How to create an ACK Serverless cluster in the ACK console-Container Service for Kubernetes(ACK)-阿里云帮助中心

Important

Starting February 17, 2025, ACK Serverless no longer allows new users to create clusters. If you have never created an ACK Serverless cluster, use one of the following alternatives:

Create an ACS cluster for serverless container computing with Container Compute Service (ACS).
Use serverless computing elastically in ACK Managed Cluster Pro Edition. Existing ACK Serverless users are not affected. Current clusters and new cluster creation within default quotas continue as expected. See Announcement on deprecation of cluster creation interface for new users of ACK Serverless clusters.

ACK Serverless clusters run containerized workloads without provisioning or managing nodes. Pods scale within seconds based on CPU and memory requests, and you pay only for resources consumed. ACK Serverless fits variable workloads where on-demand scheduling reduces costs.

Prerequisites

Ensure the following:

Activated ACK and granted it access to Alibaba Cloud services
Activated Elastic Container Instance (ECI) in the ECI console

Step 1: Open the cluster creation page

Log on to the ACK console. In the left-side navigation pane, click Clusters.
In the top navigation bar, select a resource group and region.
On the Clusters page, click Create Kubernetes Cluster.
Click the ACK Serverless tab.

Step 2: Configure cluster settings

Basic settings

Parameter	Description
Cluster Name	A custom name for the cluster.
Cluster Specification	Select Pro (recommended for production and test environments) or Basic (learning and individual testing only). See Comparison.
Region	The cluster region. Choose a region close to your users to minimize latency.
Kubernetes Version	The Kubernetes version. Use the latest unless you have a specific compatibility requirement. See Kubernetes versions supported by ACK.
Automatic Update	Enables periodic control plane updates during the maintenance window. See Automatically update a cluster.
Maintenance Window	The window during which ACK applies automatic updates. Click Set to configure maintenance policies.

Network settings

Parameter	Description
IPv6 Dual-stack	Enables IPv4/IPv6 dual-stack networking (public preview). Submit a request in the Quota Center console to enable. Requires Kubernetes 1.20.11-aliyun.1 or later and a dual-stack VPC.
VPC	The VPC for the cluster. Specify a zone to let ACK create a VPC automatically, or select an existing VPC.
Configure SNAT for VPC	Configures Source Network Address Translation (SNAT) so pods can access the internet. ACK handles setup automatically when selected. See SNAT behavior. Do not select if the cluster uses a shared VPC.
vSwitch	Select existing vSwitches or click Create vSwitch. The control plane and default node pool use the selected vSwitches. For high availability, select vSwitches in different zones.
Security Group	The cluster security group. Options: Create Basic Security Group, Create Advanced Security Group, or Select Existing Security Group (existing VPC only). See Security group considerations.
Access to API Server	Configures API server access. ACK creates a pay-as-you-go internal-facing Classic Load Balancer (CLB) instance by default. To reuse an existing CLB, submit a ticket first. Select Expose API server with EIP to enable public access, or clear it for VPC-only access. See API server access notes.
Service CIDR	The CIDR block for Kubernetes Services. Must not overlap with VPC, other cluster, or pod CIDR blocks. Cannot be changed after creation. See Network planning of an ACK managed cluster.
IPv6 Service CIDR Block	The IPv6 CIDR block for Services. Applicable only with dual-stack enabled. Specify a Unique Local Unicast Address (ULA) range within `fc00::/7`, prefix length 112–120 bits. Match the address count to your Service CIDR block. See Network planning.

SNAT behavior

When you select Configure SNAT for VPC, ACK applies the following rules:

No existing NAT gateway: ACK creates a NAT gateway and adds vSwitch-level SNAT rules for cluster vSwitches.
Existing NAT gateway, no VPC-level SNAT rules: ACK adds vSwitch-level SNAT rules for cluster vSwitches.
Existing NAT gateway with VPC-level SNAT rules: No changes are made.

If unselected, manually configure a NAT gateway and SNAT rules after cluster creation. See Create and manage an Internet NAT gateway.

Security group considerations

Auto-created security groups allow all outbound traffic by default. If you modify the rules, keep 100.64.0.0/10 open for pulling container images and querying ECS metadata.
When you select an existing security group, ACK does not configure rules automatically. Configure rules manually. See Configure security groups for clusters.

API server access notes

Do not delete the default CLB instance. Deleting it makes the API server unreachable.
Attaching an EIP exposes the API server to public traffic, but resources inside the cluster still cannot access the internet. To allow pods to pull public images, also select Configure SNAT for VPC.
The API server restarts briefly when you associate or disassociate an EIP. Avoid running cluster operations during the restart.
Starting December 1, 2024, newly created CLB instances incur an instance fee. See CLB billing adjustments.

Advanced settings

Parameter	Description
Deletion Protection	Prevents the cluster from being accidentally deleted. Enable this for production clusters.
Resource Group	The resource group for the cluster. Each resource belongs to exactly one resource group.
Labels	Key-value pairs that help you organize and identify cloud resources.
Cluster Domain	The in-cluster DNS suffix. Defaults to `cluster.local`. Example: a Service named `my-service` in the `default` namespace resolves to `my-service.default.svc.cluster.local`. See Container network FAQ for custom domain notes.
Time Zone	The time zone of the cluster. Defaults to your browser's time zone.

Step 3: Configure components

Click Next: Component Configurations.

Component	Description
Service Discovery	Options: Disable, PrivateZone, or CoreDNS. PrivateZone resolves private domains within VPCs. CoreDNS is the standard Kubernetes service discovery component.
Ingress	Options: Do Not Install, Nginx Ingress, ALB Ingress, or MSE Ingress. Nginx Ingress provides Ingress-based routing. ALB Ingress delivers Layer-7 load balancing through ALB with automatic certificate discovery, HTTP/HTTPS/QUIC, and elastic traffic handling. MSE Ingress uses MSE cloud-native gateways for advanced traffic management.
Container Monitoring	Enables Managed Service for Prometheus for dashboards and performance metrics. Optionally install metrics-server for offline monitoring.
Log Service	Select Enable Log Service to integrate with Simple Log Service (SLS). If disabled, cluster auditing is unavailable. See Quick start with Logtail.
Knative	Select Enable Knative to install the Knative serverless framework for request-based auto scaling, scale-to-zero, version management, and canary releases.

Step 4: Confirm and create the cluster

Click Next: Confirm Order.
Review the cluster configuration and read the terms of service.
Click Create Cluster.

Cluster creation takes approximately 10 minutes.

Verify cluster creation

The new cluster appears on the Clusters page.

On the Clusters page, find your cluster and click Details in the Actions column.
Click the Basic Information tab.
Click the Connection Information tab. The following details are displayed:
- API server Public Endpoint: The public IP and port for managing the cluster with kubectl or other tools.
- API server Internal Endpoint: The internal IP and port for in-cluster API access, served by the associated SLB instance.
Click the Cluster Logs tab to review event logs.

Manage EIP association

You can associate or disassociate an EIP to manage public API server access:

Associate EIP: Select an existing EIP or create a new one. The API server restarts during this operation.
Disassociate EIP: Removes public access to the API server. The API server restarts during this operation.

Avoid running cluster operations while the API server restarts.