Create an ACS cluster using the console or OpenAPI - Container Compute Service

This topic describes how to create an Alibaba Cloud Container Compute Service (ACS) cluster by using the console or OpenAPI.

Before you begin

Make sure that you have:

An Alibaba Cloud account with ACS activated
A network plan for your Virtual Private Cloud (VPC). For more information, see Plan networks for ACS clusters
(For OpenAPI) Familiarity with the CreateCluster operation and required Resource Access Management (RAM) permissions

Console

Step 1: Open the cluster creation page

Log on to the ACS console. In the left navigation pane, click Clusters.
On the Clusters page, click Create Kubernetes Cluster in the upper-left corner.

Step 2: Configure the cluster

On the Create Cluster page, configure cluster, network, component, and advanced settings.

Cluster settings

Parameter	Description
Cluster Name	Enter a name for the cluster.
Region	Select the region to deploy the cluster. For more information, see Supported regions.
Kubernetes Version	Select a Kubernetes version. The three latest versions are available in the console.
Maintenance Window	Set the maintenance window for operations and maintenance (O&M) tasks.

Network settings

Parameter	Description
IPv6 Dual-stack	Turn on this option to create a dual-stack Kubernetes cluster. If you select Select Existing VPC, enable IPv6 for the VPC and vSwitches first. For more information, see Enable IPv6 for a VPC and Enable IPv6 for a vSwitch.
Select VPC	Set the network for the cluster. ACS clusters support only VPCs. Create VPC: ACS automatically creates a VPC in the current region. Select a Zone, and ACS automatically creates vSwitches in the selected zones. Select Existing VPC: Use an existing VPC and vSwitches. Select multiple zones or vSwitches for high availability. Use the Recommended Resource Configuration feature to find zones with sufficient computing resources. ACS creates a virtual node in each zone that you select. For more information, see Plan networks for ACS clusters.
Configure SNAT	Specify whether to create a NAT gateway and configure SNAT rules for the VPC. A NAT gateway is required for Internet access, such as downloading container images. You can also configure a NAT gateway and manually configure SNAT rules to ensure that instances in the VPC can access the Internet. For more information, see Use a NAT gateway to access the Internet. Alternatively, upload images to a Container Registry (ACR) instance in the same region and pull them through the internal VPC endpoint.
Security Group	Select whether to automatically create a basic security group or an enterprise security group. For more information, see Security group overview.
API Server Access Settings	By default, a pay-as-you-go private Classic Load Balancer (CLB) instance is created for the API server. For more information about billing, see Pay-as-you-go. Important Deleting the default CLB instance prevents access to the API server. Expose API Server with EIP: Enable: Creates an elastic IP address (EIP) and attaches it to the CLB instance. The API server is exposed through port 6443 of the EIP. You can connect to and manage the cluster from the Internet by using a kubeconfig file. Disable: No EIP is created. You can connect to and manage the cluster only from within the VPC by using a kubeconfig file. For more information, see Control public access to the API server of a cluster.
Service CIDR	Set the CIDR block for Services. The Service CIDR block cannot overlap with the VPC CIDR block, the CIDR blocks of existing Kubernetes clusters in the VPC, or the Pod CIDR block. This CIDR block cannot be modified after the cluster is created.

Component settings

Parameter	Description
Service Discovery	Specify whether to enable service discovery. ACS supports CoreDNS, a DNS server that provides domain name resolution for Services in a Kubernetes cluster.
Ingress	(Optional) Install an Ingress component to expose Services to the public. ALB Ingress: Based on Application Load Balancer (ALB). Handles complex routing and supports HTTP, HTTPS, and QUIC protocols. For more information, see ALB Ingress quick start. MSE Ingress: Based on Microservices Engine (MSE). Provides cloud-native gateway capabilities. For more information, see MSE Ingress management.
Monitor containers	By default, the following monitoring features are enabled: Enable Managed Service for Prometheus: Provides monitoring dashboards and alerting. For more information, see Use Alibaba Cloud Prometheus to monitor the status of an ACS cluster. Install metrics-server: Provides infrastructure monitoring for the cluster. For more information, see metrics-server. Note The metrics-server component requires CoreDNS. Select CoreDNS in the Service Discovery settings.
Log Service	Specify whether to enable Simple Log Service. Create a new project or use an existing one. When enabled, cluster auditing and control plane log collection are turned on automatically.

Advanced settings

Click Show Advanced Options to configure the following settings.

Parameter	Description
Deletion Protection	Enable deletion protection to prevent accidental deletion of the cluster through the console or OpenAPI.
Resource Group	Assign the cluster to a resource group. A resource can belong to only one resource group. Map resource groups to projects, applications, or organizations based on your needs.
Labels	Attach tags to the cluster. Enter a key (required, unique, up to 64 characters) and a value (optional, up to 128 characters). Keys and values cannot start with `aliyun`, `acs:`, `https://`, or `http://`. Keys and values are case-insensitive. Keys must be unique per resource. If you add a tag with an existing key, the new tag overwrites the old one. A resource supports up to 20 tags. Remove some tags before adding new ones if the limit is reached.
Time Zone	Select a time zone for the cluster. The default is your browser time zone. For more information, see Supported time zones.
Cluster Domain	Set the cluster domain. The default is `cluster.local`. The cluster domain serves as the DNS suffix for all Services in the cluster. For example, a Service named `my-service` in the default namespace has the DNS name `my-service.default.svc.cluster.local`.

Step 3: Confirm and create

Click Confirm Order.
In the dialog box, confirm the settings and verify that the cluster passes all dependency checks.
Read and select the Service Agreement, then click Create Cluster.

Cluster creation takes approximately 10 minutes.

Verify the cluster

After the cluster is created, verify it on the Clusters page:

Find the cluster and click Details in the Actions column.
Click the Basic Information tab to view cluster details, including:
- API server Public Endpoint: The address and port for managing the cluster from the Internet by using kubectl. You can change or unbind the associated EIP. The API server briefly restarts when you associate or disassociate an EIP. Do not perform operations on the cluster during the restart.
- API server Internal Endpoint: The address and port for managing the cluster from within the VPC. This IP address is the CLB instance address.
Click the Connection Information tab to view connection details.
Click the Cluster Logs tab to view cluster logs.

OpenAPI

An ACS cluster is a type of cluster in Container Service for Kubernetes (ACK). To create an ACS cluster through the OpenAPI, call the CreateCluster operation.

Authorization

Add the following permission to a RAM policy:

Operation	Access level	Resource type	Condition keys
`cs:CreateCluster`	Create	Cluster: `acs:cs:{#regionId}:{#accountId}:cluster/*`	`cs:ClusterType`, `cs:ClusterSpec`, `cs:ClusterProfile`, `cs:AddonNames`

Request

POST /clusters HTTP/1.1

Required parameters

The following parameters distinguish an ACS cluster from an ACK managed cluster:

Parameter	Type	Description
`name`	String	The name of the cluster.
`region_id`	String	The region ID. For more information, see Supported regions.
`cluster_type`	String	The cluster type. Set this to `ManagedKubernetes`.
`profile`	String	The cluster subtype. Set this to `Acs`.
`cluster_spec`	String	The cluster specification. Set this to `ack.pro.small`.
`service_cidr`	String	The CIDR block for Services. Valid values: `10.0.0.0/16-24`, `172.16-31.0.0/16-24`, and `192.168.0.0/16-24`. The CIDR block cannot overlap with the VPC CIDR block or the CIDR blocks of existing Kubernetes clusters in the VPC. This value cannot be modified after the cluster is created. For more information, see Plan networks for ACS clusters.

Optional parameters

Parameter	Type	Description
`kubernetes_version`	String	The Kubernetes version. If not specified, the latest version is used. For more information, see Kubernetes version overview.
`vpcid`	String	The VPC ID. If not specified, the system creates a VPC and three vSwitches in recommended zones. Make sure the VPC quota in the region is sufficient.
`vswitch_ids`	Array of String	The vSwitch IDs. Pod addresses are allocated from these vSwitches. Select vSwitches in different zones for high availability. If `vpcid` is not specified, vSwitches are created automatically.
`addons`	Array of Object	The add-ons to install. If not specified, core cluster components are installed by default.

Sample request

The following example creates an ACS cluster in the China (Hangzhou) region with an existing VPC and ALB Ingress:

{
    "name": "ACS Cluster",
    "cluster_type": "ManagedKubernetes",
    "profile": "Acs",
    "cluster_spec": "ack.pro.small",
    "kubernetes_version": "1.31.1-aliyun.1",
    "region_id": "cn-hangzhou",
    "vpcid": "vpc-j6cc1ddlp4rzs7v******",
    "service_cidr": "192.168.xx.xx/16",
    "vswitch_ids": [
        "vsw-j6cht66iul7h61x******",
        "vsw-j6c5ne6mxgnx3g5******"
    ],
    "addons": [
        {
            "name": "alb-ingress-controller"
        }
    ]
}

For a complete list of parameters, see CreateCluster.

Response

A successful response:

{
    "cluster_id": "c54c8e4c703834c48bda53ae7841*****",
    "request_id": "08CCB494-7A82-5D51-907C-A6BF658*****",
    "task_id": "T-68007b2164acba01060*****",
    "instanceId": "c54c8e4c703834c48bda53ae7841*****"
}

An error response (for example, an invalid cluster_type value):

{
    "code": "400",
    "message": "no ros component exists. clusterType: Kubernetes, version: ",
    "requestId": "7D99D268-F1E1-5ED8-B757-E5D38A0*****",
    "status": 400
}

Error codes

For a list of error codes, see the Error Center.

Connect to the cluster

After the cluster is created, connect to it by using kubectl:

On the Clusters page, find your cluster and click Details in the Actions column.
Click the Connection Information tab.
Copy the kubeconfig content for your access method:
- Public access: Available if you enabled Expose API Server with EIP during cluster creation.
- Internal access: Available from within the VPC.
Save the kubeconfig content to ~/.kube/config on your local machine.
Run the following command to verify the connection: The output lists the virtual nodes in the cluster.
```
   kubectl get nodes
```

Container Compute Service:Create an ACS cluster