All Products
Search

This Product

    Container Compute Service:Create an ACS cluster using Terraform

    Document Center

    Container Compute Service:Create an ACS cluster using Terraform

    Last Updated:Feb 02, 2026

    This topic describes how to use Terraform to create a Container Compute Service (ACS) cluster. Terraform enables you to define and provision your ACS infrastructure using declarative configuration files.

    Prerequisites

    • You have activated Container Compute Service (ACS).

    • Your Alibaba Cloud account has full permissions on all resources. If the credentials of your Alibaba Cloud account are leaked, you may face significant security risks. We recommend that you use a Resource Access Management (RAM) user and create an AccessKey for the RAM user. For more information, see Create a RAM user and Create an AccessKey.

    • You have granted the RAM user the required permissions. The following policy allows the RAM user to create, view, and delete ACS clusters and dependent cloud resources: 

      {
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cs:CreateCluster",
        "cs:DescribeTaskInfo",
        "cs:DescribeClusterDetail",
        "cs:GetClusterCerts",
        "cs:CheckControlPlaneLogEnable",
        "cs:DeleteCluster",
        "cs:GetClusterAuditProject",
        "cs:ModifyCluster",
        "vpc:DescribeNatGateways"
      ],
      "Resource": "*"
    }
  ]
}

    • You have prepared a Terraform runtime environment using one of the following methods:

      • Use Terraform in Terraform Explorer: Alibaba Cloud provides an online Terraform environment that requires no installation. This method is suitable for quick testing and debugging.

      • Use Cloud Shell: Alibaba Cloud Cloud Shell comes with Terraform pre-installed and pre-configured with your credentials. This method is suitable for quick access without additional setup.

      • Create a Terraform template: ROS provides managed Terraform capabilities that allow you to create Terraform templates to define Alibaba Cloud, AWS, or Azure resources.

      • Install and configure Terraform on your local computer: This method is suitable for scenarios with poor network connectivity or when you need a custom development environment.

    Important

    Make sure your Terraform version is 0.12.28 or later. Run terraform --version to check your current version.

    Resources

    Note

    Some resources in this tutorial incur costs. Release or unsubscribe from resources when you no longer need them.

    Create an ACS cluster

    This example creates an ACS cluster with the following components installed by default: managed-csiprovisioner (storage), ebs-token-controller (storage), alibaba-log-controller (logging), and arms-prometheus (monitoring).

    1. Create a working directory, create a file named main.tf in the directory, and then copy the following configuration code into main.tf. Modify the parameters as needed. 

      provider "alicloud" {
  region = var.region_id
}

variable "region_id" {
  type    = string
  default = "cn-guangzhou"
}

variable "availability_zone" {
  type        = list(string)
  description = "The availability zones of vswitches."
  default     = ["cn-guangzhou-a", "cn-guangzhou-b"]
}

variable "k8s_name_prefix" {
  description = "The name prefix used to create ACS cluster."
  default     = "acs-example"
}

variable "acs_version" {
  type        = string
  description = "Desired Kubernetes version."
  default     = "1.31.1-aliyun.1"  # Modify as needed
}

variable "service_cidr" {
  type        = string
  description = "The Kubernetes services CIDR."
  default     = "10.13.0.0/16"  # Modify as needed
}

# Specify the components to install in the ACS cluster
variable "cluster_addons" {
  type = list(object({
    name   = string
    config = string
  }))
  default = [
    {
      "name"   = "arms-prometheus",
      "config" = "",
    },
    {
      "name"   = "alibaba-log-controller",
      "config" = "",
    },
    {
      "name"   = "managed-coredns",
      "config" = "",
    },
    {
      "name"   = "managed-metrics-server",
      "config" = "",
    }
  ]
}

# Default resource names
locals {
  k8s_name_acs     = substr(join("-", [var.k8s_name_prefix, "acs"]), 0, 63)
  log_project_name = "log-for-${local.k8s_name_acs}"
}

# Create the ACS cluster
resource "alicloud_cs_managed_kubernetes" "default" {
  name                         = local.k8s_name_acs
  cluster_spec                 = "ack.pro.small"
  profile                      = "Acs"
  version                      = var.acs_version
  zone_ids                     = var.availability_zone
  is_enterprise_security_group = true
  control_plane_log_ttl        = "30"
  new_nat_gateway              = true
  control_plane_log_components = ["apiserver", "kcm", "scheduler", "ccm"]
  deletion_protection          = true
  enable_rrsa                  = true
  timezone                     = "Asia/Shanghai"
  service_cidr                 = var.service_cidr
  slb_internet_enabled         = false
  dynamic "addons" {
    for_each = var.cluster_addons
    content {
      name   = lookup(addons.value, "name", var.cluster_addons)
      config = lookup(addons.value, "config", var.cluster_addons)
    }
  }
}
    2. Note

      This configuration file is for reference only. Modify it according to your requirements.

    3. Run the following command to initialize the Terraform working directory. 

      terraform init

      The following output indicates successful initialization:

      Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

    4. Run the following command to create an execution plan and preview the changes: 

      terraform plan

    5. Run the following command to create the cluster: 

      terraform apply

      When prompted, enter yes and press Enter. Wait for the command to complete. The following output indicates that the ACS cluster was created successfully:

      Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

...
alicloud_cs_managed_kubernetes.default: Creation complete after 5m48s [id=ccb53e72ec6c447c990762800********]
...

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

    6. Verify the result using one of the following methods:

      Option 1: Run the terraform show command

      Run the following command to view details about the resources that Terraform created:

      terraform show

      Option 2: Use the ACS console

      Log on to the ACS console to view the created cluster.

    Clean up resources

    When you no longer need the resources created by Terraform, run the following command to release them:

    terraform destroy

    For more information about terraform destroy, see terraform destroy command.