Container Service for Kubernetes (ACK) provides various types of components for application management, logging, monitoring, and networking. These components facilitate cluster management and maintenance. Some components are automatically upgraded by ACK, while some components require manual upgrades. When you manually upgrade a component, you can configure fine-grained upgrade rules. This topic lists the components provided by ACK and describes how to install, upgrade, and uninstall the components.
Prerequisite
Procedure
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose .
On the Add-ons page, search for the component that you want to manage. After the component is displayed, you can install, upgrade, or uninstall the component. You can also modify the parameters of the component.
To ensure the stability of control plane components, only ACK Pro clusters, ACK Serverless Pro clusters, ACK Edge Pro clusters, and ACK Lingjun clusters allow you to customize the parameters of control plane components. For more information about the parameters that can be customized, see Default parameters. The parameters displayed in the ACK console shall prevail.
Introduction
Types
The components provided by ACK can be classified into the following types:
System component: the components that are automatically installed when you create ACK clusters.
Optional component: the components that you can select for installation when you create ACK clusters. You can use optional components to extend the capabilities of ACK clusters.
Key components
Component | Type | Description |
Component | Type | Description |
System component | A control plane component that schedules pods to nodes based on the resource utilization of nodes and the scheduling requirements of the pods. | |
System component | Provides features to manage load balancing for cross-node communication and allows you to integrate Kubernetes with Alibaba Cloud services, such as Classic Load Balancer (CLB), Network Load Balancer (NLB), and Virtual Private Cloud (VPC). | |
System component | Serves as the access gateway to a Kubernetes cluster. | |
System component | Manages the resources in a Kubernetes cluster. | |
Optional component | This component is developed based on the open source Virtual Kubelet project and adds support for Aliyun Provider. Improvements are made to this component to enable seamless integration between Kubernetes, Alibaba Cloud Container Compute Service (ACS), and Elastic Container Instance. |
Application management components
Component | Type | Description |
Component | Type | Description |
Optional component | Allows you to manage the deployments and lifecycles of applications in different clusters in a centralized manner. You can use the application distribution feature provided by Distributed Cloud Container Platform for Kubernetes (ACK One) to deploy an application to multiple clusters. | |
Optional component | Provides image distribution and allows you to manage application containers and sidecar containers in an efficient manner. | |
Optional component | This component is developed based on open-source Velero and used to back up and migrate applications and persistent volumes (PVs) in Kubernetes clusters. |
Logging and monitoring components
Component | Type | Description |
Component | Type | Description |
System component | Enables integration with CloudMonitor. | |
System component | This component is developed based on the open source component Metrics Server and can collect resource metrics. This component also provides the Metrics API for data consumption and supports Horizontal Pod Autoscaler (HPA). | |
Optional component | The data processing component used by the cost analysis feature of ACK. | |
Optional component | This component is developed based on the open source component Node Problem Detector (NPD), and can monitor the health of nodes and connect to third-party monitoring platforms. | |
Optional component | Integrates ACK with Application Real-Time Monitoring Service (ARMS) to enable monitoring for Java, Golang, and Python in containerized environments. | |
Optional component | An operating system kernel-level container monitoring component provided by ACK. | |
Optional component | Uses the ARMS extended Berkeley Packet Filter (eBPF) edition to monitor container deployments in a non-intrusive manner. | |
Optional component | Monitors ACK clusters by using Managed Service for Prometheus. | |
Optional component | Collects container logs by using Simple Log Service. |
Storage components
Component | Type | Description |
Component | Type | Description |
System component | Manages the lifecycle of storage components. | |
Optional component | Allows you to mount and unmount volumes. This component is automatically installed when you create ACK clusters. | |
Optional component | Allows you to automate volume provisioning. This component is automatically installed if you select the Container Storage Interface (CSI) plug-in when you create ACK clusters. | |
Optional component | Allows you to install csi-plugin and FlexVolume in the same cluster. |
Networking components
Component | Type | Description |
Component | Type | Description |
System component | The default component that is used to implement DNS-based service discovery in ACK clusters. This component follows the specifications of DNS-based service discovery in Kubernetes. | |
System component | A collection of resources that model service networking in Kubernetes clusters. The component aims to build an expressive, extensible, and role-oriented service networking model. | |
Optional component | Manages elastic RDMA interfaces (ERIs). | |
Optional component | A local DNS caching solution developed based on the open source NodeLocal DNSCache project. | |
Optional component | The Application Load Balancer (ALB) Ingress controller is compatible with NGINX Ingresses and provides powerful traffic management capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and the HTTP, HTTPS, and Quick UDP Internet Connection (QUIC) protocols. These features meet the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. | |
Optional component | The Microservices Engine (MSE) Ingress controller is developed based on MSE cloud-native gateways and is compatible with NGINX Ingress gateways. The MSE Ingress controller is suitable for microservices scenarios and supports multiple service discovery modes, various authentication methods, and plug-ins and extensions written in multiple languages. The MSE Ingress controller supports canary releases, resource prefetching, and traffic throttling. | |
Optional component | An open source Container Network Interface (CNI) plug-in developed by Alibaba Cloud. Terway uses eBPF to accelerate network traffic and allows you to use Kubernetes network policies to regulate access between containers. You can use Terway to establish network connections within a Kubernetes cluster. You can select Terway when you create ACK clusters. | |
Optional component | A CNI plug-in that allows you to create a virtual network for containers based on VPC. You can use Flannel to establish network connections within a Kubernetes cluster. You can select Flannel when you create ACK clusters. | |
Optional component | Parses the routing rules of the Ingresses in ACK clusters. After an Ingress controller receives a request that matches a routing rule, the request is routed to the backend Service. | |
Optional component | A component provided by ACK to support Kubernetes network policies.
| |
Optional component | Uses sidecar acceleration to reduce network latency for Service Mesh (ASM) instances. | |
Optional component | Built on the open-source project Envoy Gateway, it provides routing services on Kubernetes Layer 4/7, and delivers intelligent load balancing capabilities optimized for large language model (LLM) inference workloads. |
Security components
Component | Type | Description |
Component | Type | Description |
Optional component | ack-advanced-audit is developed based on open source Falco and uses extended Berkeley Packet Filter (eBPF) of the Linux kernel to enable auditing of operations that are performed in containers. This way, you can audit operations performed by organization members or applications in containers. | |
Optional component | Helps you work with the RAM Roles for Service Accounts (RRSA) feature of ACK. The component can automatically inject the OpenID Connect (OIDC) tokens and environment variables that are required to access your application into the pods of your application. This way, you do not need to configure the OIDC tokens and environment variables. | |
Optional component | ack-ram-authenticator is an authentication component for ACK managed clusters. The component can help authenticate requests sent to the API server of an ACK managed cluster by using Kubernetes-native webhook token authentication and RAM. The component allows you to define mappings between RAM identities and role-based access control (RBAC) permissions by using custom resource definitions (CRDs). This helps you verify the RBAC permissions of different RAM identities in a more flexible manner. | |
Optional component | Helps you manage and use the policies executed by Open Policy Agent (OPA) in ACK clusters and allows you to manage the labels of namespaces. | |
Optional component | A key component that is used to verify image signatures. | |
Optional component | aliyun-acr-credential-helper retrieves the required information from the acr-configuration ConfigMap that is created in the kube-system namespace and then pulls private images. The following features are supported:
| |
Optional component | A key component that is used to manage pod security policies. | |
Optional component | A key component that is used to perform security inspections. |
Scaling and scheduling components
Component | Type | Description |
Component | Type | Description |
Optional component | Enables node instant scaling. | |
Optional component | Enables scheduled scaling for applications. | |
Optional component | ack-vertical-pod-autoscaler can monitor the resource consumption mode of pods and provide recommendations on CPU and memory allocation. In addition, it can adjust resource allocation without changing the number of replicated pods. ack-vertical-pod-autoscaler is suitable for stateful applications that require stable resource supply. | |
Optional component | AHPA predicts the number of pods required by an application based on the historical metric data of the application. This helps ACK scale resources for applications at the earliest opportunity. AHPA uses proactive prediction and passive prediction to adjust the number of pods in real time. AHPA also allows you to configure policies to specify the maximum and minimum numbers of pods within a specific time period. | |
Optional component | A key component used to enable service level objective (SLO)-aware scheduling, which can improve resource utilization while ensuring the performance of your applications. |
Other components
Component | Type | Description |
Component | Type | Description |
Optional component | Allows you to manage custom components. | |
Optional component | Argo Workflows is developed based on the Argo Workflows project with enhanced stability and performance. It allows you to deploy large-scale workflows within clusters. Argo Workflows is ideal for standard workflow scenarios, such as machine learning pipelines, autonomous driving simulations, gene sequencing tasks, batch data processing, continuous integration and continuous delivery (CI/CD), and infrastructure automation. | |
Optional component | A client plug-in that enables on-demand image loading and accelerates image loading. The component is deployed as a DaemonSet on worker nodes. | |
Optional component | A controller component that is provided by the Sandboxed-Container runtime. The component is used to enhance and extend the basic features of sandboxed containers. | |
Optional component | A component that performs health checks and O&M operations on sandboxed containers. | |
Optional component | A Kubernetes device plug-in developed by ACK and Ant Financial. The component facilitates the use of Intel (R) Software Guard Extensions (SGX) in containers. |
