This topic describes how to create a Container Service for Kubernetes (ACK) managed cluster that runs sandboxed containers in the ACK console.
Prerequisites
- ACK and Resource Access Management (RAM) are activated.
ACK is activated in the ACK console. RAM is activated in the RAM console.
Limits
- ACK clusters support only virtual private clouds (VPCs).
- By default, each account has specific quotas on cloud resources that can be created. You cannot create clusters if the quota is reached. For more information about quotas, see Limits.
- By default, you can add at most 200 route entries to the virtual private cloud (VPC) where an ACK cluster is deployed. This means that you can configure at most 200 route entries for an ACK cluster deployed in a VPC. To increase the quota on the number of route entries for a VPC, Go to the Quota Center page to submit a ticket.
- By default, you can create at most 100 security groups with each account.
- By default, you can create at most 60 pay-as-you-go SLB instances with each account.
- By default, you can create at most 20 elastic IP addresses (EIPs) with each account.
- To create an ACK cluster that runs sandboxed containers, you must set the parameters as described in the following table. Otherwise, the cluster cannot run sandboxed containers.
Parameter Description Zone Only Elastic Compute Service (ECS) bare metal instances support sandboxed containers. Make sure that ECS bare metal instances are available for purchase in the selected zone. Kubernetes Version Select 1.14.6-aliyun.1 or later. Container Runtime Select Sandboxed-Container. Worker Instance Create Instance Instance Type Select ECS Bare Metal Instance. Mount Data Disk Mount a data disk of at least 200 GiB. We recommend that you mount a data disk of at least 1 TB. Operating System Sandboxed-Container supports only the Alibaba Cloud Linux operating system.
Procedure
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- In the upper-right corner of the Clusters page, click Cluster Template.
- In the Select Cluster Template dialog box, find Standard Managed Cluster in the Managed Clusters section and click Create.
- On the Managed Kubernetes tab, configure the cluster.
- Click Next:Node Pool Configurations to configure worker nodes. Note To create an ACK cluster that runs sandboxed containers, you must select ECS bare metal instances as worker nodes.
- Click Next:Component Configurations to configure components.
Parameter Description Ingress Specify whether to install an Ingress controller. By default, Nginx Ingress is selected.- If you select Nginx Ingress, Install NGINX Ingress Controller is automatically selected. For more information about how to use NGINX Ingresses, see Advanced NGINX Ingress configurations.
- If you select ALB Ingress, the Application Load Balancer (ALB) Ingress controller is automatically installed. For more information about how to access Services in a cluster by using ALB Ingresses, see Access Services by using an ALB Ingress.
Note If you want to select Create Ingress Dashboard, you must first enable Log Service.Service Discovery Specify whether to install NodeLocal DNSCache. By default, NodeLocal DNSCache is installed.
NodeLocal DNSCache runs a Domain Name System (DNS) caching agent to improve the performance and stability of DNS resolution. For more information about NodeLocal DNSCache, see Configure NodeLocal DNSCache.
Volume Plug-in Only the Container Storage Interface (CSI) plug-in is supported by ACK clusters that run sandboxed containers. ACK clusters can be automatically bound to Alibaba Cloud disks, Apsara File Storage NAS (NAS) file systems, and Object Storage Service (OSS) buckets that are mounted to pods in the clusters. For more information, see Storage management-CSI. Monitoring Agents Specify whether to install the CloudMonitor agent. By default, Install CloudMonitor Agent on ECS Instance and Enable Prometheus Monitoring are selected. After the CloudMonitor agent is installed on ECS nodes, you can view monitoring data about the nodes in the CloudMonitor console.
Alerts Select Use Default Alert Rule Template to enable the alerting feature and use the default alert rules. For more information, see Alert management.
Log Service Specify whether to enable Log Service. You can select an existing Log Service project or create one. By default, Enable Log Service is selected. When you create an application, you can enable Log Service with a few steps. For more information, see Collect log data from containers by using Log Service.
By default, Install node-problem-detector and Create Event Center is selected. You can specify whether to enable the Kubernetes event center in the Log Service console. For more information, see Create and use an event center.
Log Collection for Control Plane Components If you select Enable, the logs of control plane components are collected to the specified Log Service project that belongs to the current account. For more information, see Collect the logs of control plane components in ACK Pro clusters.
Workflow Engine Specify whether to enable Alibaba Cloud Genomics Service (AGS).Note To use this feature, submit a ticket to apply to be added to a whitelist.- If you select this check box, the system automatically installs the AGS workflow plug-in when the system creates the cluster.
- If you clear this check box, you must manually install the AGS workflow plug-in. For more information, see Introduction to AGS CLI.
- Click Next:Confirm Order.
- Select Terms of Service and click Create Cluster. Note It requires approximately 10 minutes for the system to create an ACK managed cluster that contains multiple nodes.
Result
- After the cluster is created, you can find the created cluster on the Clusters page in the ACK console.
- Click View Logs in the Actions column. On the Log Information page, you can view the cluster log. To view detailed log data, click Stack events.
- Click Details in the Actions column. On the details page of the cluster, click the Basic Information tab to view basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster.The following information is displayed:
- API Server Public Endpoint: the IP address and port that the Kubernetes API server of the cluster uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on your client.
Bind EIP and Unbind EIP: These options are available only for ACK managed clusters.
- Bind EIP: You can select an existing elastic IP address (EIP) or create one.
The API server restarts after you bind an EIP to the API server. We recommend that you do not perform operations on the cluster during the restart process.
- Unbind EIP: You cannot access the API server over the Internet after you unbind the EIP from the API server.
The API server restarts after you unbind the EIP from the API server. We recommend that you do not perform operations on the cluster during the restart process.
- Bind EIP: You can select an existing elastic IP address (EIP) or create one.
- API Server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the Server Load Balancer (SLB) instance that is attached to the cluster.
- Testing Domain: the domain name that is used for service tests. The suffix of the domain name is
<cluster_id>.<region_id>.alicontainer.com
.Note To rebind the domain name, click Rebind Domain Name.
- API Server Public Endpoint: the IP address and port that the Kubernetes API server of the cluster uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on your client.
- You can use kubectl to connect to the cluster and run the
kubectl get node
command to query information about the nodes in the cluster. For more information, see Connect to ACK clusters by using kubectl.