Get started with Container Compute Service

更新时间:
复制 MD 格式

When you use Alibaba Cloud Container Compute Service (ACS) for the first time, you must activate the service and grant a specific role permission to access your cloud resources. Only after this role is properly authorized can ACS call related services—such as ECS, OSS, NAS, CPFS, and SLB—and perform operations like creating clusters and saving logs. This topic describes how to activate ACS, authorize the required roles, and activate related Alibaba Cloud services.

Step 1: Activate Container Compute Service (ACS)

  1. Log on to the ACS console. On your first visit, you are redirected to the activation guide page.

  2. Click Activate. On the new page, click Create service-linked role, then click Buy Now.

  3. After completing the activation steps, click Next on the activation guide page to proceed to the Role Authorization step.

Step 2: Role Authorization

Before using ACS, you must grant a specific role permission to access your cloud resources.

Note

Both Alibaba Cloud accounts (root accounts) and RAM users with administrative permissions can authorize the system default roles.

  1. Click Authorize Now. At the bottom of the RAM Quick Authorization page, click Authorize.

    • To create clusters running Kubernetes version 1.33.3-aliyun.1 or later: Due to product optimization in ACS, use the new resource access authorization to authorize roles for Container Service for Kubernetes.

    • To create clusters running Kubernetes version 1.32 or earlier: Use the original resource access authorization to authorize roles.

  2. After completing the authorization, click Close. If the authorization status shows Service role authorized, the authorization succeeded.

    For best practices on RAM authorization for ACS, see Authorization best practices.
  3. Click Next, then click Log on to Console to complete the activation guide.

Step 3: Activate related cloud services

ACS features depend on or integrate with other cloud resources. You must activate these related services.

Note

Only Alibaba Cloud accounts (root accounts) can activate cloud services. RAM users cannot activate cloud services.

Use your Alibaba Cloud account (root account) to log on to the Alibaba Cloud website and activate the following services as needed.

  • Required: Services that ACS clusters strongly depend on. You must activate them.

  • Recommended: Common dependencies for cluster creation and application management. We recommend activating them.

  • Optional: Services you can activate based on your architecture and O&M requirements.

Product name

Activation link

Type

Description

ACK container service

https://www.aliyun.com/product/kubernetes

Required

Create and manage ACK Kubernetes clusters of the ACS type.

VPC

https://www.aliyun.com/product/vpc

Required

Build cluster network environments and routing rules.

SLB (Server Load Balancer)

https://www.aliyun.com/product/slb

Required

Create load balancers for clusters.

NAT Gateway

https://www.aliyun.com/product/nat

Recommended

Enable public network access and pull public images for clusters.

ACR (Container Registry)

https://www.aliyun.com/product/acr

Recommended

Securely host cloud-native assets and manage their full lifecycle.

Simple Log Service (SLS)

https://www.aliyun.com/product/sls

Recommended

Collect and retrieve logs from ACS cluster components and applications.

CMS (Cloud Monitor) service

https://www.aliyun.com/product/jiankong

Recommendations

Monitor the status of cluster nodes and running applications.

ARMS Prometheus

https://www.aliyun.com/product/developerservices/prometheus

Recommendations

Monitor and alert on ACS clusters using Prometheus.

NAS file storage

https://www.aliyun.com/product/nas

Optional

Provide file storage for cluster application data using NAS.

CPFS file storage

https://www.aliyun.com/product/storage/nas_cpfs

Optional

Provide file storage for cluster application data using CPFS.

PrivateZone

https://www.aliyun.com/product/pvtz

Optional

Enable domain name access for ACS applications using private DNS.

Default roles for Container Compute Service

Role

Description

AliyunServiceRoleForAcc

This service-linked role lets ACS access your resources in services such as ACK, ECS, VPC, SLB, and ARMS during cluster management operations.

AliyunCCCSIPluginRole

ACS clusters use this role by default to access storage resources such as disks and NAS.

AliyunCCCCMServiceRole

ACS clusters use this role by default to access load balancing resources such as SLB and ALB.

AliyunCCNECRole

ACS clusters use this role by default to access network-related services such as VPC and ECS, and to create and use EIPs.

AliyunCCKubernetesAuditRole

ACS clusters use this role by default to access SLS resources and collect and display Kubernetes audit logs.

AliyunCCManagedLogRole

ACS clusters use this role by default to access SLS resources and collect and display container logs.

AliyunCCManagedArmsRole

ACS clusters use this role by default to access ARMS monitoring resources and collect and display container resource metrics and application performance metrics.

AliyunCCCISDefaultRole

ACS clusters use this role by default to access cloud services such as ECS, ACK, VPC, and SLB, and to periodically check the health of Kubernetes and its components.

AliyunCCManagedAcrRole

ACS clusters use this role by default to access ACR and obtain temporary credentials to start pods.

AliyunCCForResourceProviderRole

ACS clusters use this role by default to access cloud resources such as SLB, VPC, and vSwitch when creating container instances.

AliyunCCManagedVirtualNodeRole

ACS clusters use this role by default to access cloud resources such as PrivateZone and VPC when creating virtual nodes.

AliyunCCManagedACSBrokerRole

ACS clusters use this role by default to access cloud resources when reporting container instance status and other O&M information.

AliyunCSDefaultRole

Grants Managed Kubernetes permission to access your cloud resources.

AliyunCSManagedKubernetesRole

Grants Managed Kubernetes permission to access resources in other cloud services.

References