Component overview

Container Service for Kubernetes (ACK) provides various types of components. You can install, upgrade, or uninstall components based on your business requirements. The topic describes the cluster components that are managed by ACK based on their features.

Component types

The cluster components managed by ACK are classified into system components and optional components.

System components are automatically installed when you create ACK clusters.
Optional components extend the features of clusters. You can install optional components when you create ACK clusters.

Key components

Component	Type	Description

Component	Type	Description
Kube API Server	System component	Serves as the access gateway to a Kubernetes cluster.
Kube Controller Manager	System component	Manages the resources in a Kubernetes cluster.
Cloud Controller Manager	System component	Enables integration between Kubernetes and Alibaba Cloud basic services, such as Classic Load Balancer (CLB) and Virtual Private Cloud (VPC).
edge-controller-manager	System component	Provides the node lifecycle management, IP Address Management (IPAM), and network enhancement features.

Application management components

Component	Type	Description

Component	Type	Description
appcenter(discontinued)	Optional component	Allows you to manage the deployments and lifecycles of applications in different clusters in a centralized manner.
OpenKruise	Optional component	Provides image distribution and allows you to manage application containers and sidecar containers in an efficient manner.
ack-helm-manager	Optional component	Allows you to manage custom components.

Logs and monitoring components

Component	Type	Description

Component	Type	Description
alicloud-monitor-controller	System component	Enables integration with CloudMonitor.
metrics-server	System component	This component is developed based on the open source component Metrics Server and can collect resource metrics. This component also provides the Metrics API for data consumption and supports Horizontal Pod Autoscaler (HPA).
ack-node-problem-detector	Optional component	This component is developed based on the open source component Node Problem Detector (NPD), and can monitor the health of nodes and connect to third-party monitoring platforms.
ack-node-repairer	Optional component	The auto repair feature of ACK can listen for node exceptions and can automatically identify and fix node exceptions.
ags-metrics-collector	Optional component	Allows Alibaba Cloud Genomics Service (AGS) users to monitor the resources that are used by each node in AGS workflows.
ack-arms-prometheus	Optional component	Monitors ACK clusters by using Managed Service for Prometheus.
logtail-ds	Optional component	Collects container logs by using Simple Log Service.
logtail-windows	Optional component	Collects log data from Windows containers and sends the data to Simple Log Service.
ack-cost-exporter	Optional component	Allows you to process the data generated by the cost analysis feature.

Storage components

Component	Type	Description

Component	Type	Description
csi-plugin	Optional component	Allows you to mount and unmount volumes. This component is automatically installed if you select the Container Storage Interface (CSI) plug-in when you create ACK clusters.
csi-provisioner	Optional component	Allows you to automate volume provisioning. This component is automatically installed if you select the CSI plug-in when you create ACK clusters.
storage-operator	Optional component	Manages the lifecycle of storage components.
alicloud-disk-controller	Optional component	Allows you to automate the provisioning of disk volumes.
Flexvolume (Deprecated)	Optional component	An open source component developed at an early stage to enable volume expansion. The FlexVolume component is used to mount and unmount volumes. This component is automatically installed if you select the FlexVolume plug-in when you create ACK clusters.
csi-local-plugin	Optional component	This component is developed on top of the CSI plug-in of Kubernetes and allows you to manage on-premises storage resources by using Logical Volume Manager (LVM). You can create, delete, mount, and unmount on-premises volumes by using persistent volumes (PVs) and persistent volume claims (PVCs).
node-resource-manager	Optional component	Automates the management of computing and storage resources of nodes, and allows you to manage storage resources by using LVM.

Networking components

Component	Type	Description

Component	Type	Description
CoreDNS	System component	The default component that is used to implement DNS-based service discovery in ACK clusters. This component follows the specifications of DNS-based service discovery in Kubernetes.
Nginx Ingress Controller	System component	Parses the routing rules of the Ingresses in ACK clusters. After an Ingress controller receives a request that matches a routing rule, the request is routed to the backend Service.
managed-kube-proxy-windows	System component	A containerized kube-proxy used by ACK managed clusters. This component manages the endpoints of services on Windows nodes, including internal endpoints and external endpoints.
Terway	Optional component	An open source Container Network Interface (CNI) plug-in developed by Alibaba Cloud. This component is used together with VPC and allows you to use standard Kubernetes network policies to regulate how containers communicate with each other. You can use Terway to establish network connections within a Kubernetes cluster. This component is automatically installed if you select the Terway plug-in when you create ACK clusters.
Flannel	Optional component	A CNI plug-in that allows you to create a virtual network for containers based on VPC. This component is automatically installed if you select the Flannel plug-in when you create ACK clusters.
ACK NodeLocal DNSCache	Optional component	A local DNS caching solution developed based on the open source NodeLocal DNSCache project.
kube-flannel-ds-windows	Optional component	A container network plug-in used in ACK managed clusters to create l2bridge networks that connect Windows containers.
ALB Ingress Controller	Optional component	The Application Load Balancer (ALB) Ingress controller is compatible with NGINX Ingresses and provides powerful traffic management capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and the HTTP, HTTPS, and Quick UDP Internet Connection (QUIC) protocols. These features meet the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7.
Gateway API	System component	Gateway API is a collection of resources that model service networking in Kubernetes. Gateway API aims to build an expressive, extensible, and role-oriented service networking model.

Security components

Component	Type	Description

Component	Type	Description
aliyun-acr-credential-helper	System component	Allows you to pull private images without passwords from instances of Container Registry Enterprise Edition and Personal Edition.
gatekeeper	Optional component	Helps you manage and use the policies executed by Open Policy Agent (OPA) in ACK clusters and allows you to manage the labels of namespaces.
kritis-validation-hook	Optional component	A key component that is used to verify image signatures.
security-inspector	Optional component	A key component that is used to perform security inspections.
ack-kubernetes-webhook-injector	Optional component	Allows you to dynamically add pod IP addresses to or remove pod IP addresses from the whitelists of various Alibaba Cloud services. This frees you from manual operations.
policy-template-controller	Optional component	A key component that is used to manage pod security policies.

Edge computing components

Component	Type	Description

Component	Type	Description
edge-hub	System component	The proxy for traffic distribution between the components that are deployed on edge nodes and the kube-apiserver component that is deployed in the cloud. This component can run in Edge mode or Cloud mode.
edge-tunnel	System component	edge-tunnel can establish reverse tunnels, which are commonly used to enable communication between different networks.

Other components

Component	Type	Description

Component	Type	Description
ack-arena	Optional component	Simplifies the installation of the open source Arena tool and allows you to install Arena in the ACK console in an efficient manner.
ack-kubernetes-cronhpa-controller	Optional component	Allows you to scale workloads based on a schedule.
ACK Virtual Node	Optional component	This component is developed based on the open source Virtual Kubelet project and adds support for Aliyun Provider. A lot of improvements are made to this component to enable seamless integration between Kubernetes and Elastic Container Instance.
sgx-device-plugin	Optional component	A Kubernetes device plug-in developed by ACK and Ant Group. This component simplifies the use of Intel (R) Software Guard Extensions (SGX) in containers.
Intel SGX AESM	Optional component	Intel (R) SGX Architectural Enclave Service Manager (AESM) is a system component of Intel SGX. This component provides launch support for SGX Enclave, and services such as key provisioning and remote attestation.
sandboxed-container-controller	Optional component	A controller component that is provided by the Sandboxed-Container runtime to enhance and extend the basic features of sandboxed containers.
sandboxed-container-helper	Optional component	Allows you to perform health checks and O&M operations on sandboxed containers.
yurt-app-manager	System component	Provides cell-based management at the edge for ACK Edge clusters.
migrate-controller	Optional component	This component is developed based on the open source Velero project and allows you to migrate Kubernetes applications.
aliyun-acr-acceleration-suite	Optional component	A client plug-in that enables on-demand image loading. This component is deployed as a DaemonSet on worker nodes.
managed-kube-proxy-windows	Optional component	A containerized kube-proxy used by ACK managed clusters. This component manages the endpoints of services on Windows nodes, including internal endpoints and external endpoints.
resource-controller	Optional component	A key component that is used to dynamically schedule pods. If you want to enable topology-aware CPU scheduling for ACK Pro clusters, this component is required.
directx-device-plugin-windows	Optional component	A DirectX device plug-in for ACK clusters. directx-device-plugin-windows enables GPU acceleration based on DirectX for Windows containers that are deployed on GPU-accelerated virtualization instances.
ack-cluster-agent	System component	A component that is deployed in an external cluster after you register the cluster to ACK. This component is used to establish channels for communication between the external cluster and the components of the ACK control plane.
ack-koordinator (FKA ack-slo-manager)	Optional component	A key component that is used by ACK to support service level objective (SLO)-aware workload scheduling. This component improves resource utilization and ensures the performance of your applications.

Component types

Key components

Application management components

Logs and monitoring components

Storage components

Networking components

Security components

Edge computing components

Other components

Sales Support

Technical Support

Connect & Report Abuse

About Alibaba Cloud

Our Global Network

Quick Start

Global Offices

Olympic Games Paris 2024 New

Stade Roland Garros – Glitz from the Past New

Place de la Concorde – “Breaking” the Barriers New

Vaires-sur-Marne Nautical Stadium – Sports with Sustainability New

International Broadcast Center – Images, Sounds, and Data that Captivate Billions New

Customer Success Stories New

Trust Center

Security & Compliance Center

Cloud Compliance Resources

Security Compliance FAQs

Product & Feature Update New

Cloud Forward

Press Room

Alibaba Cloud e-Magazine New

Alibaba Cloud in Analyst Research

Notice

Go Global Service New

Go Global Alliance with Alibaba Cloud

China Gateway Hot

Information Compliance

China Gateway - MLPS 2.0 Compliance New

China Gateway - Networking

China Gateway - Global Application Acceleration New

China Gateway - Security

China Gateway - Data Security New

ICP Support Hot

China Gateway - Omnichannel Data Mid-End New

China Gateway - Organizational Data Mid-End New

China Gateway - Business Mid-End New

China Gateway - AI Service for Conversational Chatbots New

China Gateway - Online Education

China Gateway - Domain Registration

Work at Alibaba Cloud

Experienced Professionals

Students and Graduates

Free Trial

Pricing

Promo Center

Price Reduction

Pay Less and Deploy More

FinOps

Elastic Compute Service (ECS)

Simple Application Server (SAS)

Elastic GPU Service

Elastic Desktop Service (EDS)

Object Storage Service (OSS)

Cloud Enterprise Network (CEN)

Web Application Firewall (WAF)

Domain Names

Container Compute Service (ACS)

Secure Access Service Edge (SASE)

Intelligent Media Services(IMS)

Edge Security Acceleration (ESA)(Original DCDN)

Intelligent Media Management

DingTalk Enterprise

YiDA

Alibaba Cloud Model Studio

Apsara Prime - For Easy Cloud Product Selection

Alibaba Cloud ECS - Cater All Your Cloud Hosting Needs

1TB CDN—Get Free 1 TB Outbound Traffic Plan Now

Security—Under Attack? Get Free Security Support

Short Message Service - Free Testing is Available

Elastic Compute Service (ECS) Hot

CloudBox

Compute Nest

Dedicated Host Hot

ECS Bare Metal Instance

Elastic Desktop Service (EDS) Featured

Cloud Phone Beta

Elastic GPU Service Featured

Simple Application Server (SAS) Hot

Auto Scaling

Batch Compute

Elastic High Performance Computing (E-HPC)

Super Computing Cluster (SCC)

Function Compute (FC)