- Provides three cluster types: dedicated Kubernetes cluster, managed Kubernetes cluster,
and serverless Kubernetes (ASK) cluster.
- By default, the master nodes of a managed Kubernetes cluster are deployed across three
zones to ensure high availability.
- Allows you to add thousands of Elastic Compute Service (ECS) nodes to a single cluster.
For more information about resource quotas, see Quota limits.
- Allows you to create clusters across zones and register external clusters in the ACK
console. For more information about registered clusters, see Overview of registered clusters.
|Elastic resource scaling
- Automatically scales the number of containers based on container resource usage.
- Scales out to thousands of nodes within minutes.
- If your application is deployed on elastic container instances in an ASK cluster,
at most 500 pods can be started within 30 seconds.
- Supports vertical scaling with a few clicks.
- Supports service-level affinity policies and scale-out.
- Provides standard, open source Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler
(VPA), and Cluster Autoscaler capabilities.
- Supports scheduled scaling similar to CronHPA and serverless scalability based on
- Supports fine-grained scheduling of online business based on ack-kubernetes-elastic-workload.
- Provides alibaba-metrics-adapter to meet different scaling needs. Optimizes application
scaling by using approaches such as Ingress gateways and microservice flow control
based on Sentinel.
|All-in-one container management
- Application management:
- Supports phased release, blue-green release, application monitoring, and application
- Provides a built-in application marketplace that allows you to deploy applications
with a few clicks by using Helm.
- Image repository (What is Container Registry?):
- Features high availability and high concurrency.
- Supports image acceleration.
- Supports large-scale P2P image distribution. Container Registry can concurrently distribute
images to a maximum of 10,000 nodes by using an optimized image distribution process.
This improves the distribution efficiency by four times.
Note Self-managed image repositories may fail to respond when millions of clients attempt
to pull images at the same time. Container Registry improves the reliability of image
repositories, reduces maintenance workloads, and facilitates application upgrades.
- Allows you to collect logs and deliver the log data to Log Service.
- Supports integration with third-party open source logging solutions.
- Supports container-level and VM-level monitoring.
- Supports integration with third-party open source monitoring solutions.
|Multiple node types
- The following node types are supported:
- x86-based computing resources: ECS instances based on the x86 architecture
- Heterogeneous computing resources: GPU-accelerated ECS instances, NPU-accelerated
ECS instances, and FPGA-accelerated ECS instances
- Bare metal computing resources: ECS bare metal instances
- Serverless computing resources: ACK virtual nodes
- Edge nodes: Edge Kubernetes clusters support centralized management of cloud and edge nodes, and unified application release.
This increases application release efficiency by three times.
- The following billing methods are supported:
- Preemptible instance
|Enterprise-level security and stability
||ACK is integrated with a multi-layer security solution that secures cloud-native ACK
clusters. This solution protects the underlying infrastructure, intermediate software
supply chains, and top-layer runtime environments.
- Multi-layer security:
- Infrastructure security: ACK supports complete network isolation and end-to-end data
encryption. ACK associates Alibaba Cloud accounts and Resource Access Management (RAM)
users with the Kubernetes Role-Based Access Control (RBAC) system. It also provides
fine-grained permission management and comprehensive auditing capabilities.
- Software supply chain security: ACK supports a complete DevSecOps process, covering
the cloud-native delivery chain, image scanning, image signing, and image synchronization.
- Runtime security: ACK provides runtime security capabilities, including security policy
management of applications, configuration routine inspections, runtime monitoring
and alerting, and key encryption and management.
- Default security capabilities:
- Provides OS images that are optimized for containerized applications and supports
Kubernetes clusters and Docker versions that have high stability and enhanced security.
- Enhances the security compliance of cluster configurations, system components, and
system images based on the Center for Internet Security (CIS) Benchmark and container
security best practices.
- Grants minimum default permissions for managing cloud resources on nodes.
- Sandboxed-Container allows you to run an application in a sandboxed and lightweight virtual machine.
This virtual machine has a dedicated kernel, isolates applications from each other,
and provides enhanced security. Sandboxed-Container is suitable in scenarios such
as untrusted application isolation, fault isolation, performance isolation, and load
isolation among multiple users.
- TEE-based confidential computing is a cloud-native and all-in-one solution based on Intel Software Guard Extensions
(SGX). This solution ensures data security, integrity, and confidentiality. Confidential
computing allows you to isolate sensitive data and code by using a trusted execution
|24/7 technical support
||Provides 24/7 technical support through the ticket system.