All Products
Search
Document Center

Container Compute Service:Create an ACS cluster

Last Updated:Jun 17, 2026

Alibaba Cloud Container Compute Service (ACS) provides serverless container compute through a Kubernetes-native API. ACS clusters scale Pods in seconds and charge by configured CPU and memory, making them ideal for fluctuating workloads. Create an ACS cluster from the console or OpenAPI.

Console

Step 1: Open the cluster creation page

  1. Log on to the ACS console. In the left navigation pane, click Clusters.

  2. On the Clusters page, click Create Kubernetes Cluster in the upper-left corner.

Step 2: Configure the cluster

On the Create Kubernetes Cluster page, configure the cluster, network, component, and advanced settings.

Cluster settings

Parameter

Description

Cluster Name

Enter a name for the cluster.

Region

Select the region for the cluster. Supported regions.

Kubernetes Version

Select a Kubernetes version supported by ACS.

Maintenance Window

Maintenance window for the cluster.

Network settings

Parameter

Description

IPv6 Dual-stack

Enable a dual-stack cluster.

Note

If you select Select Existing VPC , first enable IPv6 for the VPC and vSwitches. Enable IPv6 for a VPC and Enable IPv6 for a vSwitch.

Select VPC

Configure the cluster network. Plan networks for ACS clusters.

ACS clusters require a VPC. Create a new VPC or use an existing one.

  • Create VPC

    ACS creates a VPC in the selected region. Select a Zone, and ACS creates a vSwitch in that availability zone.

  • Select Existing VPC

    Use an existing VPC and vSwitch.

For high availability, select multiple availability zones or vSwitches. The Recommended Resource Configuration feature recommends zones with sufficient resources for your compute type.

Note

In ACS clusters, Nodes are virtual nodes. ACS creates one virtual node per selected availability zone.

Configure SNAT

Whether to create a NAT gateway with SNAT rules for the VPC. Required for internet access, such as pulling container images.

Note
  • You can also manually configure a NAT gateway with SNAT rules. NAT Gateway.

  • Without internet access, upload images to an ACR instance in the same region and pull them over the VPC internal endpoint.

Security Group

Select a basic or advanced security group. Security group overview.

API Server Access Settings

By default, a pay-as-you-go private Classic Load Balancer (CLB) instance is created for the API server. Pay-as-you-go.

Important

If you delete the default CLB instance, you can no longer access the API server.

You can configure whether to Expose API server with EIP. The API server exposes RESTful APIs for CRUD and watch operations on resources such as Pods and Services.

  • If you select Expose, ACS creates an EIP and associates it with the CLB instance. The API server is exposed on port 6443 of the EIP, enabling internet access via kubeconfig.

  • If you select Do not expose, no EIP is created. The cluster is accessible only within the VPC via kubeconfig.

Control public access to the API server of a cluster.

Service CIDR

The Service CIDR block must not overlap with the VPC CIDR, Pod CIDR, or CIDR blocks of other clusters in the VPC. Cannot be changed after creation.

Component settings

Parameter

Description

Service Discovery

Whether to enable service discovery. ACS clusters support CoreDNS.

CoreDNS is the standard Kubernetes DNS server for in-cluster service name resolution.

Ingress

Optional. Install an Ingress component to expose Services to external traffic.

Supported Ingress components:

  • ALB Ingress: Built on Application Load Balancer (ALB). Compatible with Nginx Ingress. Supports complex routing, automatic certificate discovery, and HTTP/HTTPS/QUIC for Layer 7 traffic. ALB Ingress quick start.

  • MSE Ingress: MSE Cloud Native Gateway for advanced ingress traffic management. MSE Ingress Management.

Container Monitoring

The following monitoring features are enabled by default:

Log Service

Whether to use Simple Log Service. Create a new project or use an existing one.

Enabling this also enables cluster auditing and control plane log collection.

Advanced settings

Click Show Advanced Options to configure advanced settings.

Parameter

Description

Deletion Protection

Enable deletion protection to prevent accidental cluster deletion.

Resource Group

ACS adds the cluster to the selected resource group. A resource belongs to one resource group. Align groups with your projects, applications, or organizations.

Labels

Add a tag to the cluster. The key is required, must be unique, and can be up to 64 characters. The value is optional and can be up to 128 characters.

  • The key and value cannot start with aliyun, acs:, https://, or http://. They are not case-sensitive.

  • Tag keys must be unique per resource. A duplicate key overwrites the existing tag.

  • Maximum 20 tags per resource. Remove existing tags before adding new ones if the limit is reached.

Time Zone

The time zone for the cluster. By default, the cluster uses your browser's time zone.

Cluster Domain

The cluster local domain. Default: cluster.local. Custom domain names are also supported.

The cluster domain is the suffix for all Service DNS names. For example, my-service in the default namespace has the DNS name my-service.default.svc.cluster.local.

Step 3: Confirm the configuration

  1. After you configure the cluster, click Confirm.

  2. In the dialog box, confirm the configuration and verify that all dependency checks pass.

  3. Read and accept the terms of service, then click Create Cluster.

    After creation, view the cluster on the Clusters page.

    Note

    It typically takes about 10 minutes to create a cluster.

Related operations

  • View basic cluster information

    On the Clusters page, find the cluster and click Details in the Actions column. Click the Basic Information and Connection Information tabs to view cluster details, including:

    • API server Public Endpoint: The public API server endpoint for managing the cluster with kubectl.

      The Associate EIP and Unbind features are available only for ACK managed clusters.

      • Associate EIP: Select an existing EIP or create a new one.

        Associating an EIP briefly restarts the API server. Avoid cluster operations during this time.

      • Disassociate EIP: Removes public internet access to the API server.

        Disassociating an EIP briefly restarts the API server. Avoid cluster operations during this time.

    • API server Internal Endpoint: The internal API server endpoint, accessible within the cluster VPC. This is the load balancer address.

  • View cluster log information

    Click the Cluster Logs tab to view cluster logs.

OpenAPI

API

ACS is a cluster type in Container Service for Kubernetes (ACK). Create an ACS cluster by calling the CreateCluster API.

Debug

Debug CreateCluster.

Authorization

Authorization information for this API. Use these values in the Action element of a RAM policy.

  • Action: The specific permission.

  • Access level: The access level. Valid values: Write, Read, and List.

  • Resource type: The resource type that supports authorization. Specifics are as follows:

    • Required resource types are preceded by an asterisk (*).

    • For operations that do not support resource-level authorization, use All Resources.

  • Condition keys: The condition keys defined by the cloud service.

  • Dependent actions: Additional permissions required to perform the action.

Actions

Access level

Resource type

Condition keys

Dependent actions

cs:CreateCluster

create

*cluster

acs:cs:{#regionId}:{#accountId}:cluster/*

  • cs:ClusterType

  • cs:ClusterSpec

  • cs:ClusterProfile

  • cs:AddonNames

None

Request syntax

POST /clusters HTTP/1.1

Key parameters

The following parameters differ from an ACK managed cluster when creating an ACS cluster:

Parameter

Description

Required

Parameter combination

region_id

The region for the cluster. Supported regions.

Yes

Create an ACS cluster

  • "region_id": "cn-hangzhou"

  • "cluster_type": "ManagedKubernetes"

  • "profile": "Acs"

  • "cluster_spec": "ack.pro.small"

  • "service_cidr": "192.168.xx.xx/16"

  • "kubernetes_version": "1.31.1-aliyun.1"

  • "vpcid": "vpc-j6cc1ddlp4rzs7v******"

  • "vswitch_ids": ["vsw-j6cht66iul7h61x******","vsw-j6c5ne6mxgnx3g5******"]

  • "addons": [{"name": "alb-ingress-controller"}]

cluster_type

Cluster type. Set to ManagedKubernetes for ACS clusters.

Yes

profile

Cluster subtype. Set to Acs for ACS clusters.

Yes

cluster_spec

Cluster specification. Set to ack.pro.small for ACS clusters.

Yes

service_cidr

The Service CIDR block for the cluster. The valid CIDR blocks are: 10.0.0.0/16-24, 172.16-31.0.0/16-24, or 192.168.0.0/16-24.

Must not overlap with the VPC CIDR or CIDR blocks of existing clusters in the VPC. Cannot be changed after creation. Plan networks for ACS clusters.

Yes

kubernetes_version

The Kubernetes version. Defaults to the latest version if not specified.

The ACS console offers the three latest versions. Kubernetes version overview and mechanism.

No

vpcid

The cluster VPC. If omitted, ACS creates a VPC with three vSwitches in recommended zones. Ensure sufficient VPC quota in the region.

No

vswitch_ids

The cluster vSwitches. Pod IPs are allocated from vSwitches. For high availability, select vSwitches across zones. If no VPC is specified, vSwitches are created automatically.

No

addons

Components to install with the addons parameter. If omitted, only core and required components are installed.

No

Sample request

Sample request to create an ACS cluster. CreateCluster.

POST /clusters HTTP/1.1
<Common request headers>
{
    "name": "ACS-cluster",                     // Required. The cluster name.
    "cluster_type": "ManagedKubernetes",      // Required. The cluster type. 
    "profile": "Acs",                         // Required. The cluster subtype.       
    "cluster_spec": "ack.pro.small",          // Required. The cluster specification.
    "kubernetes_version": "1.31.1-aliyun.1",  // The cluster version. We recommend using the latest version.   
    "region_id": "cn-hangzhou",               // Required. The region of the cluster. This example uses China (Hangzhou).
    "vpcid": "vpc-j6cc1ddlp4rzs7v******",     // The VPC ID. It cannot be changed after the cluster is created.
    "service_cidr": "192.168.xx.xx/16",       // Required. The Service CIDR block for the cluster.
    "vswitch_ids": [                          // Select multiple vSwitches to ensure high availability.
        "vsw-j6cht66iul7h61x******",
        "vsw-j6c5ne6mxgnx3g5******"
    ],
    "addons": [                               // User components to install. 
    {
        "name": "alb-ingress-controller"
    }
}

Sample responses

Successful response

{
  "cluster_id": "c54c8e4c703834c48bda53ae7841*****",
  "request_id": "08CCB494-7A82-5D51-907C-A6BF658*****",
  "task_id": "T-68007b2164acba01060*****",
  "instanceId": "c54c8e4c703834c48bda53ae7841*****"
}

Error response

Error returned due to an incorrect cluster_type parameter:

{
  "code": "400",
  "message": "no ros component exists. clusterType: Kubernetes, version: ",
  "requestId": "7D99D268-F1E1-5ED8-B757-E5D38A0*****",
  "status": 400
}

Error codes

Visit the Error Center to view more error codes.

References

Cluster API reference.