All Products
Search
Document Center

Container Service for Kubernetes:Component overview

Last Updated:May 31, 2024

Container Service for Kubernetes (ACK) provides various types of components. You can install, upgrade, or uninstall components based on your business requirements. The topic describes the cluster components that are managed by ACK based on their features.

Component types

The cluster components managed by ACK are classified into system components and optional components.

  • System components are automatically installed when you create ACK clusters.

  • Optional components extend the features of clusters. You can install optional components when you create ACK clusters.

Key components

Component

Type

Description

Kube API Server

System component

Serves as the access gateway to a Kubernetes cluster.

Kube Controller Manager

System component

Manages the resources in a Kubernetes cluster.

Cloud Controller Manager

System component

Enables integration between Kubernetes and Alibaba Cloud basic services, such as Classic Load Balancer (CLB) and Virtual Private Cloud (VPC).

edge-controller-manager

System component

Provides the node lifecycle management, IP Address Management (IPAM), and network enhancement features.

Application management components

Component

Type

Description

appcenter(discontinued)

Optional component

Allows you to manage the deployments and lifecycles of applications in different clusters in a centralized manner.

OpenKruise

Optional component

Provides image distribution and allows you to manage application containers and sidecar containers in an efficient manner.

ack-helm-manager

Optional component

Allows you to manage custom components.

Logs and monitoring components

Component

Type

Description

alicloud-monitor-controller

System component

Enables integration with CloudMonitor.

metrics-server

System component

This component is developed based on the open source component Metrics Server and can collect resource metrics. This component also provides the Metrics API for data consumption and supports Horizontal Pod Autoscaler (HPA).

ack-node-problem-detector

Optional component

This component is developed based on the open source component Node Problem Detector (NPD), and can monitor the health of nodes and connect to third-party monitoring platforms.

ack-node-repairer

Optional component

The auto repair feature of ACK can listen for node exceptions and can automatically identify and fix node exceptions.

ags-metrics-collector

Optional component

Allows Alibaba Cloud Genomics Service (AGS) users to monitor the resources that are used by each node in AGS workflows.

ack-arms-prometheus

Optional component

Monitors ACK clusters by using Managed Service for Prometheus.

logtail-ds

Optional component

Collects container logs by using Simple Log Service.

logtail-windows

Optional component

Collects log data from Windows containers and sends the data to Simple Log Service.

ack-cost-exporter

Optional component

Allows you to process the data generated by the cost analysis feature.

Storage components

Component

Type

Description

csi-plugin

Optional component

Allows you to mount and unmount volumes.

This component is automatically installed if you select the Container Storage Interface (CSI) plug-in when you create ACK clusters.

csi-provisioner

Optional component

Allows you to automate volume provisioning.

This component is automatically installed if you select the CSI plug-in when you create ACK clusters.

storage-operator

Optional component

Manages the lifecycle of storage components.

alicloud-disk-controller

Optional component

Allows you to automate the provisioning of disk volumes.

Flexvolume (Deprecated)

Optional component

An open source component developed at an early stage to enable volume expansion. The FlexVolume component is used to mount and unmount volumes.

This component is automatically installed if you select the FlexVolume plug-in when you create ACK clusters.

csi-local-plugin

Optional component

This component is developed on top of the CSI plug-in of Kubernetes and allows you to manage on-premises storage resources by using Logical Volume Manager (LVM). You can create, delete, mount, and unmount on-premises volumes by using persistent volumes (PVs) and persistent volume claims (PVCs).

node-resource-manager

Optional component

Automates the management of computing and storage resources of nodes, and allows you to manage storage resources by using LVM.

Networking components

Component

Type

Description

CoreDNS

System component

The default component that is used to implement DNS-based service discovery in ACK clusters. This component follows the specifications of DNS-based service discovery in Kubernetes.

Nginx Ingress Controller

System component

Parses the routing rules of the Ingresses in ACK clusters. After an Ingress controller receives a request that matches a routing rule, the request is routed to the backend Service.

managed-kube-proxy-windows

System component

A containerized kube-proxy used by ACK managed clusters. This component manages the endpoints of services on Windows nodes, including internal endpoints and external endpoints.

Terway

Optional component

An open source Container Network Interface (CNI) plug-in developed by Alibaba Cloud. This component is used together with VPC and allows you to use standard Kubernetes network policies to regulate how containers communicate with each other. You can use Terway to establish network connections within a Kubernetes cluster.

This component is automatically installed if you select the Terway plug-in when you create ACK clusters.

Flannel

Optional component

A CNI plug-in that allows you to create a virtual network for containers based on VPC.

This component is automatically installed if you select the Flannel plug-in when you create ACK clusters.

ACK NodeLocal DNSCache

Optional component

A local DNS caching solution developed based on the open source NodeLocal DNSCache project.

kube-flannel-ds-windows

Optional component

A container network plug-in used in ACK managed clusters to create l2bridge networks that connect Windows containers.

ALB Ingress Controller

Optional component

The Application Load Balancer (ALB) Ingress controller is compatible with NGINX Ingresses and provides powerful traffic management capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and the HTTP, HTTPS, and Quick UDP Internet Connection (QUIC) protocols. These features meet the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7.

Gateway API

System component

Gateway API is a collection of resources that model service networking in Kubernetes. Gateway API aims to build an expressive, extensible, and role-oriented service networking model.

Security components

Component

Type

Description

aliyun-acr-credential-helper

System component

Allows you to pull private images without passwords from instances of Container Registry Enterprise Edition and Personal Edition.

gatekeeper

Optional component

Helps you manage and use the policies executed by Open Policy Agent (OPA) in ACK clusters and allows you to manage the labels of namespaces.

kritis-validation-hook

Optional component

A key component that is used to verify image signatures.

security-inspector

Optional component

A key component that is used to perform security inspections.

ack-kubernetes-webhook-injector

Optional component

Allows you to dynamically add pod IP addresses to or remove pod IP addresses from the whitelists of various Alibaba Cloud services. This frees you from manual operations.

policy-template-controller

Optional component

A key component that is used to manage pod security policies.

Edge computing components

Component

Type

Description

edge-hub

System component

The proxy for traffic distribution between the components that are deployed on edge nodes and the kube-apiserver component that is deployed in the cloud. This component can run in Edge mode or Cloud mode.

edge-tunnel

System component

edge-tunnel can establish reverse tunnels, which are commonly used to enable communication between different networks.

Other components

Component

Type

Description

ack-arena

Optional component

Simplifies the installation of the open source Arena tool and allows you to install Arena in the ACK console in an efficient manner.

ack-kubernetes-cronhpa-controller

Optional component

Allows you to scale workloads based on a schedule.

ACK Virtual Node

Optional component

This component is developed based on the open source Virtual Kubelet project and adds support for Aliyun Provider. A lot of improvements are made to this component to enable seamless integration between Kubernetes and Elastic Container Instance.

sgx-device-plugin

Optional component

A Kubernetes device plug-in developed by ACK and Ant Group. This component simplifies the use of Intel (R) Software Guard Extensions (SGX) in containers.

Intel SGX AESM

Optional component

Intel (R) SGX Architectural Enclave Service Manager (AESM) is a system component of Intel SGX. This component provides launch support for SGX Enclave, and services such as key provisioning and remote attestation.

sandboxed-container-controller

Optional component

A controller component that is provided by the Sandboxed-Container runtime to enhance and extend the basic features of sandboxed containers.

sandboxed-container-helper

Optional component

Allows you to perform health checks and O&M operations on sandboxed containers.

yurt-app-manager

System component

Provides cell-based management at the edge for ACK Edge clusters.

migrate-controller

Optional component

This component is developed based on the open source Velero project and allows you to migrate Kubernetes applications.

aliyun-acr-acceleration-suite

Optional component

A client plug-in that enables on-demand image loading. This component is deployed as a DaemonSet on worker nodes.

managed-kube-proxy-windows

Optional component

A containerized kube-proxy used by ACK managed clusters. This component manages the endpoints of services on Windows nodes, including internal endpoints and external endpoints.

resource-controller

Optional component

A key component that is used to dynamically schedule pods. If you want to enable topology-aware CPU scheduling for ACK Pro clusters, this component is required.

directx-device-plugin-windows

Optional component

A DirectX device plug-in for ACK clusters. directx-device-plugin-windows enables GPU acceleration based on DirectX for Windows containers that are deployed on GPU-accelerated virtualization instances.

ack-cluster-agent

System component

A component that is deployed in an external cluster after you register the cluster to ACK. This component is used to establish channels for communication between the external cluster and the components of the ACK control plane.

ack-koordinator (FKA ack-slo-manager)

Optional component

A key component that is used by ACK to support service level objective (SLO)-aware workload scheduling. This component improves resource utilization and ensures the performance of your applications.