All Products
Search
Document Center

Container Service for Kubernetes:What is ACK Serverless?

Last Updated:Feb 18, 2024

This topic introduces ACK Serverless and describes its benefits, use scenarios, and key features to help you quickly get started with ACK Serverless clusters. This topic also compares ACK Serverless clusters with ACK clusters.

Introduction

ACK Serverless is a serverless container service provided by Alibaba Cloud. ACK Serverless clusters provided by ACK Serverless are nodeless. You can deploy applications without the need to plan, purchase, or maintain nodes. You can also pay for CPU and memory resources allocated to applications on a pay-as-you-go basis. ACK Serverless clusters provide Kubernetes-compatible capabilities to allow beginners to focus on applications instead of worrying about infrastructure management.

Pods in ACK Serverless clusters are deployed in isolated runtime environments on elastic container instances. The underlying computing resources of each elastic container instance are isolated by lightweight virtual sandboxes. Elastic container instances do not affect each other.

ACK Serverless clusters are classified into ACK Serverless Basic clusters and ACK Serverless Pro clusters. ACK Serverless Pro clusters are developed based on ACK Serverless Basic clusters and provide improved security and reliability for large-scale production. ACK Serverless clusters are also covered by the SLA that supports compensation clauses. For more information about ACK Serverless Pro clusters, see ACK Serverless Pro cluster overview.

Benefits

Benefit

Description

Out-of-the-box

You can quickly create ACK Serverless clusters and deploy applications in ACK Serverless clusters without the need to manage Kubernetes nodes and servers.

Ultralarge capacity

You can create more than 20,000 pods in an ACK Serverless cluster without the need to add additional configurations or design the size of the cluster.

Second-level scaling

You can create thousands of pods within a short period of time to handle traffic spikes.

Predictive scaling

ACK Serverless can predict resource demand based on historical data and then scale resources promptly during peak hours.

Compatibility with cloud-native services

ACK Serverless is fully compatible with Kubernetes and supports Kubernetes-native applications and ecosystems. You can seamlessly migrate Kubernetes applications to ACK Serverless.

Security isolation

You can deploy pods on elastic container instances. Instances on which pods are deployed are isolated from each other by using the lightweight virtual sandbox technology.

Cost savings

Pods are created on demand. You are charged based on the resources used by your applications. The serverless architecture helps avoid resource waste and reduce O&M costs.

Service integration

You can seamlessly integrate containerized applications with the fundamental services of Alibaba Cloud. Containers can communicate with applications deployed on virtual machines.

ACK Serverless Pro clusters

Compared with ACK Serverless Basic clusters, ACK Serverless Pro clusters are more reliable, ensure higher service uptime, and allow you to deploy more pods. You can seamlessly migrate applications from ACK Serverless Basic clusters to ACK Serverless Pro clusters.

Comparison between ACK Serverless clusters and ACK clusters

The following figure compares the left-side ACK cluster with the right-side ACK Serverless cluster.

与容器对比

Use scenarios

Scenario

Description

Application hosting

In ACK Serverless clusters, you do not need to manage or maintain nodes or plan the cluster size. This greatly reduces the expenses on infrastructure management and maintenance.

Traffic spikes

For fluctuating workloads in industries such as online education and e-commerce, ACK Serverless clusters can scale resources within seconds to help you reduce computing costs, avoid resource waste, and withstand traffic spikes. For more information, see Auto scaling overview.

Data computing

To handle computing jobs such as Spark jobs, ACK Serverless clusters can launch large numbers of pods within a short period of time and release pods immediately after the jobs are completed to reduce computing costs. For more information, see Use ACK Serverless to create Spark tasks.

CI/CD

You can use ACK Serverless clusters to build a continuous integration (CI) environment, such as Jenkins or Gitlab-Runner, to quickly compile application code, build and push images, and create pipelines. CI jobs are isolated from each other. You do not need to maintain resource pools, which reduces computing costs. For more information, see Elastic and cost-effective CI/CD based on ACK Serverless.

CronJobs

You can run CronJobs in ACK Serverless clusters. The billing stops after the jobs are completed. You do not need to maintain resource pools, which helps avoid resource waste. For more information, see CronHPA.

Key features

ACK Serverless clusters provide Kubernetes-compatible capabilities. In addition to Kubernetes-native features, we recommend that you pay attention to the following features when using ACK Serverless clusters.

ECI Profile

Pods in ACK Serverless clusters run on elastic container instances. You can configure Elastic Container Instance Profile to control pods and pod-relevant cluster actions in a fine-grained manner. Elastic Container Instance Profile is a ConfigMap named eci-profile in the kube-system namespace. The following table describes the key parameters.

Parameter

Description

vpcId

The unique identifier of the virtual private cloud (VPC) in which pods are deployed.

securityGroupId

The unique identifier of the security group of the VPC.

vSwitchIds

The unique identifier of the vSwitch in the VPC. Multiple vSwitch IDs are separated by commas (,). Virtual nodes are generated based on vSwitches.

selectors

The pod selector. The pod selector can select pods based on namespaces or labels, and automatically add annotations or labels.

enableClusterIp

Specifies whether to use the ClusterIP. Default value: true.

enableLogController

Specifies whether to enable the Alibaba Cloud log controller. Default value: false.

enablePVCController

Specifies whether to enable the persistent volume claim (PVC) controller. Default value: false.

enablePrivateZone

Specifies whether to enable the service discovery feature of PrivateZone. Default value: false.

featureGates

Specifies whether to enable feature gates.

For more information, see Elastic Container Instance overview.

Virtual nodes

When you use ACK Serverless clusters, you do not need to manage nodes. To ensure that ACK Serverless clusters are compatible with Kubernetes-native features, you can still find virtual nodes in ACK Serverless clusters. Virtual nodes in ACK Serverless clusters can provide ultra-large computing resources to handle traffic fluctuations. Virtual nodes are generated based on the vSwitchIds parameter in the eci-profile ConfigMap. Virtual nodes do not occupy any computing resources.ask

Pod configurations

You can customize pods in ACK Serverless clusters by adding annotations to pods. The following table describes the annotations.

Important
  • The annotations described in the following table are applicable only to the pods that are scheduled to virtual nodes. These pods run on elastic container instances. The annotations cannot be added to the pods that are scheduled to regular nodes.

  • Add annotations to the metadata field of the pods. For example, when you configure a Deployment, add annotations in the spec.template.metadata field.

  • Pod annotations have a higher priority than the settings that correspond to the same feature in the Elastic Container Instance profile.

Annotation

Example

Description

References

k8s.aliyun.com/eci-security-group

sg-bp1dktddjsg5nktv****

The security group ID.

Configure a security group

k8s.aliyun.com/eci-vswitch

vsw-bp1xpiowfm5vo8o3c****

The IDs of the vSwitches. You can specify multiple vSwitches across zones.

Specify multiple zones to create an elastic container instance-based pod

k8s.aliyun.com/eci-schedule-strategy

vSwitchOrdered

The multi-zone scheduling policy. Valid values:

  • vSwitchOrdered: Resources in the specified zones are scheduled in the order in which the vSwitches are specified.

  • vSwitchRandom: Resources in the specified zones are scheduled in a random manner.

k8s.aliyun.com/eci-ram-role-name

AliyunECIContainerGroupRole

The Resource Access Management (RAM) role that Elastic Container Instance assumes to access other Alibaba Cloud services.

Configure RAM roles

k8s.aliyun.com/eci-use-specs

2-4Gi,4-8Gi,ecs.c6.xlarge

The specifications of elastic container instances. You can specify multiple specifications, such as the number of vCores and the memory size. You can also specify an ECS instance type.

Specify multiple instance specifications to create an elastic container instance

k8s.aliyun.com/eci-spot-strategy

SpotAsPriceGo

The bidding policy of the preemptible instance. Valid values:

  • SpotAsPriceGo: The instance is billed at the market price at the time of purchase.

  • SpotWithPriceLimit: You must specify the highest price that you want to pay for the preemptible instance.

Create a preemptible instance

k8s.aliyun.com/eci-spot-price-limit

0.5

The highest price of the preemptible instance.

Note

This parameter is valid only when k8s.aliyun.com/eci-spot-strategy is set to SpotWithPriceLimit.

k8s.aliyun.com/eci-cpu-option-core

2

The number of physical CPU cores.

Custom CPU options

k8s.aliyun.com/eci-cpu-option-ht

1

The number of threads per core.

k8s.aliyun.com/eci-reschedule-enable

"true"

Specifies whether to enable rescheduling for elastic container instances.

Configure rescheduling for elastic container instances

k8s.aliyun.com/pod-fail-on-create-err

"true"

Specifies whether to set the status of the elastic container instances to Failed if pods fail to be created on the elastic container instances.

Set the status of pods that fail to be created to Failed

k8s.aliyun.com/eci-image-snapshot-id

imc-2zebxkiifuyzzlhl****

Specifies the ID of the image cache.

Note

To use an image cache to create an elastic container instance, you can specify the image cache that you want to use or enable automatic matching for image caches. We recommend that you enable automatic matching for image caches.

Use image caches to accelerate the creation of pods

k8s.aliyun.com/eci-image-cache

"true"

Specifies whether to enable automatic matching for image caches.

Note

To use an image cache to create an elastic container instance, you can specify the image cache that you want to use or enable automatic matching for image caches. We recommend that you enable automatic matching for image caches.

k8s.aliyun.com/acr-instance-id

cri-j36zhodptmyq****

Specifies the ID of the Container Registry Enterprise Edition instance.

You can specify a Container Registry Enterprise Edition instance that resides in a region different from the region of the elastic container instance. To do this, you must add the region name of the Container Registry Enterprise Edition instance before the ID of the Container Registry Enterprise Edition instance. Example: "cn-beijng:cri-j36zhodptmyq****".

Pull images from a Container Registry Enterprise Edition instance without using passwords

k8s.aliyun.com/eci-eip-instanceid

eip-bp1q5n8cq4p7f6dzu****

The ID of the elastic IP address (EIP).

Associate an EIP with an elastic container instance

k8s.aliyun.com/eci-with-eip

"true"

Specifies whether to automatically create an EIP and associate the EIP with the pod.

k8s.aliyun.com/eip-bandwidth

5

The bandwidth value for the EIP.

k8s.aliyun.com/eip-common-bandwidth-package-id

cbwp-2zeukbj916scmj51m****

Specifies the ID of the EIP bandwidth plan.

k8s.aliyun.com/eip-isp

BGP

Specifies the line type for the EIP. This annotation is applicable only to pay-as-you-go EIPs. Valid values:

  • BGP: BGP (Multi-ISP) lines

  • BGP_PRO: BGP (Multi-ISP) Pro lines

k8s.aliyun.com/eip-internet-charge-type

PayByBandwidth

Specifies the metering method of the EIP. Valid values:

  • PayByBandwidth: pay-by-bandwidth

  • PayByTraffic: pay-by-data-transfer

k8s.aliyun.com/eci-enable-ipv6

"true"

Specifies whether to assign an IPv6 address to the instance.

Assign an IPv6 address to an elastic container instance

k8s.aliyun.com/eci-ipv6-bandwidth-enable

"true"

Specifies whether to enable Internet access to the pod over IPv6 addresses.

k8s.aliyun.com/eci-ipv6-bandwidth

100M

Specifies the maximum public bandwidth of the IPv6 address.

kubernetes.io/ingress-bandwidth

40M

Specifies the inbound bandwidth.

Limit the bandwidth of an elastic container instance

kubernetes.io/egress-bandwidth

20M

Specifies the outbound bandwidth.

k8s.aliyun.com/eci-extra-ephemeral-storage

50Gi

The temporary storage capacity.

Customize the temporary storage capacity

k8s.aliyun.com/eci-eviction-enable

"true"

Specifies whether to automatically evict pods that do not have sufficient temporary storage space from elastic container instances.

Automatically evict pods that do not have sufficient temporary storage space from elastic container instances

k8s.aliyun.com/eci-core-pattern

/pod/data/dump/core

Specifies the directory in which core dump files are stored.

View core dump files

k8s.aliyun.com/eci-ntp-server

100.100.*.*

The IP address of the Network Time Protocol (NTP) server.

Configure the NTP service for pods

k8s.aliyun.com/plain-http-registry

"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80"

The IP address of the self-managed image repository.

When you create an elastic container instance by using an image in a self-managed image repository that uses the HTTP protocol, you must specify this parameter. This allows Elastic Container Instance to pull the image over HTTP. This avoids image pull failures due to the use of different protocols.

Use self-managed image repositories

k8s.aliyun.com/insecure-registry

"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80"

The domain name of the self-managed image repository.

When you create an elastic container instance by using an image in a self-managed image repository that uses a self-signed certificate, you must add this annotation to the instance to skip the certificate authentication. This avoids image pull failures due to certificate authentication failures.

For more information, see Annotations supported by Elastic Container Instance.

Network Management

By default, Elastic Container Instance-based pods use the host network mode. Each pod must be assigned an elastic network interface (ENI) by the vSwitch. This enables communications with the Elastic Compute Service (ECS) instances and ApsaraDB RDS instances in the VPC where the cluster is deployed.

Item

Description

Service

  • You can create ClusterIP and LoadBalancer Services.

  • You cannot create NodePort Services because ACK Serverless clusters do not support node-relevant features.

Ingress

  • SLB Ingress: supports Layer 7 traffic forwarding based on Server Load Balancer (SLB) instances without controllers. For more information, see Ingress demo.

  • NGINX Ingress: allows you to create NGINX Ingresses after nginx-ingress-controller is deployed. For more information, see ingress-nginx demo.

Service discovery

To use the service discovery feature within a cluster, enable PrivateZone or CoreDNS when you create the cluster. You can also use the Elastic Container Instance profile to enable PrivateZone or install the CoreDNS component from the Add-ons page of the ACK console after the cluster is created.

EIPs

You can associate EIPs with Elastic Container Instance-based pods. You can automatically create an EIP for an Elastic Container Instance-based pod or associate an existing EIP with an Elastic Container Instance-based pod.

Storage management

You can mount Elastic Block Storage (EBS) or Apsara File Storage NAS (NAS) file systems to pods.

Item

Description

EBS (disks)

  • To mount a disk by using FlexVolume, you do not need to install FlexVolume. You can mount a disk by specifying the disk ID. For more information, see disk-flexvolume-static.yaml demo. You can also dynamically provision disks as volumes. For more information, see disk-flexvolume-dynamic.yaml demo.

  • To dynamically provision disks by creating persistent volumes (PVs) and PVCs, you must first install disk-controller. For more information, see disk-pvc-dynamic.yaml demo.

NAS

  • To use NFS volumes, you can mount NAS file systems by using NFS. For more information, see nas-nfsvolume.yaml demo.

  • To statically provision NAS file systems as volumes by using FlexVolume, you can directly specify the mount target without the need to install FlexVolume. For more information, see nas-flexvolume.yaml demo.

  • To statically provision NAS file systems as volumes by creating PVs and PVCs, you must first install disk-controller. For more information, see nas-pvc.yaml demo.

Observability

Item

Description

Logs

In ACK Serverless clusters, you can modify eci-profile to enable Simple Log Service to collect pod logs. For more information, see Use Simple Log Service to collect application logs.

Monitoring

You can install the arms-prometheus component to enable cluster monitoring for an ACK Serverless cluster. For more information, see Enable Managed Service for Prometheus.

Image management

Auto scaling

ACK Serverless clusters are nodeless. You do not need to worry about node planning or cluster expansion by using cluster-autoscaler. You only need to scale applications to meet your business requirements. We recommend that you configure Horizontal Pod Autoscaler (HPA) or CronHPA policies to adjust the number of pods on demand. For more information, see Auto scaling overview.

Authorization

If your application pods need to access Alibaba Cloud services, you can configure RAM Roles for Service Accounts (RRSA) to complete authorization.

Cluster management

Item

Description

Intelligent O&M

You can use the intelligent O&M feature to periodically check the health status of ACK Serverless clusters, or run prechecks on clusters to be upgraded or migrated.

Updates

You can upgrade ACK Serverless clusters without service interruptions.

ACK Serverless Pro

ACK Serverless Pro clusters are more reliable, ensure higher service uptime, and allow you to create more pods.

Migration

You can upgrade trial or old ACK Serverless Basic clusters to ACK Serverless Pro clusters without service interruptions for higher service reliability.

Component management

ACK Serverless clusters provide a variety of components and extended cluster features. You can deploy, update, or uninstall components on demand. For more information, see Manage system components.

Managed components

To simplify cluster O&M and allow you to focus on application development, ACK Serverless clusters provide managed system components. You can use the following managed system components in ACK Serverless clusters: kube-scheduler, cloud-controller-manager, kube-controller-manager, and kube-apiserver. In addition to these key Kubernetes components, ACK Serverless clusters will provide more managed storage, networks, and monitoring components in the future.

Important

Managed components can create objects such as ClusterRoles, ClusterRoleBindings, ServiceAccounts, Services, and ConfigMaps. However, the objects created by managed components are not deployed on elastic container instances that run in ACK Serverless clusters. To ensure cluster stability, we recommend that you do not modify the objects created by managed components.

Managed components are deployed and maintained by ACK Serverless clusters. You can use the ACK API to interact with the managed components in ACK Serverless clusters. Managed components provide the following benefits:

  • Save the costs of elastic container instances.

  • Provide automated deployment and maintenance.

  • Use high availability architectures.

Application management

You can install Helm charts from the Marketplace page in the ACK console and then manage them on the Helm page. For more information, see Use Helm to simplify application deployment.

Billing rules

ACK Serverless clusters are classified into ACK Serverless Basic clusters and ACK Serverless Pro clusters. The billable items and billing rules vary based on the type of cluster. For more information, see Billing of ACK Serverless clusters.

Limits

ACK Serverless clusters have the following limits:

  • ACK Serverless clusters do not support DaemonSets. You can replace DaemonSets with sidecar containers.

  • You cannot specify HostPath or HostNetwork in pod manifests.

  • ACK Serverless clusters do not support privileged containers. You can use a security context to add capabilities to a pod.

  • ACK Serverless clusters do not support NodePort Services.

  • ACK Serverless clusters do not support the China East Finance, China South Finance, or Alibaba Gov Cloud regions.

Contact Us

If you have questions about ASK clusters, join the DingTalk group 31544226.