Container Service for Kubernetes (ACK) provides fully managed, highly available Kubernetes clusters that simplify containerized application deployment and management.
Cluster types
ACK provides two cluster categories: ACK managed clusters and ACK dedicated clusters.
ACK managed cluster: ACK provisions and manages the master nodes. You create only worker nodes, reducing operational overhead.
ACK managed clusters come in two tiers:
ACK Basic cluster: entry-level, suitable for testing and small-scale workloads.
ACK Pro cluster: for production environments, with higher reliability, security, and an Service level agreement (SLA).
ACK dedicated cluster: You manage the control plane (control plane components, master nodes, and etcd) and worker nodes yourself, and are responsible for planning, maintaining, and upgrading the cluster.
ACK dedicated clusters can no longer be created since August 21, 2024 (except for CloudBox scenarios). For production workloads, use ACK managed Pro clusters, which provide higher reliability, security, and scheduling efficiency.
Cluster | Best for |
ACK managed cluster | Teams that want to reduce O&M costs, prioritize application development, or are new to Kubernetes |
ACK dedicated cluster | Teams with deep Kubernetes expertise who need full infrastructure control or custom master node configurations |
Use cases
General containerized workloads: Run microservices and web applications on ACK managed clusters with automated control plane management and built-in high availability.
Enterprise Kubernetes with full control: Use ACK dedicated clusters for custom master node configurations, specific resource allocation, or direct cluster-level management.
AI and GPU workloads: Manage heterogeneous GPU resources across ACK clusters with the cloud-native AI suite, improving GPU utilization for training and inference.
Edge computing: Extend Kubernetes to edge locations with ACK Edge, coordinating application delivery across cloud, edge, and terminal nodes with edge-node autonomy.
Multi-cluster and hybrid cloud: Register on-premises and multi-cloud clusters with Distributed Cloud Container Platform for Kubernetes (ACK One) for centralized management.
Serverless containers: Run containerized workloads without provisioning or managing nodes with ACK Serverless, built on Alibaba Cloud elastic computing architecture.
Architecture of ACK managed clusters
ACK manages the control plane of each managed cluster, including kube-apiserver (API gateway), kube-controller-manager (cluster state controller), kube-scheduler (pod scheduler), and etcd (distributed key-value store), all as fully managed components. Each control plane includes at least two kube-apiserver instances and three etcd instances deployed across availability zones for high availability. ACK monitors control plane health, applies vulnerability patches, and provides SLAs.
Core features
Feature | Details |
Cluster management | Supports cluster creation with custom Elastic Compute Service (ECS) instance types, manual or automatic Kubernetes version upgrades, and centralized system component management. |
Auto scaling | Supports vertical cluster scaling from the console, with service-level affinity rules and horizontal scaling policies for workloads. |
Scheduling | Schedules elastic resources, heterogeneous resources (including GPUs), and batch tasks using hybrid and fine-grained scheduling policies. |
Multi-cluster management | Registers and manages on-premises clusters and clusters across clouds or regions from a single control point. |
Permission management | Integrates Resource Access Management (RAM) and role-based access control (RBAC) for cluster and resource permissions. |
Node pools | Manages the node pool lifecycle and per-pool specifications, including vSwitches, runtimes, operating systems, and security groups. |
Application management | Supports creating applications from images or templates; managing their lifecycle (update, replace, roll back, and redeploy); and canary and blue-green deployments. |
Pod scaling | Supports manual and Horizontal Pod Autoscaler (HPA) pod scaling, with affinity and anti-affinity scheduling. |
Application center | Deploys applications and visualizes their topology from a central panel, with version management and rollback for continuous deployment. |
Storage (CSI) | Provides Container Storage Interface (CSI) support for block storage, File Storage NAS (NAS), Object Storage Service (OSS), and Cloud Parallel File Storage (CPFS), including dynamic volume provisioning, migration, and persistent volume claim (PVC) management. |
Networking | Supports Flannel and Terway network plugins, CIDR block configuration for services and pods, network policies, Ingresses, and DNS-based service discovery. |
GPU support | Centrally schedules, manages, and maintains heterogeneous computing resources to improve GPU utilization. |
Knative | Runs Knative on ACK clusters, a Kubernetes-native serverless framework for managing services and handling events. |
Observability | Integrates Managed Service for Prometheus for cluster, node, application, and pod monitoring, and Simple Log Service (SLS) for log collection and storage; alerts on cluster events and container metrics. |
Cluster diagnostics | Identifies risks such as insufficient quotas, high resource usage, and node or network issues through cluster checks and inspections, and provides recommended resolutions. |
Cost suite | Visualizes resource usage and cost distribution across clusters. |
Security center | Inspects applications for security risks and provides runtime monitoring, alerting, and security policies. |
Sandboxed containers | Runs applications in sandboxed, lightweight VMs with dedicated kernels for stronger isolation of untrusted or multi-tenant workloads. |
Confidential computing | Provides cloud-native confidential computing based on Intel Software Guard Extensions (Intel SGX), isolating sensitive code and data in a trusted execution environment (TEE) for data security and integrity. |
Related services
The following figure shows the ACK architecture and related Alibaba Cloud products.
ACK integrates with these products:
Container Registry: Secure hosting and lifecycle management for cloud-native assets, integrated with ACK for image distribution.
Alibaba Cloud Service Mesh (ASM): A managed service mesh for centralized microservices traffic management, compatible with open-source Istio and supporting multi-cluster traffic management.
ACK Serverless: Serverless Kubernetes built on Alibaba Cloud elastic computing architecture, for running containerized applications without managing cluster infrastructure.
ACK Edge: An edge-computing platform, based on standard Kubernetes, that provides unified delivery, O&M, and management of containerized applications across cloud, edge, and devices, with enhanced autonomy in edge scenarios.
ACK One: An enterprise-class platform for hybrid cloud, multi-cluster, distributed computing, and disaster recovery that registers external Kubernetes clusters from any region or infrastructure for centralized management, and is compatible with Kubernetes APIs.
Cloud-native AI suite: A toolkit that orchestrates and manages AI tasks and heterogeneous resources in containerized environments to accelerate AI delivery.
ACK Lingjun: A managed Kubernetes service that uses Lingjun (high-performance compute) nodes as worker nodes, optimized for large-scale AI and high-performance computing (HPC) workloads.
Alibaba Cloud services that work with ACK
Category | Services |
Computing |
|
Networking |
|
Storage |
|
Security |
|
Observability |
|
Cloud-native assets | Container Registry (ACR): Provides image repositories for workload deployment. |
Others | Resource Orchestration Service (ROS): Provisions cluster resources from templates. |
Pricing
ACK charges vary by cluster type:
ACK Basic cluster: No cluster management fee. You pay for worker nodes and other underlying resources.
ACK Pro cluster: Cluster management fee is charged based on the number of ACK Pro clusters that you create.
ACK dedicated cluster: No cluster management fee. You pay for master nodes, worker nodes, and other underlying resources.
See Billing.
Next steps
Resource | Description |
Review important usage notes and high-risk operations before getting started. | |
Understand capacity limits and quotas that apply to ACK. | |
Create your first ACK cluster and deploy a sample application. | |
Stay current with product changes, maintenance announcements, and CVE fixes. | |
Review release notes for features, Kubernetes version support, OS images, runtimes, and components. | |
Check regions and time zones supported by ACK. | |
Understand how ACK aligns with upstream Kubernetes version lifecycles. | |
Explore best practices for clusters, nodes, networking, storage, observability, cost management, and auto scaling. | |
Access ACK via APIs, SDKs, CLI, and Terraform. | |
Learn core Kubernetes concepts, including Pods, Deployments, Services, and configurations. |
For technical support, search DingTalk group 53765001287 or join via ACK DingTalk Group on mobile.