# Create a Multi-AZ Cluster Multi-AZ Cluster allows deploying the Control Plane across multiple Availability Zones, ensuring **High Availability** for your cluster. When an AZ experiences an outage, the Control Plane continues to operate normally from the remaining AZs without manual intervention. To learn more about concepts, architecture, and the comparison between Single-AZ and Multi-AZ, please refer to [Multi-AZ Control Plane](https://docs.vngcloud.vn/vng-cloud-document/vks/clusters/multi-az-control-plane). In addition to creating via the Portal, you can also create a Multi-AZ Cluster via [VKS API](https://docs.api.vngcloud.vn/service-docs/vks-api.html) or [VKS Terraform](https://registry.terraform.io/providers/vngcloud/vngcloud/latest/docs/resources/vks_cluster). *** ## Prerequisites To create a Multi-AZ Cluster, you need to ensure the following prerequisites: ### 1. VPC must have DNS enabled {% hint style="warning" %} **Important:** Multi-AZ Control Plane **only supports VPCs with DNS enabled**. If a VPC does not have DNS enabled, it will **not appear** in the dropdown when creating a Multi-AZ Cluster. {% endhint %} To enable DNS for your VPC, please do so in the vServer portal following the guide [here](https://github.com/vngcloud/docs/blob/main/English/vserver/compute-hcm03-1a/network/virtual-private-cloud-vpc/README.md). ### 2. Prepare Subnets * **Minimum 2 subnets** from **2 different Availability Zones** * All subnets must belong to the **same VPC** * Subnets must be in **ACTIVE** state Example of valid subnet configuration: | Subnet Name | AZ | CIDR | Valid? | | ----------- | ------ | ------------ | ------ | | sub-1A | HCM-1A | 10.60.0.0/24 | ✅ | | sub-1B | HCM-1B | 10.60.1.0/24 | ✅ | Example of **invalid** subnet configuration: | Subnet Name | AZ | CIDR | Reason for invalidity | | ----------- | ------ | ------------ | --------------------- | | sub-1A | HCM-1A | 10.60.0.0/24 | ❌ Same AZ | | sub-2A | HCM-1A | 10.60.3.0/24 | ❌ Same AZ | ### 3. Other prerequisites * At least 1 **VPC** and 1 **Subnet** in **ACTIVE** state. If you do not have a VPC or Subnet yet, please create one following the guide [here.](https://github.com/vngcloud/docs/blob/main/English/vserver/compute-hcm03-1a/network/virtual-private-cloud-vpc/README.md) * At least 1 **SSH key** in **ACTIVE** state. If you do not have an SSH key, please create one following the guide [here.](https://github.com/vngcloud/docs/blob/main/English/vserver/compute-hcm03-1a/security/ssh-key-bo-khoa.md) *** ## Create Cluster To create a Multi-AZ Cluster, follow the steps below: **Step 1:** Navigate to **Step 2:** On the **Overview** screen, select **Activate.** **Step 3:** Wait until we successfully initialize your VKS account. After successful activation, select **Create a Cluster.** **Step 4:** On the cluster creation screen, configure the **Cluster Configuration**: * Cluster Information: * **Cluster Name:** Name for your Cluster. The name can only contain alphanumeric characters (a-z, A-Z, 0-9, '\_', '-'). Input length must be between 5 and 50. The name must be unique within the Region and GreenNode account where you are creating the Cluster. * **Kubernetes Version:** The Kubernetes version to use for your Cluster. We recommend selecting the latest version unless you need an older version. * **Description:** Enter notes for your Cluster to create distinctive markers for easier management in the future. **Step 5:** Configure the **Network Setting** — this is the most important step for creating a Multi-AZ Cluster: * **Control Plane Availability:** Select **Multi-AZ** to deploy the Control Plane across multiple Availability Zones.

There are 2 options: | Option | Description | | ----------------------- | -------------------------------------------------------------------------------------------------------- | | **Single-AZ** (default) | Deploy the cluster in a single Availability Zone. Suitable for development and testing environments. | | **Multi-AZ** | Deploy the cluster across multiple Availability Zones for High Availability. Recommended for production. | * **Network type:** Select the network type you want to use for your Cluster. Currently, VKS provides 3 network types: Calico Overlay, Cilium Overlay, Cilium VPC Native Routing. * For **Calico Overlay, Cilium Overlay** network types: Encapsulation Mode is automatically set by the system and cannot be changed. You can modify the **CIDR** (the virtual network range that pods will use). * For **Cilium VPC Native Routing** network type: When selecting this network type, the **Node CIDR mask size** field will appear in the Network Setting section. This parameter specifies the CIDR size allocated to each node, determining the number of IP addresses from the Pod IP range that can be assigned to that node. You need to select a value that suits your needs.

{% hint style="info" %} **Note about Cilium VPC Native Routing and Multi-AZ:** When selecting **Cilium VPC Native Routing** combined with **Multi-AZ**, the **Pod IP range** (Default Pod IP range) field will **not appear** in the Network Setting section but is moved to the **Node Group Network Setting** (Step 7). This allows each Node Group in each AZ to configure its own Pod IP range. {% endhint %} * **VPC:** Select a VPC with **DNS enabled** from the dropdown. Note: when selecting Multi-AZ, **only VPCs with DNS enabled will be displayed**. If you do not see any VPC in the list, please enable DNS for your VPC in the vServer portal. * **Subnets:** When selecting **Multi-AZ**, the Subnet field changes to a **multi-select dropdown**, allowing you to select multiple subnets: * The system will **automatically pre-select the first subnet from each AZ** available in the VPC. For example: If the VPC has subnets in HCM-1A, HCM-1B, HCM-1C → 3 subnets are pre-selected by default (1 subnet/zone). * Selected subnets are displayed as **chip/tag**. Click the **(x)** button on a chip to remove that subnet from the selection. * You can add/remove subnets but must ensure **at least 2 subnets from 2 different AZs**.

{% hint style="info" %} **Validation Rules:** * At least **2 subnets** must be selected * Subnets must belong to **at least 2 different AZs** * If 2 subnets from the same AZ are selected, the system will display an error: *"Subnets must belong to at least 2 different Availability Zones"* {% endhint %} **Step 6:** Configure the **Default Node Group Configuration**: * Node Group Information: * **Node Group Name**: A descriptive name for your Node Group. * **Number of nodes:** Enter the number of Worker nodes for your Cluster. Note that the number of nodes must be greater than or equal to 1 and less than or equal to 100. * Node Group Automation Setting: * **Auto Healing:** By default, we enable the HA feature in your Cluster. * **Auto Scaling:** Enable auto-scaling in your Cluster. * **Minimum node**: the minimum number of nodes the Cluster needs. * **Maximum node**: the maximum number of nodes the Cluster can scale to. * **Node Group upgrade strategy:** Node Group upgrade strategy via **Surge upgrade** method. * **Max surge:** limits the number of nodes upgraded simultaneously. Default **Max surge = 1**. * **Max unavailable**: limits the number of nodes that cannot be accessed during the upgrade. Default **Max unavailable = 0**. * Node Group Setting: * **Image**: by default, we provide 1 Image type: Ubuntu with containerd. * **Instance type**: select the appropriate instance type for Worker nodes based on your usage needs. * Node Group Volume Setting: **Boot Volume Configuration** – Parameters are set by default by the system to optimize your Cluster. **Step 7:** Configure the **Node Group Network Setting** — this section differs from Single-AZ Cluster:

* You can choose **Public Node Group** or **Private Node Group** based on your Cluster usage needs. * **VPC:** Inherited from Network Configuration (read-only, cannot be changed). * **Subnet:** Single-select dropdown, **only displays the subnets selected for the cluster in Step 5**. Each Node Group can only select **1 subnet** (corresponding to 1 AZ). * **Pod IP range** *(only displayed when Network type = Cilium VPC Native Routing)*: The secondary IP range used to allocate IP addresses for pods on this Node Group. You need to select at least 1 Secondary IP range created from vServer.

{% hint style="info" %} **Note:** * The Node Group's AZ is automatically determined based on the selected subnet. * You can create additional Node Groups in other AZs after the cluster is created. * To ensure High Availability for workloads, you should create multiple Node Groups in different AZs. This distributes worker nodes across multiple AZs, increasing fault tolerance for your applications. * When using **Cilium VPC Native Routing**, each Node Group can select its own **Pod IP range**, suitable for allocating network resources per AZ. {% endhint %} * Node Group Security Setting: You can select **Security Group and SSH Key** for your Node Group. * Node Group Metadata Setting: You can enter **Metadata** for your Node Group. **Step 8:** Configure **Plugins**: * **Enable BlockStore Persistent Disk CSI Driver**: enable to automatically install the CSI Controller on your Cluster. * **Enable vLB Native Integration Driver**: enable to automatically install the LB Controller on your Cluster. **Step 9:** Select **Create Kubernetes cluster.** Please wait a few minutes for us to initialize your Cluster. The Cluster status at this point is **Creating**. **Step 10:** When the **Cluster** status is **Active**, you can view Cluster information and Node Group information by clicking on the Cluster Name in the **Name** column. In the **Control Plane Availability** column, you will see the **Multi-AZ** badge confirming the cluster was created with the correct configuration.

*** ## Connect and verify the newly created Cluster Multi-AZ Cluster supports both **Public Cluster** and **Private Cluster** access modes. The way you connect to the kube-api will differ depending on the mode you selected in Step 5: {% hint style="info" %} **With Public Cluster:** The kube-api endpoint is exposed to the internet. You can connect to the kube-api from **anywhere** with an internet connection — no need to be within the VPC. {% endhint %} {% hint style="warning" %} **With Private Cluster:** The kube-api endpoint is only accessible from within the VPC. To access the **kube-api** of the Control Plane, you must be **within the VPC** that you selected for the Cluster. If you are not within the VPC, you will not be able to connect to the kube-api. You can SSH into a server within the same VPC to perform the steps below. {% endhint %} After the Cluster has been successfully initialized, you can connect and verify the newly created Cluster by following these steps: **Step 1:** Navigate to **Step 2:** The Cluster list is displayed. Select the **three-dot icon** to open the dropdown menu, then choose **Download config file** to download the kubeconfig file. This file will give you full access to your Cluster. **Step 3:** Rename this file to config and save it to the **\~/.kube/config** directory **Step 4:** Verify the Cluster using the following commands: * Run the following command to check **nodes** ``` kubectl get nodes -o wide ``` * If the output is similar to the following, your Cluster has been successfully initialized: ``` NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP vks-multi-az-cluster-nodegroup-1a-abc123 Ready 5m v1.30.1 10.60.0.10 ``` * Run the following command to check **services** ``` kubectl get svc ``` * The output should be similar to: ``` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 443/TCP 10m ``` {% hint style="info" %} **Next steps:** * To ensure High Availability for workloads, you should **create additional Node Groups in other AZs**. Refer to the Node Group management guide [here](https://docs.vngcloud.vn/vng-cloud-document/vks/node-groups). * To learn more about managing, upgrading, and deleting Multi-AZ Clusters, please refer to [Multi-AZ Control Plane](https://docs.vngcloud.vn/vng-cloud-document/vks/clusters/multi-az-control-plane). {% endhint %}