Alibaba Cloud Container Service October technical updates

Container Service ACK

[K8s version]

GA: ACK launched the upgraded version K8s1.20.11. The Kubernetes community has released a security vulnerability CVE-2021-25741, which allows attackers to use soft links to mount directories with specified subPath configuration in containers and escape to host sensitive directories. The container service ACK introduces the upgraded version K8s1.20.11.

[Container Network]

Feature: The container service ALB Ingress is online. ALB Ingress provides a more powerful Ingress traffic management method based on Alibaba Cloud's application load balancer (ALB). It is compatible with Nginx Ingress, and has the ability to handle complex business routes and certificate automatic discovery. It supports HTTP, HTTPS and QUIC protocols, and fully meets the requirements for ultra-strong elasticity and large-scale seven-layer traffic processing capability in cloud native application scenarios.

[Container safety]

Feature: supports cluster role management. The container service supports the management of cluster roles in the way of console, supports the life cycle management of roles, and provides users with better cluster operation and maintenance management capabilities.


Feature: The cluster topology function integrates the monitoring capability of ARMS Kubernetes. The container service cluster topology function is enhanced, integrating the cluster network topology function in the ARMS Kubernetes monitoring, and supporting the view of the network topology of the service and Workload under the cluster, as well as the network topology between various resources and cloud services.

Cost Management

Feature: Cost analysis supports the application perspective. Provide application dimension expense trend, correlation analysis, and application cost optimization suggestions and strategies.

[Safe operation]

CVE-2021-41103: This vulnerability is due to the defect of Containerd. When the container root directory and some system plug-ins lack the necessary permission constraints, it can make a non-privileged host Linux user have the authority to traverse the container file system and execute the target program. CVE-2021-25742: The attacker can create or modify the Ingress instance in the cluster through the customized Snippets feature, so as to obtain all the Secret instance information in the cluster,

Container Service ASK

GA: The container service ASK Pro was launched in the public beta. The ASK Pro cluster is based on the original ASK standard cluster, which further enhances the reliability and security of the cluster, and supports the SLA of compensation standards. It is suitable for enterprise customers with large-scale business in the production environment and high requirements for stability and security. It has been launched in the public beta.

Container Mirroring Service ACR

Feature: The built-in scanning engine of the enterprise version has been upgraded, and the size and scanning accuracy of the vulnerability database have been greatly improved.

Feature: supports the global synchronization of image signature metadata in the Digest signature minimalist mode by default.

Edge container ACK@Edge

Feature: edgehub released a new version of 0.9.3, which supports the use of InClusterConfig's business Pod to run in an edge environment with zero modification.

Cloud native AI

Feature: Cloud native AI suite function update:

○ Cloud native AI suite administrator operation and maintenance guide is released.

○ Support model management.

○ Support model evaluation.

○ The cloud native AI suite console supports the login of non-Alibaba Cloud users.

○ Fluid adds observability to JindoRuntime and interfaces with Prometheous. View details

Service Grid ASM

Feature: It supports accessing the Istio resource object on the managed side through the Kubernetes API of the data plane cluster. Users can use the kubeconfig of the data plane cluster to install, update and uninstall the Helm application containing the Istio resource object. For details, see

Feature: It supports cross-region traffic distribution and failover functions, and can achieve multi-region load balancing and cross-region disaster tolerance. When the service in one region fails, the traffic can be transferred to other regions. See details

Feature: Support the ability of log collection, view and alarm on the control plane. Users can use the default or existing log service Project to view the details

Feature: support progressive grayscale publishing of applications in combination with KubeVela, see details

Feature: ASM gateway creates page optimization and enables syntax check to ensure the correctness of IstioGateway definition. The Professional Edition supports defining HPA through CPU and Memory indicators.

Feature: The console integrates ARMS Prometheus monitoring, and can view the traffic details of data plane service and Workload.

Feature: supports version management of Istio resources. Users can roll back the version of Istio resources as required.

Related Articles

Explore More Special Offers

  1. Short Message Service(SMS) & Mail Service

    50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00

phone Contact Us