How to create an ACS cluster - Container Compute Service

Alibaba Cloud Container Compute Service (ACS) is a cloud computing service that provides container computing resources and uses Kubernetes as its user interface. It offers serverless container computing power that complies with standard container specifications. ACS lets you scale pods in seconds, allocate CPU and memory resources to pods on demand, and pay for these resources on a pay-as-you-go basis. ACS helps you efficiently reduce computing resource expenses and is ideal for fluctuating workloads. ACS clusters are compatible with Kubernetes and simplify its use. With ACS, you can focus on application development without worrying about the underlying infrastructure. This topic describes how to create an ACS cluster using the console and OpenAPI.

Console

Step 1: Open the create cluster page

Log on to the ACS console. In the left-side navigation pane, click Clusters.
In the upper-left corner of the Clusters page, click Create Cluster.

Step 2: Configure the cluster

On the Create Cluster page, configure the cluster, network, components, and advanced settings.

Cluster configuration

Parameter	Description
Cluster Name	Enter a name for the cluster.
Region	Select a region to deploy the cluster. For more information about supported regions, see Supported regions.
Kubernetes Version	Select a Kubernetes version for the ACS cluster.
Maintenance Window	The maintenance window during which O&M operations are performed for the ACS cluster.

Network configuration

Parameter	Description
IPv4/IPv6 Dual Stack	If you enable IPv6 dual-stack, a dual-stack Kubernetes cluster is created. Note If you select Use Existing for the VPC, you must first enable IPv6 for the VPC and vSwitches. For more information, see Enable IPv6 for a VPC and Enable IPv6 for a vSwitch.
VPC	Set the network for the cluster. For more information, see Plan networks for ACS clusters. ACS clusters support only VPCs. You can select automatic creation or use an existing VPC. Automatic Creation ACS automatically creates a VPC in the current region. You need to select Zone, and ACS automatically creates vSwitches in the selected zones. Use Existing Use an existing VPC and vSwitches. We recommend that you select multiple zones or vSwitches to ensure the high availability of the cluster. You can use the Resource Configuration Recommendation feature. ACS recommends zones with sufficient computing resources based on the computing type that you select. Note Node objects in ACS clusters are provided as virtual nodes. When you create an ACS cluster, ACS creates a virtual node in each zone that you selected.
Configure SNAT	Specify whether to create a NAT Gateway and configure SNAT rules for the VPC. To access the Internet, for example, to download container images, you must configure a NAT Gateway. Note You can also configure a NAT Gateway and manually configure SNAT rules to ensure that instances in the VPC can access the Internet. For more information, see Use a NAT gateway to access the Internet. If you do not configure Internet access, you can upload container images to an ACR instance in the same region as the cluster and pull the images using the internal VPC endpoint.
Security Group	Select whether to automatically create a basic security group or an enterprise security group. For more information about the differences between the two types of security groups, see Security group overview.
API Server Access Configuration	By default, a pay-as-you-go private CLB instance is created for the API server. For more information about how CLB instances are billed, see Pay-as-you-go. Important If you delete the default CLB instance, you cannot access the API server. You can specify whether to Expose API Server With EIP. The API server provides multiple HTTP-based RESTful APIs, which can be used to create, delete, modify, query, and monitor resources such as pods and Services. If you select Enable, the ACS cluster creates an EIP and attaches it to the CLB instance. The Kubernetes API service (API server) is exposed through port 6443 of the EIP. You can connect to and manage the cluster from the Internet using a KubeConfig file. If you select Disable, no EIP is created. You can connect to and manage the cluster only from within the VPC using a KubeConfig file. For more information, see Control public access to the API server of a cluster.
Service CIDR	The Service CIDR block cannot overlap with the CIDR block of the VPC or the CIDR blocks of existing Kubernetes clusters in the VPC. This CIDR block cannot be modified after the cluster is created. The Service CIDR block also cannot overlap with the Pod CIDR block.

Component configuration

Parameter	Description
Service Discovery	Specify whether to enable service discovery for the cluster. ACS clusters support CoreDNS. CoreDNS is a flexible and scalable DNS server. It is also a standard service discovery component in Kubernetes that provides domain name resolution for services within a Kubernetes cluster.
Ingress	Specify whether to install an Ingress component. This is optional. To expose services to the public, install an Ingress component. ACS supports the following Ingress components: ALB Ingress: Based on Alibaba Cloud Application Load Balancer (ALB), ALB Ingress provides a more powerful way to manage Ingress traffic. It is compatible with Nginx Ingress and can handle complex business routing and automatically discover certificates. ALB Ingress supports HTTP, HTTPS, and QUIC protocols. It fully meets the requirements for ultra-high elasticity and large-scale Layer 7 traffic processing in cloud-native application scenarios. For more information, see ALB Ingress Quick Start. MSE Ingress: To better support cloud-native application scenarios, MSE cloud-native gateway is deeply integrated and optimized with Container Service to launch MSE Ingress, which provides more powerful cluster ingress traffic management capabilities. For more information, see MSE Ingress management.
Container Monitoring	By default, the following monitoring features are used: Use Managed Service For Prometheus: provides basic monitoring dashboards and alerting features required for container O&M. For more information, see Use Alibaba Cloud Prometheus to monitor the status of an ACS cluster. Metrics-server Component For Infrastructure Monitoring: Provides infrastructure monitoring features for the cluster. For more information, see metrics-server. Note The metrics-server component depends on CoreDNS. Select CoreDNS in the Service Discovery options.
Simple Log Service	Specify whether to use Simple Log Service. You can create a new project or use an existing project. If you enable this feature, cluster auditing and control plane log collection are automatically enabled.

Advanced settings

Click Show Advanced Options to configure advanced settings.

Parameter	Description
Cluster Deletion Protection	Enable cluster deletion protection to prevent the cluster from being accidentally deleted in the console or by calling the OpenAPI.
Resource Group	The created cluster belongs to the selected resource group. A resource can belong to only one resource group. You can map resource groups to concepts such as projects, applications, or organizations based on your business scenarios.
Labels	Enter a key and a value to attach a tag to the cluster. The key is required, must be unique, and can be up to 64 characters in length. The value is optional and can be up to 128 characters in length. Keys and Values cannot start with `aliyun`, `acs:`, `https://`, or `http://`. Keys and Values are case-insensitive. The keys of tags attached to the same resource must be unique. If you attach a tag with a key that is already used, the new tag overwrites the existing one. If a resource is already attached with 20 tags, both existing and new tags become invalid. You must detach some tags before you can attach new ones.
Time Zone	The supported time zone for the cluster. By default, the time zone of your browser is used.
Cluster Domain	Configure the cluster domain. The default domain is `cluster.local`. You can also specify a custom domain. The cluster domain is the top-level domain name (standard suffix) used by all Services in the cluster. For example, a Service named `my-service` in the default namespace has the DNS domain name `my-service.default.svc.cluster.local`.

Step 3: Confirm the configurations

After you configure the cluster, click Confirm Configuration.
In the dialog box that appears, confirm the configuration settings and verify that the cluster passes all dependency checks.
Read and select the Service Agreement, and then click Create Cluster.
After the cluster is created, you can view the cluster on the Clusters page.
Note
A cluster typically takes about 10 minutes to create.

Related operations

View basic information about the cluster
On the Clusters page, find the cluster that you created and click Details in the Actions column. Click the Basic Information and Connection Information tabs to view the basic and connection information for the cluster. The following information is available:
- Public Endpoint of the API Server: The address and port that the Kubernetes API Server uses to provide services over the Internet. You can use tools such as kubectl to manage the cluster from your on-premises machine through this endpoint.
  The Associate EIP and Disassociate EIP features are available only for ACK managed clusters.
  - Associate EIP: You can select an EIP from a list of existing EIPs or create an EIP.
    The API server briefly restarts when you associate an EIP. Do not perform operations on the cluster during the restart.
  - Disassociate EIP: After you disassociate the EIP, you can no longer access the API server from the Internet.
    The API server briefly restarts when you disassociate an EIP. Do not perform operations on the cluster during the restart.
- API Server Internal Endpoint: The address and port that the Kubernetes API Server uses to provide services within the cluster. This IP address is the address of the Server Load Balancer instance.
View cluster logs
You can click the Cluster Logs tab to view the logs for the cluster.

OpenAPI

API description

An ACS cluster is a type of cluster in Alibaba Cloud Container Service for Kubernetes (ACK). To create an ACS cluster, you can call the CreateCluster operation of ACK.

Debug

CreateCluster debugging entry.

Authorization information

The following table describes the permissions that are required to call this operation. You can add the permissions to the Action element of a RAM access policy statement to grant a RAM user or RAM role the permissions to call this operation. The following list describes the columns in the table:

Operation: The specific permission.
Access level: The access level of each operation. Valid values: Write, Read, and List.
Resource type: The resource type that you can authorize for the operation. The following points describe the resource types:
- An asterisk (*) before a resource type indicates that it is a required resource type.
- For operations that do not support resource-level authorization, All resources is displayed.
Condition key: The condition keys defined by the cloud service.
Associated operation: The other permissions that are required to perform the operation. To perform the operation, you must have the permissions for the associated operations.

Operation

Access level

Resource type

Condition key

Associated operation

cs:CreateCluster

create

*Cluster

acs:cs:{#regionId}:{#accountId}:cluster/*

cs:ClusterType
cs:ClusterSpec
cs:ClusterProfile
cs:AddonNames

None

Request syntax

POST /clusters HTTP/1.1

Key parameters

When you call the CreateCluster operation to create an ACS cluster, note the following parameter configurations, which are different from those for an ACK managed cluster:

Parameter	Description	Required	Parameter combination
region_id	The ID of the region where the cluster is located. For more information, see Supported regions.	Yes	Create an ACS cluster "region_id": "cn-hangzhou" "cluster_type": "ManagedKubernetes" "profile": "Acs" "cluster_spec": "ack.pro.small" "service_cidr": "192.168.xx.xx/16" "kubernetes_version": "1.31.1-aliyun.1" "vpcid": "vpc-j6cc1ddlp4rzs7v****" "vswitch_ids": ["vsw-j6cht66iul7h61x**","vsw-j6c5ne6mxgnx3g5****"] "addons": [{"name": "alb-ingress-controller"}]
cluster_type	The cluster type. When you create an ACS cluster, this parameter must be set to `ManagedKubernetes`.	Yes
profile	The subtype of the cluster. When you create an ACS cluster, this parameter must be set to `Acs`.	Yes
cluster_spec	The specification of the cluster. When you create an ACS cluster, this parameter must be set to `ack.pro.small`.	Yes
service_cidr	The CIDR block of Services in the cluster. Valid values: `10.0.0.0/16-24`, `172.16-31.0.0/16-24`, and `192.168.0.0/16-24`. The CIDR block cannot overlap with the VPC CIDR block or the CIDR blocks of existing Kubernetes clusters in the VPC. The CIDR block cannot be modified after the cluster is created. For more information, see Plan networks for ACS clusters.	Yes
kubernetes_version	The Kubernetes version of the cluster. It is consistent with the baseline version of the Kubernetes community. We recommend that you select the latest version. If you do not specify a version, the latest version is used. You can create clusters of the three latest versions in the ACS console. For more information about the Kubernetes versions supported by ACS, see Overview of Kubernetes versions.	No
vpcid	The VPC of the cluster. If you do not specify a VPC, the system attempts to automatically create a VPC and three vSwitches in the recommended zones. Make sure that the VPC quota in the corresponding region is sufficient.	No
vswitch_ids	The vSwitches of the cluster. ACS pod addresses are allocated from the vSwitches. To ensure high availability, select vSwitches in different zones. If you do not specify a VPC, vSwitches are automatically created.	No
addons	The components in the cluster. When you create an ACS cluster, you can use `addons` to specify the components that you want to install. If no component is specified, the API installs the core cluster components and other required components.	No

Sample request

The following code provides an example of how to create an ACS cluster. For a complete list of parameters, see CreateCluster.

POST /clusters 
<Common request headers>
{
    "name": "ACS Cluster",                     // Required. The name of the cluster.  
    "cluster_type": "ManagedKubernetes",      // Required. The type of the cluster. 
    "profile": "Acs",                         // Required. The subtype of the cluster.       
    "cluster_spec": "ack.pro.small",          // Required. The specification of the cluster.
    "kubernetes_version": "1.31.1-aliyun.1",  // The Kubernetes version of the cluster. We recommend that you select the latest version.   
    "region_id": "cn-hangzhou",               // Required. The ID of the region. In this example, the cluster is deployed in the China (Hangzhou) region.
    "vpcid": "vpc-j6cc1ddlp4rzs7v******",     // The ID of the VPC. The VPC must be planned before the cluster is created. The VPC cannot be changed after the cluster is created.
    "service_cidr": "192.168.xx.xx/16",       // Required. The Service CIDR block of the cluster.
    "vswitch_ids": [                          // Select multiple vSwitches to ensure high availability.
        "vsw-j6cht66iul7h61x******",
        "vsw-j6c5ne6mxgnx3g5******"
    ],
    "addons": [                               // The user components to install. 
    {
        "name": "alb-ingress-controller"
    }
}

Response examples

Successful response

{
  "cluster_id": "c54c8e4c703834c48bda53ae7841*****",
  "request_id": "08CCB494-7A82-5D51-907C-A6BF658*****",
  "task_id": "T-68007b2164acba01060*****",
  "instanceId": "c54c8e4c703834c48bda53ae7841*****"
}

Error response

The following code provides an example of an error response that is returned because the cluster_type parameter is invalid.

{
  "code": "400",
  "message": "no ros component exists. clusterType: Kubernetes, version: ",
  "requestId": "7D99D268-F1E1-5ED8-B757-E5D38A0*****",
  "status": 400
}

Error codes

For a list of error codes, visit the Error Center.

Container Compute Service:Create an ACS cluster