All Products
Search
Document Center

Container Service for Kubernetes:what is container service for kubernetes

Last Updated:Feb 14, 2025

Container Service for Kubernetes (ACK) is one of the world's first container service platforms to pass Kubernetes conformance certification. It provides high-performance container application management services and supports the lifecycle management of enterprise-level Kubernetes containerized applications, allowing you to run Kubernetes containerized applications on the cloud easily and efficiently.

Service types

Container Service for Kubernetes includes ACK managed cluster and ACK dedicated cluster. Among them, ACK managed cluster supports Pro Edition and Basic Edition.

Comparison item

ACK managed cluster

ACK dedicated cluster

Main features

You are required to create only worker nodes. ACK creates and manages the control plane.

You are required to create and manage the master nodes and worker nodes.

Simple, low-cost, high availability, no need to manage the control plane.

You have full and fine-grained control over the cluster but you have to plan and manage the cluster and update nodes on your own.

Billing methods

  • ACK managed cluster Basic Edition: Cluster management is free of charge. However, you are charged for worker nodes and infrastructure resources.

  • ACK cluster Pro Edition: Charged based on the number of clusters.

Cluster management is free of charge. However, you are charged for master nodes, worker nodes, and infrastructure resources.

User profiles

  • Require cost reduction

  • Focus on application development

  • Possess a basic understanding of Kubernetes

  • Want to control O&M costs

  • Require automated maintenance for the control plane

  • Not overly concerned about costs

  • Understand Kubernetes

  • Possess technical expertise on Kubernetes O&M

  • Have plans for resource allocation and deployment

  • Have custom requirements on the master nodes

  • Want to manually manage clusters

ACK managed cluster architecture

The control plane of ACK managed cluster is managed by ACK, providing you with a stable, high-availability, high-performance, and secure Kubernetes service. The managed components include kube-apiserver, kube-controller-manager, kube-scheduler, and etcd. Each managed cluster's control plane contains at least two kube-apiserver instances and three etcd instances, deployed in different zones to provide zone-level high availability. ACK actively monitors the status of the control planes, installs vulnerability patches, and offers a service-level agreement (SLA) for the control planes.

Core features

  • Cluster management

    • Cluster creation: You can create various types of clusters based on your business requirements. ACK allows you to customize cluster configurations and select from a rich variety of Elastic Compute Service (E(ECS) instance types to use as worker nodes. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster.

    • Cluster upgrade: Automatically or manually upgrade the Kubernetes version of the cluster and manage system component upgrades in a unified manner. For more information, see Manually upgrade a cluster and Automatically upgrade a cluster.

    • Auto Scaling: Quickly respond to business fluctuations by vertically scaling in or out with one click in the console. It also supports service-level affinity policies and horizontal scaling.

    • Scheduling: Supports mixed scheduling of different elastic resources, fine-grained scheduling of heterogeneous resources, and job scheduling for Batch Compute to improve application performance and overall cluster resource utilization.

    • Multi-cluster management: Supports unified access to clusters in on-premises IDC and multicloud multi-region environments to achieve hybrid cloud application management.

    • Permission management: Supports RAM authorization and RBAC permission management.

  • Node pool

    Supports lifecycle management of node pools and allows configuring node pools with different specifications within the same cluster, such as VSwitch, runtime, OS, security group, and more. For more information, see Node pool overview.

  • Application management

    • Application creation: Supports the creation of various types of applications from images and templates, and supports related configurations such as environment variables, application health, data disks, and logs.

    • Lifecycle management: You can use ACK to manage applications throughout lifecycle. For example, you can view, update, replace, and delete applications, roll back application versions, view application events, perform rolling updates, and use triggers to redeploy applications.

    • Application scheduling: Supports three strategies: node affinity scheduling, inter-application affinity scheduling, and inter-application anti-affinity scheduling.

    • Application scaling: Supports manual scaling of application container instances and HPA automatic scaling policies.

    • Application release: Supports grayscale release and blue-green deployment.

    • App catalog: App catalog is a feature that ACK provides to facilitate application deployment and cloud service integration.

    • Application center: After application deployment, it presents the overall application topology from a unified perspective and provides unified version management and rollback for scenarios such as continuous deployment.

    • Application backup and recovery: Supports backup and recovery of Kubernetes applications. For more information, see Backup and recover applications within a cluster.

  • Storage

    • Storage plug-in: Supports CSI storage plug-ins. For more information, see Storage.

    • Persistent volume and persistent volume claim:

      • Supports creating storage volumes of types such as block storage, NAS, OSS.

      • Supports mounting persistent volume claims (PVC) to storage volumes.

      • Supports dynamic creation and migration of storage volumes.

      • Supports viewing and updating storage volumes and persistent volume claims using scripts.

  • Networking

  • GPU supports unified scheduling and O&M management of various heterogeneous computing resources, significantly improving the resource utilization efficiency of Kubernetes cluster for heterogeneous computing.

  • Knative: A serverless framework based on Kubernetes. After deploying Knative components, you can use Knative for service management and event-driven operations.

  • O&M and security

    • Observability:

      • Monitoring: Supports monitoring at the cluster, node, application, and container instance levels. Supports Prometheus plug-in.

      • Logging: Supports viewing cluster logs. Supports collecting application logs. Supports viewing container instance logs.

      • Alerting: Supports alerting based on cluster events and container metrics. For more information, see Container service alert management.

    • Cluster inspection and diagnosis (AIOps)

      • Use cluster check: Supports performing cluster checks before operations such as cluster upgrades and migrations to confirm whether the cluster meets the requirements.

      • Use cluster inspection: Scans the cluster's operating status to identify potential risks in the cluster, such as cloud resource quota surplus and Kubernetes cluster key resource usage. Troubleshoot risk items and fix issues based on recommended solutions.

      • Use cluster diagnosis: Provides one-click fault diagnosis capabilities, including node diagnosis, pod diagnosis, service diagnosis, Ingress diagnosis

    • Cost Suite: Enables visualization of cluster resource consumption and cost allocation, enhancing the efficiency of cluster resource management.

    • Security Center: Provides management of runtime security policies, inspects application security configurations, and offers monitoring and alerting for runtime security to bolster container security's overall defense in depth.

    • Security sandbox: Enables applications to operate within a lightweight virtual machine sandbox with its own independent kernel, enhancing isolation. This is ideal for use cases that require separation of untrusted applications, fault isolation, performance segregation, and load distribution among multiple users.

    • Confidential Computing: Offers a trusted application environment utilizing Intel SGX or a cloud-native confidential computing platform. This service ensures the security, integrity, and confidentiality of your data during processing by placing sensitive data and code within a protected execution environment that is encrypted.

Service architecture

The following figure illustrates the comprehensive architecture of the Container Service for Kubernetes product suite.

  • Alibaba Cloud Container Registry ACR: Offers secure hosting and comprehensive lifecycle management for cloud-native assets. It facilitates efficient image distribution across various scenarios and integrates seamlessly with Container Service ACK, providing a unified solution for cloud-native applications.

  • Alibaba Cloud ASM (Service Mesh): A managed traffic management platform for microservices that is compatible with Istio. It enables unified traffic management across multiple Kubernetes clusters and ensures consistent communication control for both containerized and virtual machine-based application services.

  • Alibaba Cloud Serverless Kubernetes: A serverless container service that leverages an elastic computing architecture to enable rapid creation of Kubernetes container applications without the need for cluster management and maintenance.

  • ACK Edge: Provides a standard Kubernetes runtime environment with integrated container application delivery, operations, and management capabilities for cloud, edge, and endpoint scenarios. It also enhances autonomy in edge business scenarios.

  • ACK One: An enterprise-level cloud-native platform designed for hybrid cloud, multi-cluster, distributed computing, and disaster recovery scenarios. ACK One connects and manages Kubernetes clusters across any region and infrastructure, offering consistent management and community-compatible API. It supports unified operations and management of computing, networking, storage, security, monitoring, logging, jobs, applications, and traffic.

  • Cloud-native AI suite: Enhances the efficiency of resource utilization in heterogeneous computing clusters and accelerates the delivery of AI projects through the orchestration and management of data computing tasks and the unified scheduling and operations of various heterogeneous computing resources. Alibaba Cloud Container Service ACK supports cloud-native AI capabilities in a modular, composable, extensible, and customizable way.

  • ACK LINGJUN cluster: The Container Service for Kubernetes offers a standard Kubernetes cluster service with a fully managed and high-availability control plane for intelligent computing LINGJUN, supporting LINGJUN compute nodes as worker nodes in Kubernetes clusters.

Related Alibaba Cloud products

Through ACK clusters, you can create essential Alibaba Cloud resources for your application business, such as Elastic Compute Service (ECS), networking, and storage. Following the diagram below, you can assemble a minimal cross-product collection to receive professional technical support in areas like cloud-native system construction, security compliance, microservices, and observability, tailored to your cluster's growth and operational needs.

It is advisable to concentrate on observability solutions that integrate with Container Service ACK, such as logging and monitoring products. You can configure observability services at various levels for infrastructure, container, application performance, and business monitoring.

The table below details the cloud services mentioned in the preceding figure.

Category

Related Product Description

Computing

Elastic Compute Service (ECS) (including Elastic Bare Metal (EBM) and Elastic GPU Service): Provides worker nodes for node pools.

Elastic Container Instance (ECI): Offers container instances for ACK Serverless cluster.

Auto Scaling (ESS): Manages and automatically scales node pools.

Networking

virtual private cloud (VPC): Provides a private network for the cluster.

Server Load Balancer (SLB): Includes ALB, NLB, and CLB, providing access points for the cluster's API Server and application services.

NAT Gateway: Offers public access for all node pools in the cluster.

Elastic IP Address (EIP): Enables public communication for individual worker nodes within the node pool.

Storage

Block storage: Attaches data disks to worker nodes and provides block storage for workloads.

file storage (NAS): Provides file storage for workloads.

Object Storage Service (OSS): Attaches shared storage to workloads.

Cloud Parallel File Storage (CPFS): Provides high-performance shared storage for workloads.

Security

Resource Access Management (RAM): Sets cluster access privileges for RAM users in conjunction with RBAC.

Security Center: Offers runtime security detection for containers.

Key Management Service (KMS): Enables encryption for Secret disks.

Observability

Prometheus Service: Delivers Prometheus monitoring and cluster topology visualization.

Simple Log Service (SLS): Provides a log recording service for the cluster.

Cloud-native Assets

Container Registry (ACR): Serves as an image repository for deploying workloads.

Others

Resource Orchestration Service (ROS): Templates and manages cluster resources.

Related links

Information item

Description

Usage notes and limitations

Announcements and updates

  • For ACK product announcements and updates, including product change announcements, product maintenance announcements, and CVE vulnerability fix announcements, see Announcements and updates.

  • For ACK product release notes, including product features, supported Kubernetes versions, operating system images, runtimes, components, and more, see Product release notes.

Regions and time zones

For regions and time zones supported by ACK, see Service regions and Supported time zones.

Getting started

Quickly experience how to create and use ACK clusters, such as setting up a Rubik's Cube game. For more information, see Getting started.

Kubernetes version mechanism

ACK follows the upstream release rhythm for Kubernetes version iteration. For more information, see ACK version release notes.

Best practices

For best practices in different scenarios within ACK clusters, including clusters, nodes and node pools, networking, applications, Knative, storage, observability, cost suite, Auto Scaling, and more, see Best practices.

Developer reference

In addition to the console and kubectl, you can use API, SDK, CLI, and Terraform to use Container Service for Kubernetes. For more information, see Developer reference.

Billing

ACK clusters involve cluster management, node management, and related cloud product resource fees. For more information, see Billing.

Learning resources

Kubernetes official website

Search for DingTalk group 53765001287 or click ACK DingTalk Group on your mobile phone to join the DingTalk group, and then contact Container Service for Kubernetes experts for technical support.