Container Service for Kubernetes (ACK) provides various types of components. You can install, upgrade, or uninstall components based on your business requirements. The topic lists the cluster components that are managed by ACK based on their features.

Component types

The cluster components managed by ACK are classified into system components and optional components.
  • System components are automatically installed when you create ACK clusters.
  • Optional components extend the features of clusters. You can choose to install optional components when you create ACK clusters.

Core components

Component Type Description
Kube API Server System component The access gateway to a Kubernetes cluster.
Kube Controller Manager System component Manages the resources in a Kubernetes cluster.
Cloud Controller Manager System component Enables integration between Kubernetes and Alibaba Cloud fundamentals, such as Classic Load Balancer (CLB) and Virtual Private Cloud (VPC).

Application management

Component Type Description
appcenter Optional component Allows you to manage application deployments and lifecycles for multiple clusters in a centralized manner.
progressive-delivery-tool Optional component Allows canary releases of applications in a progressive manner.

Logging and monitoring

Component Type Description
alicloud-monitor-controller System component Enables integration with CloudMonitor.
metrics-server System component This component is developed based on the open source component Metrics Server and can collect resource metrics. This component also provides the Metrics API for data consumption and supports Horizontal Pod Autoscaler (HPA).
ack-node-problem-detector Optional component This component is developed based on the open source component Node Problem Detector (NPD), and can monitor the health of nodes and connect to third-party monitoring platforms.
ags-metrics-collector Optional component Allows Alibaba Cloud Genomics Service (AGS) users to monitor the resources that are used by each node in AGS workflows.
ack-arms-prometheus Optional component Monitors ACK clusters by using Application Real-Time Monitoring Service (ARMS) Prometheus.
logtail-ds Optional component Collects container logs by using Log Service.
logtail-windows Optional component Collects log data from Windows containers and sends the data to Log Service.

Storage

Component Type Description
csi-plugin Optional component Allows you to mount and unmount volumes.

This component is automatically installed if you select the CSI plug-in when you create ACK clusters.

csi-provisioner Optional component Allows you to automate volume provisioning.

This component is automatically installed if you select the CSI plug-in when you create ACK clusters.

storage-operator Optional component Manages the lifecycle of storage components.
alicloud-disk-controller Optional component Allows you to automate the provisioning of disk volumes.
FlexVolume Optional component An open source component developed at an early stage to enable volume expansion. The FlexVolume component is used to mount and unmount volumes.

This component is automatically installed if you select the FlexVolume plug-in when you create ACK clusters.

Networking

Component Type Description
CoreDNS System component The default component that is used to implement DNS-based service discovery in ACK clusters. This component follows the specifications of DNS-based service discovery in Kubernetes.
Nginx Ingress Controller System component Parses the routing rules of the Ingresses in ACK clusters. After an Ingress controller receives a request that matches a routing rule, the request is routed to the backend Service.
managed-kube-proxy-windows System component A containerized kube-proxy used by managed Kubernetes clusters. This component manages the endpoints of Services on Windows nodes, including internal endpoints and external endpoints.
Terway Optional component An open source Container Network Interface (CNI) plug-in developed by Alibaba Cloud. This component is used together with VPC and allows you to use standard Kubernetes network policies to regulate how containers communicate with each other. Terway allows you to set up network connectivity within a Kubernetes cluster.

This component is automatically installed if you select the Terway plug-in when you create ACK clusters.

Flannel Optional component A CNI plug-in that allows you to create a virtual network for containers based on VPC.

This component is automatically installed if you select the Flannel plug-in when you create ACK clusters.

ACK NodeLocal DNSCache Optional component A local DNS caching solution developed based on the open source NodeLocal DNSCache project.
kube-flannel-ds-windows Optional component A container network plug-in used in managed Kubernetes clusters to set up l2bridge networks that connect Windows containers.

Security

Component Type Description
aliyun-acr-credential-helper System component Allows you to pull private images without passwords from instances of Container Registry Enterprise Edition and Personal Edition.
gatekeeper Optional component Helps you manage and enforce the policies executed by Open Policy Agent (OPA) in ACK clusters. Allows you to manage the labels of namespaces.
kritis-validation-hook Optional component A key component that is used to verify image signatures.
security-inspector Optional component A key component that is used to perform security inspections.
ack-kubernetes-webhook-injector Optional component Allows you to dynamically add pod IP addresses to or remove pod IP addresses from the whitelists of various Alibaba Cloud services. This frees you from manual operations.

Other components

Component Type Description
ack-arena Optional component Simplifies the installation of the open source Arena tool. Allows you to install Arena in the ACK console in an efficient manner.
ack-cost-exporter Optional component Allows you to process the data generated from the cost analysis feature.
ack-kubernetes-cronhpa-controller Optional component Allows you to scale workloads based on a schedule.
ack-virtual-node Optional component This component is developed based on the open source Virtual Kubelet project and adds support for Aliyun Provider. A lot of improvements are made to this component to enable seamless integration between Kubernetes and Elastic Container Instance.
Intel SGX AESM Optional component Intel (R) Software Guard Extensions (SGX) Architectural Enclave Service Manager (AESM) is a system component of Intel SGX. This component provides launch support for SGX Enclave, and services such as key provisioning and remote attestation.
aliyun-acr-acceleration-suite Optional component A client plug-in that enables on-demand image loading. This component is deployed as a DaemonSet on worker nodes.
migrate-controller Optional component This component is developed based on the open source Velero project and allows you to migrate Kubernetes applications.
resource-controller Optional component A key component that is used to dynamically schedule pods. If you want to enable topology-aware CPU scheduling for professional Kubernetes clusters, this component is required.
sandboxed-container-controller Optional component A controller component that is provided by the Sandboxed-Container runtime to enhance and extend the basic features of sandboxed containers.
sandboxed-container-helper Optional component Allows you to perform health checks and O&M operations on sandboxed containers.
sgx-device-plugin Optional component A Kubernetes device plug-in developed by ACK and Ant Financial. This component simplifies the use of Intel (R) Software Guard Extensions (SGX) in containers.
directx-device-plugin-windows Optional component A DirectX device plug-in for ACK clusters.