ACK clusters overview - Container Service for Kubernetes

Container Service for Kubernetes (ACK) offers multiple cluster types with distinct features, O&M requirements, and compensation standards to meet your business needs. This topic provides a comparison to help you choose the cluster type that best fits your business needs.

Cluster types

Based on whether the cluster control plane is managed, ACK supports two types of clusters:

ACK managed clusters: Alibaba Cloud fully hosts and maintains the control plane of the managed clusters. The managed version is available in two editions: ACK Pro clusters and ACK Basic clusters, which differ in control plane availability assurance and advanced custom features.
ACK dedicated clusters: You are responsible for creating and maintaining the control plane of the dedicated clusters.
Important
The option of creating new ACK dedicated clusters is no longer available. For more information, see [Product announcement] Creation of new ACK dedicated clusters discontinued.

The following table describes the differences among the cluster types:

Item	ACK managed cluster		ACK dedicated cluster
	ACK Pro cluster	ACK Basic cluster
Cluster size	Each account can manage up to 100 clusters. By default, each cluster can support a maximum of 5,000 worker nodes. To increase this limit, you can request a quota increase in the quota center.	Each account can manage up to two clusters. By default, each cluster can support a maximum of 10 worker nodes. Quota increases are not available.	Each account can manage up to 100 clusters. By default, each cluster can support a maximum of 5,000 worker nodes. To increase this limit, you can request a quota increase in the quota center.
Management scope	Alibaba Cloud hosts and maintains the cluster control plane, while you are responsible for managing the worker nodes.		You are responsible for maintaining both the master and worker nodes, because the control plane is not managed by Alibaba Cloud.
Scenarios	Production and testing environments Cost reduction requirements Focus on application development with reduced cluster maintenance effort	Limited cluster size and non-critical control plane availability, such as personal learning and testing	Scenarios where cost is not a primary concern and Kubernetes skills are available for independent planning, management, and maintenance of clusters Appropriate for research and deep customization needs, including custom control plane (master node) requirements
Billing methods	You are charged for cluster management based on the number of clusters. You are also charged for Alibaba Cloud services used by worker nodes and some components, such as Simple Log Service (SLS).	Cluster management is free of charge. However, you are charged for Alibaba Cloud services used by worker nodes and some components, such as SLS.	Cluster management is free of charge. However, you are charged for Alibaba Cloud services used by control planes, worker nodes, and some components, such as SLS.
SLA	Region-level clusters guarantee a Service-Level Agreement (SLA) for service availability of 99.95%, while zone-level clusters offer a 99.5% SLA. For more information, see Container Service for Kubernetes Service Level Agreement.	No SLA is provided.

Advantages of ACK Pro clusters

The following table compares the capabilities of ACK Pro clusters and ACK Basic clusters.

Note

The following table uses icons to indicate feature support: indicates supported features, while indicates features that are not supported.

Feature	ACK Pro cluster	ACK Basic cluster
Customize control plane component parameters
Metrics of kube-apiserver
High-frequency cold and hot backups, and geo-disaster recovery of etcd
Metrics of etcd
Gang scheduling policy
Topology-aware CPU scheduling
Topology-aware GPU scheduling
Shared GPU Professional Edition
Support of encrypting Secrets with KMS
Managed node pools

Hot migration

Both ACK Basic clusters and ACK dedicated clusters support hot migration to ACK Pro clusters. For more information, see the following topics:

Features

Feature	Description
Cluster management	Cluster creation: You can create various types of clusters based on your business requirements. ACK allows you to customize cluster configurations and select Elastic Compute Service (ECS) instances of different types as worker nodes. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster. Cluster upgrade: You can upgrade the Kubernetes version of your clusters either manually or automatically. ACK allows you to update your system components in a centralized manner. For more information, see Manually upgrade an ACK cluster and Automatically upgrade a cluster. Auto scaling: You can vertically scale your clusters directly in the console to respond to unexpected business fluctuations. You can also configure service-level affinity rules and horizontal scaling settings for your business. Scheduling: ACK supports hybrid scheduling of different elastic resources, fine-grained scheduling of heterogeneous resources, and scheduling of batch computing tasks. This helps improve the performance of applications and the overall resource utilization for clusters. Multi-cluster management: You can register clusters that are deployed in data centers and clusters in multiple clouds or regions in a centralized manner. Permission management: ACK integrates Resource Access Management (RAM) and role-based access control (RBAC) for permission management.
Nodes and node pools	You can manage the lifecycle of node pools. You can configure different specifications for node pools in a cluster, such as vSwitches, runtimes, operating systems, and security groups. For more information, see Node and Node pool overview.
Application management	Application creation: You can create various types of applications from images or templates. ACK allows you to customize application configurations, such as environment variables, health checks, disk mounting, and logging. Lifecycle management: You can use ACK to manage the lifecycle of applications. For example, you can view, update, replace, and delete applications, roll back application versions, view application events, perform rolling updates, and use triggers to redeploy applications. Pod scheduling: ACK supports pod scheduling based on pod affinity, node affinity, and pod anti-affinity. Pod scaling: You can manually scale pods or automate pod scaling by using the Horizontal Pod Autoscaler (HPA). Application release: ACK supports canary releases and blue-green deployments. You can use these features to better manage the application release lifecycle. Application catalog: ACK provides the application catalog feature to facilitate application deployment and cloud service integration. Application Center: The Application Center provides a unified management panel for you to deploy your applications and monitor the topology of your applications. You can use the Application Center to implement unified version management and rollback in continuous deployment scenarios. Application backup and recovery: You can back up and restore applications from backup data. For more information, see Back up and restore applications in an ACK cluster.
Storage	The Container Storage Interface (CSI) plug-in is supported. For more information, see CSI overview. Operations on volumes and persistent volume claims (PVCs) You can create block storage volumes, File Storage NAS volumes, and Object Storage Service (OSS) volumes. You can mount a volume to a PVC. You can dynamically create and migrate volumes. You can view and update volumes and PVCs by running scripts.
Network	You can create container networks by using the Flannel or Terway plug-ins. For more information, see Network overview. You can specify CIDR blocks for services and pods. You can use the network policy feature of ACK to control access to specific applications. For more information, see Use network policies in ACK clusters. You can use ingresses for traffic routing. For more information, see Ingress management. You can implement DNS-based service discovery. For more information, see DNS overview.
Auto scaling	Automatically scale computing resources to meet business requirements and reduce costs: Workload scaling (scheduling layer elasticity): scale workloads to adjust resource scheduling. Node scaling (resource layer elasticity): scale out nodes when the cluster capacity cannot fulfill the cluster scheduling requirements. For more information, see Auto Scaling Overview.
Scheduling	ACK provides various scheduling policies that target different types of workloads, such as job scheduling, QoS-aware scheduling, and descheduling. These scheduling policies can improve application performance and resource utilization. For more information, see Scheduling overview.
O&M and security	Observability: Monitoring: ACK integrates Managed Service for Prometheus to monitor clusters, nodes, applications, and pods. Logging: ACK integrates Simple Log Service to collect and store logs of clusters and containers. Alerting: ACK supports alerting based on cluster events and container metrics. For more information, see Alert management. Cluster inspections and diagnostics Cluster check: You can use this feature to check whether your ACK cluster meets the requirements before you perform an operation such as upgrading or migrating a cluster. Cluster inspection: You can use this feature to view the status of ACK clusters and identify potential risks in the clusters, such as insufficient quotas of cloud resources or high usage of key resources in ACK clusters. Based on the recommended solutions, you can then troubleshoot the risks and fix the issues. Cluster diagnostics: You can use this feature to diagnose nodes, pods, Services, Ingresses, memory, and networks with a few clicks to identify issues in your ACK clusters. Cost analysis: ACK visualizes the resource usage and cost distribution of your clusters and improves resource utilization. Security center: ACK actively inspects your applications for security risks and provides security policies for runtime monitoring and alerting. Sandboxed-Container: Sandboxed-Container is a container runtime developed by ACK to enhance container security. You can use Sandboxed-Container to run an application in a sandboxed and lightweight VM, which has a dedicated kernel. Sandboxed-Container is suitable for isolating untrusted applications, unhealthy applications, low-performance applications, and workloads among users. TEE-based confidential computing: ACK provides a cloud-native, all-in-one solution for confidential computing based on Intel Software Guard Extensions (Intel SGX). This solution ensures data security, integrity, and confidentiality when you develop, manage, and deliver trusted applications and confidential computing tasks. The confidential computing capabilities provided by ACK allow you to isolate sensitive data and code by using a trusted execution environment.
Heterogeneous resources	GPUs: GPU-accelerated instances can serve as worker nodes. In addition, GPU scheduling, GPU monitoring, GPU scaling, and GPU O&M are supported. For more information, see Create a GPU Cluster. GPU sharing: You can use a GPU sharing framework to run multiple containers on the same GPU-accelerated node in a cluster deployed on the cloud or in a data center. For more information, see Shared GPU Scheduling Overview. Cloud-native AI: The cloud-native AI suite provides cloud-native AI computing capabilities and supports orchestration and management of data computing jobs. For more information, see Overview of the cloud-native AI suite.
Developer Tools	API CLI SDK Terraform