Create an ACS cluster - Container Compute Service - Alibaba Cloud Documentation Center

Container Compute Service (ACS) is a cloud computing service that provides container computing resources based on Kubernetes. ACS provides serverless container computing power that complies with container specifications. ACS allows you to scale pods within seconds, allocate CPU and memory resources to pods on demand, and pay for these resources on a pay-as-you-go basis. ACS can efficiently reduce the expenses on computing resources and is suitable for fluctuating workloads. ACS clusters are compatible with Kubernetes and make Kubernetes easier to use for beginners. With the help of ACS, you can focus on application development without the need to worry about the underlying infrastructure. This topic describes how to create an ACS cluster in the ACS console.

Step 1: Go to the Create Cluster page

Log on to the ACS console. In the left-side navigation pane, click Clusters.
In the upper-left corner of the Clusters page, click Create Cluster.

Step 2: Configure a cluster

On the Create Cluster page, complete the cluster, network, component, and advanced configurations.

Cluster configurations

Parameter	Description
Cluster Name	The name of the cluster.
Region	The region where the cluster is located. For more information about the available regions, see Supported regions.
Kubernetes Version	Select a Kubernetes version for the ACS cluster.
Maintenance Window	ACS generates an update plan based on the cluster maintenance window that you configured, and performs prechecks and updates only within the maintenance window. Currently, the automatic update feature is disabled for the cluster.

Network configurations

Parameter	Description
IPv6 Dual-stack	If you enable IPv4/IPv6 dual stack, a dual-stack cluster is created. Note If you select Select Existing VPC, you must first enable IPv6 for the virtual private cloud (VPC) and vSwitch. For more information, see Enable IPv6 for a VPC and Enable IPv6 for a vSwitch. To use this feature, submit a ticket to apply to be added to the whitelist.
VPC	The network of the cluster. For more information, see Plan CIDR blocks for an ACK cluster. ACS clusters support only VPCs. You can select Create VPC or Selecting Existing VPC. Create VPC ACS automatically creates a VPC in the current region. You must specify zones. Then, ACS automatically creates vSwitches in the selected zones. Selecting Existing VPC Use existing VPCs and vSwitches. We recommend that you select multiple zones or vSwitches to ensure the high availability of the cluster. You can use the recommended resource configuration feature. This feature can list zones with sufficient compute power based on the compute class that you select. Note Node objects in ACS clusters are provided as virtual nodes. When you create an ACS cluster, ACS automatically creates a virtual node in each zone that you selected.
Configure SNAT	Specify whether to create a NAT gateway and configure SNAT rules on the NAT gateway. If you want to download container images over the Internet, you must configure a NAT gateway. Note You can manually configure a NAT gateway and configure SNAT rules to ensure that instances in the VPC can access the Internet. For more information, see Create and manage an Internet NAT gateway. If you do not select this check box, you can upload your container image to a Container Registry instance residing in the region of the ACS cluster and then pull the image through the VPC endpoint.
Security Group	You can choose to automatically create a basic or advanced security group. For more information about the two types of security groups, see Security groups.
API Server Access Settings	By default, a pay-as-you-go internal-facing CLB instance is created for the API server. For more information about the billing of CLB instances, see Pay-as-you-go. Important If you delete the default CLB instance, you cannot access the API server. You can choose whether to select the Expose API Server with EIP check box. The API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources such as pods and Services. If you select this check box, an elastic IP address (EIP) is created and associated with the CLB instance. The API server is exposed through port 6443 of the EIP. You can connect to and manage the cluster over the Internet by using a kubeconfig file. If you clear this check box, no EIP is created. You can use a kubeconfig file to connect to the cluster only from within the VPC and then manage the cluster. For more information, see Control public access to the API server of a cluster.
Service CIDR	The Service CIDR block must not overlap with the CIDR block of the VPC, the CIDR blocks of the ACS clusters in the VPC, or the pod CIDR block. The Service CIDR block cannot be modified after the cluster is created.

Component configurations

Parameter	Description
Service Discovery	Specify whether to enable service discovery for the cluster. ACS clusters support CoreDNS. CoreDNS is a flexible and scalable DNS server that serves as a standard service discovery component in Kubernetes. It provides domain name resolution for Services in Kubernetes clusters.
Ingress	Specify whether to install the Ingress controller. This parameter is optional. We recommend that you install an Ingress controller if you want to expose Services. ACS supports the following Ingress controllers: ALB Ingress: The ALB Ingress controller is compatible with the NGINX Ingress controller, and provides improved traffic routing capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and HTTP, HTTPS, and QUIC protocols. The ALB Ingress controller meets the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. For more information, see Getting started with ALB Ingresses. MSE Ingress: To better support cloud-native scenarios, Alibaba Cloud provides Microservices Engine (MSE) Ingress gateways that are developed based on deep integration and optimization of MSE cloud-native gateways and ACK. MSE Ingress gateways help you manage ingress traffic of clusters in an efficient manner. For more information, see MSE Ingress management.
Container Monitoring	By default, the following monitoring features are used: Enable Managed Service for Prometheus: provides basic monitoring and alerting services. By default, Managed Service for Prometheus does not charge you for container monitoring. For more information, see Use Managed Service for Prometheus to monitor ACS clusters. Install metrics-server: provides basic cluster monitoring services. For more information, see metrics-server. Note The metrics-server component relies on CoreDNS. Select CoreDNS in the Service Discovery section.
Simple Log Service	Specify whether to enable Simple Log Service. You can create projects or use existing projects. After Simple Log Service is enabled, cluster auditing and control plane log collection are enabled.

Advanced configurations

Click Show Advanced Options and configure the advanced parameters on demand.

Parameter	Description
Deletion Protection	We recommend that you enable deletion protection in the console or by using API to prevent clusters from being accidentally released.
Resource Group	The resource group to which the cluster belongs. Each resource can belong to only one resource group. You can regard a resource group as a project, an application, or an organization based on your business scenarios.
Label	Enter a key and a value to add a label to the cluster. Keys are required and must be unique. A key must not exceed 64 characters in length. Values are optional. A value must not exceed 128 characters in length. A key or a value cannot start with `aliyun`, `acs:`, `https://`, or `http://`. Keys and values are not case-sensitive. The keys of labels that are added to the same resource must be unique. If you add a label with a used key, the label overwrites the label that uses the same key. If you add more than 20 labels to a resource, all labels become invalid. You must remove the excessive labels so that the remaining labels can take effect.
Time Zone	The time zone of the cluster. By default, the time zone of your browser is selected.
Cluster Domain	Configure the cluster domain. The default domain name is `cluster.local`. You can enter a custom domain name. The cluster domain is the top-level domain name (standard suffix) used by all Services in the cluster. For example, the domain name of the Service named `my-service` in the default namespace is `my-service.default.svc.cluster.local`.

Step 3: Confirm the configuration

After you complete the cluster configuration, click Confirm Order.
In the dialog box that appears, confirm the configuration and dependencies.
Read the terms of service, select the check box, and click Create Cluster.
After the cluster is created, you can find the cluster on the Clusters page.
Note
It requires approximately 10 minutes to create a cluster.

What to do next

View the basic information about the cluster
On the Clusters page, find the cluster that you created and click Details in the Actions column. On the details page, click the Basic Information tab to view basic information about the cluster and click the Connection Information tab to view information about how to connect to the cluster.
- API Server Public Endpoint: the IP address and port that the Kubernetes API Server uses to provide services over the Internet. It allows you to manage the cluster by using kubectl or other tools on the client.
  Only ACK managed clusters support the Associate EIP and Disassociate EIP features.
  - Associate EIP: You can select an existing EIP or create an EIP.
    The API server restarts after you associate an EIP with the API server. We recommend that you do not perform operations during the restart process.
  - Disassociate EIP: After you disassociate the EIP, you can no longer access the API server over the Internet.
    The API server restarts after you disassociate the EIP from the API Server. We recommend that you do not perform operations on the cluster during the restart process.
- API Server Internal Endpoint: the IP address and port that the API server uses to provide services within the cluster. The IP address belongs to the SLB instance that is associated with the cluster.
View cluster logs
Click the Cluster Logs tab to view the logs of the cluster.