Container Service for Kubernetes:What is ACK?

ACK cluster types

ACK provides the following types of clusters: ACK managed clusters and ACK dedicated clusters. ACK managed clusters include ACK Basic clusters and ACK Pro clusters. The following table describes the differences between the two cluster types.

Architecture of ACK managed clusters

ACK manages the control planes of ACK managed clusters to provide stable, high-availability, high-performance, and secure Kubernetes services. The managed components include kube-apiserver, kube-controller-manager, kube-scheduler, and etcd. The control plane of each ACK managed cluster contains at least two kube-apiserver components and three etcd components, which are deployed in different zones to ensure zone-level high availability. ACK actively monitors the status of the control planes, installs vulnerability patches, and offers a service level agreement (SLA) for the control planes.

Core features

• Cluster management

  • Cluster creation: You can create various types of clusters based on your business requirements. ACK allows you to customize cluster configurations and select Elastic Compute Service (ECS) instances of different types as worker nodes. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster.

  • Cluster upgrade: You can upgrade the Kubernetes version of your clusters either manually or automatically. ACK allows you to update your system components in a centralized manner. For more information, see Manually upgrade an ACK cluster and Automatically upgrade a cluster.

  • Auto scaling: You can vertically scale your clusters directly in the console to respond to unexpected business fluctuations. You can also configure service-level affinity rules and horizontal scaling settings for your business.

  • Scheduling: ACK supports hybrid scheduling of different elastic resources, fine-grained scheduling of heterogeneous resources, and scheduling of batch computing tasks. This helps improve the performance of applications and the overall resource utilization for clusters.

  • Multi-cluster management: You can register clusters that are deployed in data centers and clusters in multiple clouds or regions in a centralized manner.

  • Permission management: ACK integrates Resource Access Management (RAM) and role-based access control (RBAC) for permission management.

• Node pools

  ACK enables full lifecycle management for node pools and allows you to customize the configurations of each node pool in a cluster. For example, you can configure the vSwitches, container runtime, operating system, and security groups for a node pool based on your business requirements. For more information, see Node pool overview.

• Application management

  • Application creation: You can create various types of applications from images or templates. ACK allows you to customize application configurations, such as environment variables, health checks, disk mounting, and logging.

  • Lifecycle management: You can use ACK to manage the lifecycle of applications. For example, you can view, update, replace, and delete applications, roll back application versions, view application events, perform rolling updates, and use triggers to redeploy applications.

  • Pod scheduling: ACK supports pod scheduling based on pod affinity, node affinity, and pod anti-affinity.

  • Pod scaling: You can manually scale pods or automate pod scaling by using the Horizontal Pod Autoscaler (HPA).

  • Application release: ACK supports canary releases and blue-green deployments. You can use these features to better manage the application release lifecycle.

  • Application catalog: ACK provides the application catalog feature to facilitate application deployment and cloud service integration.

  • Application Center: The Application Center provides a unified management panel for you to deploy your applications and monitor the topology of your applications. You can use the Application Center to implement unified version management and rollback in continuous deployment scenarios.

  • Application backup and recovery: You can back up and restore applications from backup data. For more information, see Back up and restore applications in an ACK cluster.

• Knative: Knative is a Kubernetes-based serverless framework. After you deploy Knative components, you can use Knative to manage services and drive events.

• Volumes

  • The Container Storage Interface (CSI) plug-in is supported. For more information, see CSI overview.

  • Operations on volumes and persistent volume claims (PVCs)

    • You can create block storage volumes, File Storage NAS volumes, and Object Storage Service (OSS) volumes.

    • You can mount a volume to a PVC.

    • You can dynamically create and migrate volumes.

    • You can view and update volumes and PVCs by running scripts.

• Networks

  • You can create container networks by using the Flannel or Terway plug-ins. For more information, see Network overview.

  • You can specify CIDR blocks for services and pods.

  • You can use the network policy feature of ACK to control access to specific applications. For more information, see Use network policies in ACK clusters.

  • You can use ingresses for traffic routing. For more information, see Ingress management.

  • You can implement DNS-based service discovery. For more information, see DNS overview.

• GPU

  ACK allows you to schedule, manage, and maintain various heterogeneous computing resources in a centralized manner. This significantly improves the utilization of GPU resources in ACK clusters for heterogeneous computing. For more information, see Overview.

• O&M and security

  • Observability:

    • Monitoring: ACK integrates Managed Service for Prometheus to monitor clusters, nodes, applications, and pods.

    • Logging: ACK integrates Simple Log Service to collect and store logs of clusters and containers.

    • Alerting: ACK supports alerting based on cluster events and container metrics. For more information, see Alert management.

  • Cluster inspections and diagnostics

    • Cluster check: You can use this feature to check whether your ACK cluster meets the requirements before you perform an operation such as upgrading or migrating a cluster.

    • Cluster inspection: You can use this feature to view the status of ACK clusters and identify potential risks in the clusters, such as insufficient quotas of cloud resources or high usage of key resources in ACK clusters. Based on the recommended solutions, you can then troubleshoot the risks and fix the issues.

    • Cluster diagnostics: You can use this feature to diagnose nodes, pods, Services, Ingresses, memory, and networks with a few clicks to identify issues in your ACK clusters.

  • Cost analysis: ACK visualizes the resource usage and cost distribution of your clusters and improves resource utilization.

  • Security center: ACK actively inspects your applications for security risks and provides security policies for runtime monitoring and alerting.

  • Sandboxed-Container: Sandboxed-Container is a container runtime developed by ACK to enhance container security. You can use Sandboxed-Container to run an application in a sandboxed and lightweight VM, which has a dedicated kernel. Sandboxed-Container is suitable for isolating untrusted applications, unhealthy applications, low-performance applications, and workloads among users.

  • TEE-based confidential computing: ACK provides a cloud-native, all-in-one solution for confidential computing based on Intel Software Guard Extensions (Intel SGX). This solution ensures data security, integrity, and confidentiality when you develop, manage, and deliver trusted applications and confidential computing tasks. The confidential computing capabilities provided by ACK allow you to isolate sensitive data and code by using a trusted execution environment.

Service architecture

The following figure shows the architecture of ACK.

• Container Registry provides secure hosting and lifecycle management for cloud-native assets. Container Registry is seamlessly integrated with ACK to provide an all-in-one solution for image distribution in cloud-native scenarios.

• Service Mesh (ASM) is a managed service mesh platform for centralized traffic management of applications that use the microservices architecture. ASM is compatible with open source Istio and supports multi-cluster traffic management. ASM also allows you to manage communication among containerized applications and applications that run on VMs in a centralized manner.

• ACK Serverless is a serverless Kubernetes service provided by Alibaba Cloud based on the elastic computing architecture. ACK Serverless allows you to create containerized Kubernetes applications without the need to manage or maintain clusters.

• ACK Edge is a container service based on the standard Kubernetes runtime environment. It coordinates application delivery and O&M among the cloud, edge, and terminal. This service also enhances node autonomy at the edge.

• Distributed Cloud Container Platform for Kubernetes (ACK One) is an enterprise-class cloud-native container platform that is developed by Alibaba Cloud to meet container management requirements in hybrid cloud, multi-cluster, distributed computing, and disaster recovery scenarios. You can register third-party and self-managed Kubernetes clusters that are deployed in all regions or on all types of infrastructure with ACK One. ACK One is compatible with the APIs of open source Kubernetes. This allows you to manage and maintain computing resources, networks, storage, security, monitoring data, logs, jobs, applications, and traffic in a centralized manner.

• The cloud-native AI suite is used to orchestrate and manage AI-related tasks and to schedule and maintain various heterogeneous resources in containerized environments. The component set can significantly accelerate the delivery of AI projects and improve the resource utilization for clusters that consist of heterogeneous computing resources. ACK provides multiple components, extensions, and customizable configurations to support cloud-native AI capabilities.

• ACK Lingjun managed clusters are developed based on ACK, which provide standard Kubernetes services with fully-managed and highly-available control planes. ACK Lingjun managed clusters allow you to use Intelligent Computing Lingjun nodes as the worker nodes of Kubernetes clusters.

Alibaba Cloud services that work with ACK

You can use ACK clusters to create resources such as ECS instances, networks, and storage resources for your applications. You can create a bundle of Alibaba Cloud services that involve the least services based on the information in the following figure to obtain technical support in cloud-native system development, security compliance, microservices, observability, storage, computing, and networks. The technical support can help you better develop and maintain your ACK clusters.

We recommend that you use the observability services provided by Alibaba Cloud, including logging and monitoring services. You can use these observability services to monitor your ACK clusters, including infrastructure resources, containers, application performance, and services.

References