Container Service for Kubernetes (ACK) provides various types of components. You can install, upgrade, or uninstall components based on your business requirements. The topic describes the cluster components that are managed by ACK based on their features.
Component types
The cluster components managed by ACK are classified into system components and optional components.
System components are automatically installed when you create ACK clusters.
Optional components extend the features of clusters. You can install optional components when you create ACK clusters.
Key components
Component | Type | Description |
System component | Serves as the access gateway to a Kubernetes cluster. | |
System component | Manages the resources in a Kubernetes cluster. | |
System component | Enables integration between Kubernetes and Alibaba Cloud basic services, such as Classic Load Balancer (CLB) and Virtual Private Cloud (VPC). | |
System component | Provides the node lifecycle management, IP Address Management (IPAM), and network enhancement features. |
Application management components
Component | Type | Description |
Optional component | Allows you to manage the deployments and lifecycles of applications in different clusters in a centralized manner. | |
Optional component | Provides image distribution and allows you to manage application containers and sidecar containers in an efficient manner. | |
Optional component | Allows you to manage custom components. |
Logs and monitoring components
Component | Type | Description |
System component | Enables integration with CloudMonitor. | |
System component | This component is developed based on the open source component Metrics Server and can collect resource metrics. This component also provides the Metrics API for data consumption and supports Horizontal Pod Autoscaler (HPA). | |
Optional component | This component is developed based on the open source component Node Problem Detector (NPD), and can monitor the health of nodes and connect to third-party monitoring platforms. | |
Optional component | The auto repair feature of ACK can listen for node exceptions and can automatically identify and fix node exceptions. | |
Optional component | Allows Alibaba Cloud Genomics Service (AGS) users to monitor the resources that are used by each node in AGS workflows. | |
Optional component | Monitors ACK clusters by using Managed Service for Prometheus. | |
Optional component | Collects container logs by using Simple Log Service. | |
Optional component | Collects log data from Windows containers and sends the data to Simple Log Service. | |
Optional component | Allows you to process the data generated by the cost analysis feature. |
Storage components
Component | Type | Description |
Optional component | Allows you to mount and unmount volumes. This component is automatically installed if you select the Container Storage Interface (CSI) plug-in when you create ACK clusters. | |
Optional component | Allows you to automate volume provisioning. This component is automatically installed if you select the CSI plug-in when you create ACK clusters. | |
Optional component | Manages the lifecycle of storage components. | |
Optional component | Allows you to automate the provisioning of disk volumes. | |
Optional component | An open source component developed at an early stage to enable volume expansion. The FlexVolume component is used to mount and unmount volumes. This component is automatically installed if you select the FlexVolume plug-in when you create ACK clusters. | |
Optional component | This component is developed on top of the CSI plug-in of Kubernetes and allows you to manage on-premises storage resources by using Logical Volume Manager (LVM). You can create, delete, mount, and unmount on-premises volumes by using persistent volumes (PVs) and persistent volume claims (PVCs). | |
Optional component | Automates the management of computing and storage resources of nodes, and allows you to manage storage resources by using LVM. |
Networking components
Component | Type | Description |
System component | The default component that is used to implement DNS-based service discovery in ACK clusters. This component follows the specifications of DNS-based service discovery in Kubernetes. | |
System component | Parses the routing rules of the Ingresses in ACK clusters. After an Ingress controller receives a request that matches a routing rule, the request is routed to the backend Service. | |
System component | A containerized kube-proxy used by ACK managed clusters. This component manages the endpoints of services on Windows nodes, including internal endpoints and external endpoints. | |
Optional component | An open source Container Network Interface (CNI) plug-in developed by Alibaba Cloud. This component is used together with VPC and allows you to use standard Kubernetes network policies to regulate how containers communicate with each other. You can use Terway to establish network connections within a Kubernetes cluster. This component is automatically installed if you select the Terway plug-in when you create ACK clusters. | |
Optional component | A CNI plug-in that allows you to create a virtual network for containers based on VPC. This component is automatically installed if you select the Flannel plug-in when you create ACK clusters. | |
Optional component | A local DNS caching solution developed based on the open source NodeLocal DNSCache project. | |
Optional component | A container network plug-in used in ACK managed clusters to create l2bridge networks that connect Windows containers. | |
Optional component | The Application Load Balancer (ALB) Ingress controller is compatible with NGINX Ingresses and provides powerful traffic management capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and the HTTP, HTTPS, and Quick UDP Internet Connection (QUIC) protocols. These features meet the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. | |
System component | Gateway API is a collection of resources that model service networking in Kubernetes. Gateway API aims to build an expressive, extensible, and role-oriented service networking model. |
Security components
Component | Type | Description |
System component | Allows you to pull private images without passwords from instances of Container Registry Enterprise Edition and Personal Edition. | |
Optional component | Helps you manage and use the policies executed by Open Policy Agent (OPA) in ACK clusters and allows you to manage the labels of namespaces. | |
Optional component | A key component that is used to verify image signatures. | |
Optional component | A key component that is used to perform security inspections. | |
Optional component | Allows you to dynamically add pod IP addresses to or remove pod IP addresses from the whitelists of various Alibaba Cloud services. This frees you from manual operations. | |
Optional component | A key component that is used to manage pod security policies. |
Edge computing components
Component | Type | Description |
System component | The proxy for traffic distribution between the components that are deployed on edge nodes and the kube-apiserver component that is deployed in the cloud. This component can run in Edge mode or Cloud mode. | |
System component | edge-tunnel can establish reverse tunnels, which are commonly used to enable communication between different networks. |
Other components
Component | Type | Description |
Optional component | Simplifies the installation of the open source Arena tool and allows you to install Arena in the ACK console in an efficient manner. | |
Optional component | Allows you to scale workloads based on a schedule. | |
Optional component | This component is developed based on the open source Virtual Kubelet project and adds support for Aliyun Provider. A lot of improvements are made to this component to enable seamless integration between Kubernetes and Elastic Container Instance. | |
Optional component | A Kubernetes device plug-in developed by ACK and Ant Group. This component simplifies the use of Intel (R) Software Guard Extensions (SGX) in containers. | |
Optional component | Intel (R) SGX Architectural Enclave Service Manager (AESM) is a system component of Intel SGX. This component provides launch support for SGX Enclave, and services such as key provisioning and remote attestation. | |
Optional component | A controller component that is provided by the Sandboxed-Container runtime to enhance and extend the basic features of sandboxed containers. | |
Optional component | Allows you to perform health checks and O&M operations on sandboxed containers. | |
System component | Provides cell-based management at the edge for ACK Edge clusters. | |
Optional component | This component is developed based on the open source Velero project and allows you to migrate Kubernetes applications. | |
Optional component | A client plug-in that enables on-demand image loading. This component is deployed as a DaemonSet on worker nodes. | |
Optional component | A containerized kube-proxy used by ACK managed clusters. This component manages the endpoints of services on Windows nodes, including internal endpoints and external endpoints. | |
Optional component | A key component that is used to dynamically schedule pods. If you want to enable topology-aware CPU scheduling for ACK Pro clusters, this component is required. | |
Optional component | A DirectX device plug-in for ACK clusters. directx-device-plugin-windows enables GPU acceleration based on DirectX for Windows containers that are deployed on GPU-accelerated virtualization instances. | |
System component | A component that is deployed in an external cluster after you register the cluster to ACK. This component is used to establish channels for communication between the external cluster and the components of the ACK control plane. | |
Optional component | A key component that is used by ACK to support service level objective (SLO)-aware workload scheduling. This component improves resource utilization and ensures the performance of your applications. |