.
        Tag Settings	The tag key and value. Select or enter a tag key and a tag value to add a tag to the service resources. You can add up to 20 tags to each resource. If no tag key or tag value is available, you can create a custom tag. For more information, see Add a custom tag.
        Resource Group	Select the resource group to which you want to add your resources. Resource groups allow you to group your cloud resources by purpose, permission, or owner. This helps you manage resources for multiple users and projects within your enterprise. For more information, see Resource groups.

     2. In the Service Deployment section, configure the resources required by the service.

        Configuration Item		Description
        	Create a member in Resource Directory	Select Whether To Create A Member In Resource Directory based on the resource management requirements of the service instance. A member in a resource directory is a resource container that is automatically created in the resource directory of the service creator when a service consumer creates a service instance. The member can be used to physically isolate service instance resources to form an independent resource group unit. For more information, see Fully managed services support account-level isolation.
        	User Type	Select Alibaba Cloud or Third-party Cloud user. Alibaba Cloud: Select this option if service consumers can view service instances in their own Compute Nest console. Non-Alibaba Cloud: Select this option if service consumers do not have an Alibaba Cloud account or if you do not want to expose Alibaba Cloud to them.
        	nst.vendor.create.tplInputType.label	Manually Import Template: Configure the Deployment Method and Template Name parameters, and enter information in the Template Content field. You can click the Upload File icon in the upper-right corner of the Template Content section to upload an existing template. Resource Orchestration Service (ROS) templates in the JSON or YAML format and Terraform templates are supported. For more information about how to create an ROS or Terraform template, see Create and verify a ROS template. If you need to apply different templates based on the business scenario, you can configure multiple templates for a service. Click the icon next to Template1 to add another template. For example, if you need to distinguish between single-zone deployment and multi-zone deployment of a service, you can configure a template for each deployment mode. Important You cannot define the content for creating a virtual private cloud (VPC) or vSwitch in a trial template, which is used to create trial service instances. If a VPC or vSwitch is required, define the VPC or vSwitch parameters as template parameters in a trial template. If a security group is required, define the content for creating a security group in a trial template. Do not define the content for selecting an existing security group. Scenario-based Template: Select a template from the Scenario drop-down list. The template content is automatically entered in the Template Content field. Custom Template: In the Select Template section, select a custom ROS template and a version of the template. The template content is automatically entered in the Template Content field. If no custom ROS template is available, go to the Create Template page in the ROS console to create a custom ROS template.
        	Add Parameter Mapping	Set parameter mappings and child dependency mappings for parameters in the template. Select the Dependency Parameter and Corresponding Parameter, and set the values for the Dependency Parameter and Corresponding Parameter. After the values are set, the corresponding parameter is automatically hidden. When you create a service instance, only the dependency parameter is displayed. After you select a value for the dependency parameter, the hidden parameter is automatically populated with the value that you specified for the corresponding parameter in the mapping. For more information, see Configure parameter mappings.
        	Add Package	The parameter sets. You can select a set of parameters in the template and specify the parameter values to create a parameter set. If you want to allow customers to modify all the parameters in a parameter set when they create a service instance, select Support Custom Parameter Set. Otherwise, clear this check box. For more information about parameter sets, see Configure parameter sets.
        	Hidden Parameters	Select the parameters in the template that you want to hide. The selected parameters are not visible to users when they create a service instance. Note Corresponding parameters set in parameter mappings are automatically added as hidden parameters. If you have already configured them in the parameter mappings, you do not need to select them again here.
        	Deployment Region	Select the regions where the service can be deployed. You can select multiple regions. If you do not select any region, the service can be deployed in all regions by default.
        	Role Name	Select a role that is trusted by Compute Nest. Compute Nest uses this role to create resources. If you use Compute Nest with your Alibaba Cloud account, you must create a role and grant permissions. For more information about how to create a role and grant permissions, see Create a role that is trusted by Compute Nest. If you use Compute Nest as a RAM user, you must first create a role and grant permissions, and then grant the PassRole permission to the RAM user. For more information about how to grant the PassRole permission to a RAM user, see Grant the PassRole permission to a RAM user.
        Deployed At	Estimated Time	The estimated time for deploying a service instance. If you configure this parameter, the specified value is displayed on the service instance deployment page to inform customers of the average time required to deploy a service instance.
        Deployment Package Association	Set ECS Image Association	You can set this parameter to replace the Elastic Compute Service (ECS) image specified in the template with the ECS image in the deployment package that has been distributed. For more information, see ECS image deployment packages.
        	Set Container Image Association	We recommend that you use Container image deployment packages if Docker container images are used for service deployment. For more information, see Container image deployment packages.
        	Set File Association	Compute Nest provides file deployment packages to resolve the issues that you may encounter when you download software resources for script-based deployment. For example, the cloud resources are inaccessible over the Internet, or the download source of the resources is not stable. For more information, see File deployment packages.
        	Set Helm Association	To keep your Chart package private, we recommend that you use a Helm Chart deployment artifact from Compute Nest. For more information, see Helm Chart deployment artifacts.
        Application Group	Create Application Group	The application groups of resources in the template. You can add resources in the template to application groups. This facilitates resource check and management for customers. On the details page of service instances, customers can view resources, view monitoring data, perform O&M operations, and view logs by group. Note Each resource can be added to only one group.

     3. In the Service O&M (Optional) section, configure the O&M features for the service.

        Configuration Item		Description
        O&M	Authorization Required for Users	If service consumers need to perform O&M operations on service instances, select Grant Permissions to Customers and select the permissions to grant. If service consumers do not need to perform O&M operations on service instances, do not select Grant Permissions to Customers.
        	Add O&M Operation	Set the O&M operations to be displayed on the user's O&M management page. For more information, see Custom O&M operations.
        Monitoring	Resource Monitoring	The monitoring configurations. If you want to receive alert notifications, you must select Obtain Permissions and then select Monitoring Permissions. Configure CloudMonitor Alert Template for All Resources: Select a CloudMonitor alert template. Configure CloudMonitor Alert Template for All Resources: Select a CloudMonitor alert template for each application group. Note This option is available only if application groups are configured. If no alert template is available, create one first. For more information, see Overview of monitoring and alerting.
        	Prometheus Service	Specifies whether to enable the Prometheus monitoring feature. If you disable this feature, you do not need to configure the following parameters. For more information, see Configure business monitoring and alerting for a fully managed service deployed in an ACK cluster.
        Log	Application Log	The Logstore information. Click Add a Logstore. In the Add Logstore dialog box, configure the Logstore Name, Path, and File Name parameters. Note If a service is deployed on an ECS instance, you must configure the path and name of the file in a Logstore. If a service is deployed in a pod, you must configure the Logstore information in the environment variables of the pod.
        Modify Configurations	Service Instance Configuration Change	Specifies whether to enable the configuration change feature. If you disable this feature, you do not need to configure the following parameters. Click Add Operation. In the dialog box that appears, configure the configuration change operation. Select Template: the template that is used to implement the configuration change. Note To enable instance type change, you must set the UpdatePolicy property of the ALIYUN::ECS::InstanceGroup resource to ForAllInstances in the template. To enable the update of the ALIYUN::ECS::RunCommand resource, you must set the Syns property to true in the template. The updated ALIYUN::ECS::RunCommand resource is re-executed during the configuration change. Operation Name: the name of the configuration change operation. Operation Description: the description of the configuration change operation. Operation Type: the type of the configuration change operation. Valid values: Upgrade, Downgrade, and Custom. You can select only one operation type. Upgrade: If you select Change Plan as Method, customers can upgrade service instances by changing the current parameter set to a parameter set with a larger serial number. If you select Change Parameter as Method, customers must set parameters of a numeric type to larger values when they upgrade service instances. Custom parameter sets do not support upgrade operations. Downgrade: If you select Change Plan as Method, customers can downgrade service instances by changing the current parameter set to a parameter set with a smaller serial number. If you select Change Parameter as Method, customers must set parameters of a numeric type to smaller values when they downgrade service instances. Custom parameter sets do not support downgrade operations. Custom: No limits are set on the configurations of parameter sets and parameters, and custom parameter sets are supported. Method: the configuration change method. Select Parameters: the parameters that can be modified by customers. This parameter is available only if you select Change Parameter as Method. Parameters that cannot be changed are filtered out.

     4. In the Advanced Configuration (Optional) section, configure the advanced features for the service.

        Configuration Item		Description
        Permission Settings	Deployment Link Permission	Set this as needed. Public: All users who obtain the deployment link can use it to create service instances. Restricted: Only users added to the deployment link permission whitelist can access or create service instances using the deployment link. For more information about how to add users to the deployment link permission whitelist, see Modify service deployment permissions. Hidden: The service details page is hidden from all users not on the permission list. When an unauthorized user clicks the service, a message appears indicating that the service does not exist.
        Network Settings	VPC Private Access	After you enable VPC private access, a private connection is established between the service and the service consumer's network through PrivateLink. This prevents your traffic from being exposed to the public Internet. Based on the template content, select the Server Load Balancer or endpoint service information. Then, select the corresponding Server Load Balancer or endpoint from the service deployment template.
        	Payer Selection	Select the billing method for the service resources. You can select Service Consumer and Service Provider. The Service Provider billing method is not enabled by default. To enable it, go to the Quota Center console and request to enable the Service Provider billing method.
        	VPC Reverse Private Access	After you enable this feature, you can access resources in the user's VPC through a reverse private connection.
        	Reverse Endpoint Service Configuration	Set the region and endpoint service information for the reverse endpoint.
        	Custom Domain Name	When creating a service instance, users can use this domain name to access your service in a private network. We recommend that the custom domain name be consistent with your service's public domain name.
        Tenant Settings	OAuth Authentication	Enable OAuth authentication. This allows service providers to connect to a RAM OAuth application through the Compute Nest console to provide users with a password-free logon address. Users can use this address to log on to the software associated with the service created by the service provider using their Alibaba Cloud accounts without a password.
        	Select Application	After you enable OAuth authentication, you can select the password-free logon address you want to provide to users from the Select Application drop-down list.
        	Application Logon Address	Set your application's logon address. This address is displayed to the user on the service instance details page after the service instance is created.
        Distribution Settings	Allow service providers to apply for distribution authorization	After you enable this, Compute Nest distributors can apply to you for distribution authorization for this service. You will receive a notification for review. If you grant the authorization, the distributor can re-create and distribute the service. You need to settle payments with the distributor separately.
        Instance Time Settings	Retention Period After Expiration	Set the retention period for the service instance after it expires. Unit: days.
        Compliance Package Check	Enable data security risk check within VPC	VPC internal data breach check: for example, when an ECS instance is migrated out of a VPC, or a new ECS instance is added to a VPC.

Click Create Service, and then click OK in the confirmation dialog box.

You can click View In List or Test Service on the prompt page.

After the service is created, you can view it on the My Services page.

Test the service.

After the service is saved, you can perform a self-test. You can also pre-publish the service and share it with specific customers for testing. For more information, see Test a service.

Publish the service.

After the service passes the test, submit it for review. After it is approved, you can publish it online. For more information, see Publish a service.

Deploy a service instance.

A fully managed service instance is an entity that a user creates based on a Compute Nest service, where the resources and software are provided by the service provider. For more information, see Create a fully managed service instance.