Container Service for Kubernetes (ACK) provides high-performance management services for containerized applications. You can use ACK to manage containerized applications that run on the cloud in a convenient and efficient manner. This topic describes how to use ACK and the ACK documentation, and provides answers to some frequently asked questions about ACK. This helps you quickly get started with ACK.

How to use ACK

The following figure shows how to use ACK.

how to use ack

How to use the ACK documentation

The following flowchart shows how to get started with ACK.
Flowchart for ACK
  1. Assign roles to your Alibaba Cloud account. For more information, see ACK default roles.
    For more information about how to create a Resource Access Management (RAM) policy and assign a role-based access control (RBAC) role to a RAM user, see Create a custom RAM policy and Assign RBAC roles to RAM users or RAM roles.
  2. Create a standard managed Kubernetes cluster. For more information, see Create an ACK managed cluster.
  3. Deploy an application by using an image or an orchestration template.
    For more information, see Create a stateless application by using a Deployment.
    Note If your application consists of containers that are created from different images, we recommend that you use a YAML file to deploy the application.
  4. Perform O&M operations on the cluster and the application.


  • How do I create a Docker image that can be used to deploy applications in ACK clusters?

    Container Registry allows you to create a container image in a convenient manner. For more information about how to create a Docker image, see Build an image for a Java application by using a Dockerfile with multi-stage builds. You can also use the open source tool Derrick to simplify the steps to containerize your application.

  • How do I deploy applications in ACK clusters if I cannot create images?

    ACK allows you to deploy applications by using your images hosted by Container Registry. You can also use Docker official images, your favorite images added from Container Registry, and public images provided by Container Registry. For more information, see Deploy a stateless application from an image.

  • How do I plan the network when I create a cluster?

    Before you create a cluster, make sure that the CIDR block of the virtual private cloud (VPC) where you want to deploy the cluster, the Service CIDR block, and the pod CIDR block do not overlap with one another. You can select an existing VPC to deploy the cluster and use the default CIDR blocks. In some complex scenarios, you must plan the IP addresses of Elastic Compute Service (ECS) instances, pods, and Services. For more information, see Plan CIDR blocks for an ACK cluster.

  • How do I choose between Terway and Flannel when I create a cluster?

    Flannel is a simple and stable Container Network Interface (CNI) plug-in provided by the Kubernetes community. However, Flannel provides only basic features and does not support standard Kubernetes network policies. Terway is a network plug-in developed by Alibaba Cloud. Terway supports standard Kubernetes network policies and bandwidth throttling on containers. Terway outperforms Flannel in terms of network performance. For more information, see Work with Terway.

  • What do I do if I fail to create a cluster?

    You can check the cluster log to locate issues and fix the issues based on the instructions provided by ACK. For more information, see Failed to create a Kubernetes cluster.

  • How do I access cluster workloads over the Internet?
    ACK allows you to use the following methods to access cluster workloads over the Internet:
  • How do I enable the communication among workloads in an ACK cluster?

    You can use internal domain names or ClusterIP Services to enable the intercommunication of workloads in an ACK cluster.

    For example, Workload A and Workload B are deployed in a cluster. To allow Workload A to access Workload B, you can create a ClusterIP Service for Workload B. For more information, see Manage Services. After the ClusterIP Service is created, Workload A can access Workload B by using the following connection strings:
    • <The name of the ClusterIP Service>.<The namespace to which Workload B belongs>.svc.cluster.local:<Port number>
    • ClusterIP:<Port number>
  • What considerations do I take note of when I expose Services through SLB instances?

    When you create a LoadBalancer Service, the cloud controller manager (CCM) automatically creates and configures an SLB instance for the Service. We recommend that you do not modify the SLB instance in the SLB console. Otherwise, access to the Service may be interrupted. For more information, see Considerations for configuring a LoadBalancer type Service.

  • How do I pull private images from Container Registry?

    We recommend that you use the aliyun-acr-credential-helper component. By default, aliyun-acr-credential-helper is installed in each ACK cluster. You can use this component to pull private images from Container Registry without a password. For more information, see Use the aliyun-acr-credential-helper component to pull images without a password.