What is ACK Serverless? - Container Service for Kubernetes

This topic describes ACK Serverless and its benefits, use scenarios, and key features to help you quickly get started with ACK Serverless clusters. This topic also compares ACK Serverless clusters with ACK clusters.

Overview

ACK Serverless is a serverless container service provided by Alibaba Cloud. ACK Serverless clusters provided by ACK Serverless are nodeless. You can deploy applications without the need to plan, purchase, or maintain nodes. You are charged for CPU and memory resources allocated to applications on a pay-as-you-go basis. ACK Serverless clusters provide Kubernetes-compatible capabilities to allow beginners to focus on applications instead of infrastructure management.

ACK Serverless clusters are classified into ACK Serverless Basic clusters and ACK Serverless Pro clusters. ACK Serverless Pro clusters are developed based on ACK Serverless Basic clusters and provide improved security and reliability for large-scale production. ACK Serverless clusters are also covered by the service level agreement (SLA) that supports compensation clauses. For more information about ACK Serverless Pro clusters, see ACK Serverless Pro cluster overview.

Benefits

Benefit	Description
Out-of-the-box	You can quickly create ACK Serverless clusters and deploy applications in ACK Serverless clusters without the need to manage Kubernetes nodes and servers.
Ultralarge capacity	You can create more than 50,000 pods in an ACK Serverless cluster without the need to add additional configurations or design the size of the cluster. Important We recommend that you keep the number of pods under 20,000 if a large number of pods are associated with the Service.
Second-level scaling	You can create thousands of pods within a short period of time to handle traffic spikes.
Predictive scaling	ACK Serverless can predict resource demand based on historical data and then scale resources promptly during peak hours.
Compatibility with cloud-native services	ACK Serverless is fully compatible with Kubernetes and supports Kubernetes-native applications and ecosystems. You can seamlessly migrate Kubernetes applications to ACK Serverless.
Isolation for security	You can deploy pods on elastic container instances. Instances on which pods are deployed are isolated from each other by using the lightweight virtual sandbox technology.
Cost savings	Pods are created on demand. You are charged based on the resources used by your applications. The serverless architecture helps prevent resource waste and reduce O&M costs.
Service integration	You can seamlessly integrate containerized applications with the fundamental services of Alibaba Cloud. Containers can communicate with applications deployed on virtual machines.
ACK Serverless Pro clusters	Compared with ACK Serverless Basic clusters, ACK Serverless Pro clusters are more reliable, ensure higher service uptime, and allow you to deploy more pods. You can seamlessly migrate applications from ACK Serverless Basic clusters to ACK Serverless Pro clusters.

Comparison between ACK Serverless clusters and ACK clusters

The following figure compares the left-side ACK cluster with the right-side ACK Serverless cluster.

Use scenarios

Scenario	Description
Application hosting	In ACK Serverless clusters, you do not need to manage or maintain nodes or plan the cluster size. This greatly reduces the costs on infrastructure management and maintenance.
Traffic spikes	For fluctuating workloads in industries such as online education and e-commerce, ACK Serverless clusters can scale resources within seconds to help you reduce computing costs, prevent resource waste, and withstand traffic spikes. For more information, see Auto scaling overview.
Data computing	To handle computing jobs such as Spark jobs, ACK Serverless clusters can start large numbers of pods within a short period of time and release pods immediately after the jobs are complete to reduce computing costs. For more information, see Use ACK Serverless to create Spark tasks.
CI/CD	You can use ACK Serverless clusters to build a continuous integration (CI) environment, such as Jenkins or Gitlab-Runner, to quickly compile application code, build and push images, and create pipelines. CI jobs are isolated from each other. You do not need to maintain resource pools, which reduces computing costs. For more information, see Deploy Jenkins in an ACK Serverless cluster and then create and deploy an application and Elastic and cost-effective CI/CD based on ACK Serverless.
CronJobs	You can run CronJobs in ACK Serverless clusters. The billing stops after the jobs are complete. You do not need to maintain resource pools, which helps prevent resource waste. For more information, see Use CronHPA for scheduled horizontal scaling.

Key features

ACK Serverless clusters provide Kubernetes-compatible capabilities. In addition to Kubernetes-native features, we recommend that you pay attention to the following features when you use ACK Serverless clusters.

ECI Profile

Pods in ACK Serverless clusters run on elastic container instances. You can configure Elastic Container Instance Profile to control pods and pod-related cluster actions in a fine-grained manner. Elastic Container Instance Profile is a ConfigMap named eci-profile in the kube-system namespace. The following table describes the key parameters.

Parameter	Description
vpcId	The unique identifier of the virtual private cloud (VPC) in which pods are deployed.
securityGroupId	The unique identifier of the Overview of the VPC.
vSwitchIds	The unique identifier of the vSwitch in the VPC. Separate multiple vSwitch IDs with commas (,). Virtual nodes are generated based on vSwitches.
selectors	The pod selector. The pod selector can select pods based on namespaces or labels, and automatically add annotations or labels.
enableClusterIp	Specifies whether to use the ClusterIP. Default value: true.
enableLogController	Specifies whether to enable the Alibaba Cloud log controller. Default value: false.
enablePVCController	Specifies whether to enable the persistent volume claim (PVC) controller. Default value: false.
enablePrivateZone	Specifies whether to enable the service discovery feature of PrivateZone. Default value: false.
featureGates	Specifies whether to enable feature gates.

For more information, see Overview of Elastic Container Instance.

Virtual nodes

When you use ACK Serverless clusters, you do not need to manage nodes. To ensure that ACK Serverless clusters are compatible with Kubernetes-native features, you can still find virtual nodes in ACK Serverless clusters. Virtual nodes in ACK Serverless clusters can provide ultra-large computing resources to handle traffic fluctuations. Virtual nodes are generated based on the vSwitchIds parameter in the eci-profile ConfigMap. Virtual nodes do not occupy any computing resources.

Pod configurations

You can customize pods in ACK Serverless clusters by adding annotations to pods. The following table describes the annotations.

Important

The annotations described in the following table are applicable only to the pods that are scheduled to virtual nodes. These pods run on elastic container instances. The annotations cannot be added to the pods that are scheduled to regular nodes.
Add annotations to the metadata field of the pods. For example, when you configure a Deployment, add annotations in the spec.template.metadata field.
Pod annotations have a higher priority than the settings that correspond to the same feature in the Elastic Container Instance profile.

Annotation	Example	Description	References
k8s.aliyun.com/eci-security-group	sg-bp1dktddjsg5nktv****	The ID of the security group.	Assign security groups to an elastic container instance
k8s.aliyun.com/eci-vswitch	vsw-bp1xpiowfm5vo8o3c****	The IDs of the vSwitches. You can specify multiple vSwitches across zones.	Configure multiple zones to create an elastic container instance-based pod
k8s.aliyun.com/eci-schedule-strategy	vSwitchOrdered	The multi-zone scheduling policy. Valid values: vSwitchOrdered: Resources in the specified zones are scheduled in the order in which the vSwitches are specified. vSwitchRandom: Resources in the specified zones are scheduled in a random manner.
k8s.aliyun.com/eci-ram-role-name	AliyunECIContainerGroupRole	The Resource Access Management (RAM) role that Elastic Container Instance assumes to access other Alibaba Cloud services.	Configure RAM roles
k8s.aliyun.com/eci-use-specs	2-4Gi,4-8Gi,ecs.c6.xlarge	The specifications of elastic container instances. You can specify multiple specifications, such as the number of CPU cores and the memory size. You can also specify an ECS instance type.	Specify multiple instance specifications to create an elastic container instance
k8s.aliyun.com/eci-spot-strategy	SpotAsPriceGo	The bidding policy of the preemptible instance. Valid values: SpotAsPriceGo: The instance is billed at the market price at the time of purchase. SpotWithPriceLimit: You must specify the highest price that you want to pay for the preemptible instance.	Create a preemptible elastic container instance
k8s.aliyun.com/eci-spot-price-limit	0.5	The highest price of the preemptible instance. Note This parameter is valid only if k8s.aliyun.com/eci-spot-strategy is set to SpotWithPriceLimit.	Create a preemptible elastic container instance
k8s.aliyun.com/eci-cpu-option-core	2	The number of physical CPU cores.	Specify CPU options
k8s.aliyun.com/eci-cpu-option-ht	1	The number of threads per core.	Specify CPU options
k8s.aliyun.com/eci-reschedule-enable	"true"	Specifies whether to enable the rescheduling feature for elastic container instances.	ECI Pod Annotation
k8s.aliyun.com/pod-fail-on-create-err	"true"	Specifies whether to set the status of the elastic container instances to Failed if pods fail to be created on the elastic container instances.	ECI Pod Annotation
k8s.aliyun.com/eci-image-snapshot-id	imc-2zebxkiifuyzzlhl****	The ID of the image cache. Note To use an image cache to create an elastic container instance, you can specify the image cache that you want to use or enable automatic matching for image caches. We recommend that you enable automatic matching for image caches.	Use ImageCache to accelerate the creation of pods
k8s.aliyun.com/eci-image-cache	"true"	Specifies whether to enable automatic matching for image caches. Note To use an image cache to create an elastic container instance, you can specify the image cache that you want to use or enable automatic matching for image caches. We recommend that you enable automatic matching for image caches.	Use ImageCache to accelerate the creation of pods
k8s.aliyun.com/acr-instance-id	cri-j36zhodptmyq****	The ID of the Container Registry Enterprise Edition instance. You can specify a Container Registry Enterprise Edition instance that resides in a region different from the region of the elastic container instance. To do this, you must add the region name of the Container Registry Enterprise Edition instance before the ID of the Container Registry Enterprise Edition instance. Example: cn-beijing:cri-j36zhodptmyq****.	Pull images from a Container Registry Enterprise Edition instance without using a secret
k8s.aliyun.com/eci-eip-instanceid	eip-bp1q5n8cq4p7f6dzu****	The ID of the elastic IP address (EIP).	Associate an EIP with an elastic container instance
k8s.aliyun.com/eci-with-eip	"true"	Specifies whether to automatically create an EIP and associate the EIP with the pod.
k8s.aliyun.com/eip-bandwidth	5	The bandwidth value for the EIP.
k8s.aliyun.com/eip-common-bandwidth-package-id	cbwp-2zeukbj916scmj51m****	The ID of the EIP bandwidth plan.
k8s.aliyun.com/eip-isp	BGP	The line type for the EIP. This annotation is applicable only to pay-as-you-go EIPs. Valid values: BGP: BGP (Multi-ISP) lines BGP_PRO: BGP (Multi-ISP) Pro lines
k8s.aliyun.com/eip-internet-charge-type	PayByBandwidth	The metering method of the EIP. Valid values: PayByBandwidth: Fees are charged based on bandwidth usage. PayByTraffic: pay-by-data-transfer
k8s.aliyun.com/eci-enable-ipv6	"true"	Specifies whether to assign an IPv6 address to the instance.	Assign an IPv6 address to an Elastic Container Instance-based pod
k8s.aliyun.com/eci-ipv6-bandwidth-enable	"true"	Specifies whether to enable Internet access to the pod over IPv6 addresses.
k8s.aliyun.com/eci-ipv6-bandwidth	100M	The maximum public bandwidth of the IPv6 address.
kubernetes.io/ingress-bandwidth	40M	The inbound bandwidth.	Limit the inbound and outbound bandwidth of an elastic container instance
kubernetes.io/egress-bandwidth	20M	The outbound bandwidth.
k8s.aliyun.com/eci-extra-ephemeral-storage	50Gi	The temporary storage capacity.	Scale up the temporary storage space
k8s.aliyun.com/eci-eviction-enable	"true"	Specifies whether to automatically evict pods that do not have sufficient temporary storage space from elastic container instances.	Automatically evict pods whose temporary storage spaces are insufficient
k8s.aliyun.com/eci-core-pattern	/pod/data/dump/core	The directory in which core dump files are stored.	Use coredump to analyze instance program exceptions
k8s.aliyun.com/eci-ntp-server	100.100..	The IP address of the Network Time Protocol (NTP) server.	Configure the NTP service
k8s.aliyun.com/plain-http-registry	"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80"	The IP address of the self-managed image repository. When you create an elastic container instance by using an image in a self-managed image repository that uses the HTTP protocol, you must specify this parameter. This allows Elastic Container Instance to pull the image over HTTP and prevents image pull failures due to the use of different protocols.	Pull an image from a self-managed image repository
k8s.aliyun.com/insecure-registry	"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80"	The domain name of the self-managed image repository. When you create an elastic container instance by using an image in a self-managed image repository that uses a self-signed certificate, you must add this annotation to the instance to skip the certificate authentication. This prevents image pull failures due to certificate authentication failures.	Pull an image from a self-managed image repository

For more information, see ECI Pod Annotation.

Network management

By default, Elastic Container Instance-based pods use the host network mode. Each pod must be assigned an elastic network interface (ENI) by the vSwitch. This enables communications with the Elastic Compute Service (ECS) instances and ApsaraDB RDS instances in the VPC in which the cluster is deployed.

Item	Description
Service	You can create ClusterIP and LoadBalancer Services. You cannot create NodePort Services, and you cannot enable Session Affinity. Note ACK Serverless clusters do not support node-relevant features.
Ingress	SLB Ingress: supports Layer 7 traffic forwarding based on Server Load Balancer (SLB) instances without controllers. For more information, see Ingress demo. NGINX Ingress: allows you to create NGINX Ingresses after nginx-ingress-controller is deployed. For more information, see ingress-nginx demo.
Service discovery	To use the service discovery feature within a cluster, enable PrivateZone or CoreDNS when you create the cluster. You can also use the ECI profile to enable PrivateZone or install the CoreDNS component from the Add-ons page of the ACK console after the cluster is created.
EIP	You can associate EIPs with Elastic Container Instance-based pods. You can automatically create an EIP for an Elastic Container Instance-based pod or associate an existing EIP with an Elastic Container Instance-based pod.

Storage management

You can mount Elastic Block Storage (EBS) or File Storage NAS (NAS) file systems to pods.

Item	Description
EBS (disks)	To mount a disk by using FlexVolume, you do not need to install FlexVolume. You can mount a disk by specifying the disk ID. For more information, see disk-flexvolume-static.yaml demo. You can also dynamically provision disks as volumes. For more information, see disk-flexvolume-dynamic.yaml demo. To dynamically provision disks by creating persistent volumes (PVs) and PVCs, you must first install disk-controller. For more information, see disk-pvc-dynamic.yaml demo.
NAS	To use NFS volumes, you can mount NAS file systems by using NFS. For more information, see nas-nfsvolume.yaml demo. To statically provision NAS file systems as volumes by using FlexVolume, you can directly specify the mount target without the need to install FlexVolume. For more information, see nas-flexvolume.yaml demo. To statically provision NAS file systems as volumes by creating PVs and PVCs, you must first install disk-controller. For more information, see nas-pvc.yaml demo.

Observability

Item	Description
Logging	In ACK Serverless clusters, you can modify eci-profile to enable Simple Log Service to collect pod logs. For more information, see the Step 1: Create an application and configure Simple Log Service to collect application log section of the "Collect application logs by using pod environment variables" topic.
Monitoring	You can install the arms-prometheus component to enable cluster monitoring for an ACK Serverless cluster. For more information, see Enable Managed Service for Prometheus.

Image management

ACK Serverless clusters allow you to use image caches to accelerate the creation of pods. This reduces the response time of applications. For more information about how to enable the image cache feature for pods, see Use ImageCache to accelerate the creation of pods.
If you want to pull images from Container Registry to create pods in ACK Serverless clusters, you can pull images from a Container Registry Enterprise Edition instance without a using a secret.

Auto scaling

ACK Serverless clusters are nodeless. You do not need to worry about node planning or cluster expansion by using cluster-autoscaler. You need to only scale applications to meet your business requirements. We recommend that you configure Horizontal Pod Autoscaler (HPA) or CronHPA policies to adjust the number of pods on demand. For more information, see Auto scaling overview.

Authorization

If your application pods need to access Alibaba Cloud services, you can configure RAM Roles for Service Accounts (RRSA) to complete authorization.

Cluster management

Item	Description
Intelligent O&M	You can use the intelligent O&M feature to periodically check the health status of ACK Serverless clusters, or run prechecks on clusters to be upgraded or migrated.
Updates	You can upgrade ACK Serverless clusters without service interruptions.
ACK Serverless Pro	ACK Serverless Pro clusters are more reliable, ensure higher service uptime, and allow you to create more pods.
Migration	You can upgrade trial or old ACK Serverless Basic clusters to ACK Serverless Pro clusters without service interruptions for higher service reliability.

Component management

ACK Serverless clusters provide a variety of components and extended cluster features. You can deploy, update, or uninstall components based on your business requirements. For more information, see Manage components.

Managed components

To simplify cluster O&M and allow you to focus on application development, ACK Serverless clusters provide managed system components. You can use the following managed system components in ACK Serverless clusters: kube-scheduler, cloud-controller-manager, kube-controller-manager, and kube-apiserver. In addition to these key Kubernetes components, ACK Serverless clusters will provide more managed storage, networks, and monitoring components in the future.

Important

Managed components can create objects such as ClusterRoles, ClusterRoleBindings, ServiceAccounts, Services, and ConfigMaps. However, the objects created by managed components are not deployed on elastic container instances that run in ACK Serverless clusters. To ensure cluster stability, we recommend that you do not modify the objects created by managed components.

Managed components are deployed and maintained by ACK Serverless clusters. You can use the ACK API to interact with the managed components in ACK Serverless clusters. Managed components provide the following benefits:

Save the costs of elastic container instances.
Provide automated deployment and maintenance.
Use high availability architectures.

Application management

You can install Helm charts from the Marketplace page in the ACK console and then manage them on the Helm page. For more information, see Use Helm to simplify application deployment.

Billing rules

ACK Serverless clusters are classified into ACK Serverless Basic clusters and ACK Serverless Pro clusters. The billable items and billing rules vary based on the type of cluster. For more information, see Billing of ACK Serverless clusters.

Limits

ACK Serverless clusters have the following limits:

ACK Serverless clusters do not support DaemonSets. You can replace DaemonSets with sidecar containers.
You cannot specify HostPath or HostNetwork in pod manifests.
ACK Serverless clusters do not support privileged containers. You can use a security context to add capabilities to a pod.
Note
The privileged container feature is in internal preview. To use this feature, submit a ticket.
ACK Serverless clusters do not support NodePort Services or Session Affinity feature.
ACK Serverless clusters do not support the China South Finance, or Alibaba Gov Cloud regions.

Contact us

If you have questions about ASK clusters, join the DingTalk group 31544226.