Alibaba Cloud Container Service for Kubernetes (ACK) is a fully managed Kubernetes service that eliminates the operational overhead of running production Kubernetes clusters. With ACK, you can:
Run production-grade Kubernetes clusters without managing control plane infrastructure
Scale from hundreds to thousands of nodes in minutes with built-in autoscaling
Integrate natively with Alibaba Cloud networking, storage, and security services
Get 24/7 technical support through a ticket system
Capabilities
| Capability | Description |
|---|---|
| Cluster management | Three cluster types to match your architecture: ACK dedicated clusters, ACK managed clusters, and ACK Serverless clusters. Management nodes in ACK managed clusters are deployed across three zones for high availability by default. A single cluster supports thousands of Elastic Compute Service (ECS) nodes. ACK also supports cross-zone clusters and registered clusters. For quota limits, see Quota limits. |
| Elastic scaling | Automatically adjusts container counts based on resource usage and scales out to thousands of nodes within minutes. With ACK Serverless and Elastic Container Instance (ECI), 500 pods start in 30 seconds. Supports one-click vertical scaling, horizontal application scaling, and resource affinity policies. Standard Kubernetes autoscalers are included: Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler (VPA), and Cluster Autoscaler. ACK also provides CronHPA for scheduled scaling, vk-autoscaler for serverless elastic scaling, and alibaba-metrics-adapter to optimize application-layer scaling for scenarios such as Ingress gateways and Sentinel-based microservice throttling. Fine-grained elastic scheduling for online services based on elastic workloads is also supported. |
| Container management | Application management: phased releases, blue-green deployments, application monitoring, and automatic scaling. A built-in application marketplace supports one-click deployment of Helm applications. Container Registry (ACR): high-availability image registry with image acceleration and large-scale peer-to-peer (P2P) distribution to up to 10,000 nodes at 4x efficiency. ACR improves image repository reliability and reduces operations and maintenance workloads compared to self-managed repositories. Logging: log collection integrated with Simple Log Service and third-party open source logging solutions. Monitoring: container-level and virtual machine (VM)-level monitoring, with support for third-party open source monitoring solutions. |
| Node types | By resource type: x86 ECS instances; GPU-accelerated, Field-Programmable Gate Array (FPGA)-accelerated, and Application-Specific Integrated Circuit (ASIC)-accelerated ECS instances; ECS Bare Metal Instances; ACK virtual nodes for serverless workloads; and edge nodes via ACK Edge clusters, which support unified management of cloud and edge nodes with 3x publishing efficiency. See What is ACK Edge?. By billing method: spot instances, subscription, and pay-as-you-go. |
| Networking, storage, and load balancing | Networking: Virtual Private Cloud (VPC) and elastic network interface (ENI) plugins deliver 20% higher performance than common network solutions, with container access policies and throttling. Storage: Alibaba Cloud disks, File Storage NAS (NAS), and Object Storage Service (OSS), all backed by standard Container Storage Interface (CSI) drivers. Dynamic creation and migration of persistent volumes (PVs) are supported. Load balancing: public and internal-facing Server Load Balancer (SLB) instances with automatic configuration updates, providing a stable alternative to self-managed Ingress. |
| Security | ACK provides end-to-end security across the entire development lifecycle—from infrastructure to the software supply chain to the runtime environment. Infrastructure security: comprehensive network isolation and control, end-to-end data encryption, and Role-Based Access Control (RBAC) integrated with Alibaba Cloud accounts and Resource Access Management (RAM) users for fine-grained permission management and auditing. Software supply chain security: a complete DevSecOps pipeline that includes image scanning, secure cloud-native delivery chains, image signing, and image synchronization. Runtime security: application-level security policy management, configuration inspection, runtime monitoring and alerting, and secret key encryption and management. Default security: container-optimized OS images, security-hardened Kubernetes and containerd versions, cluster configuration hardening based on ACK security best practices, and minimal default cloud resource permissions for nodes. Sandboxed-Container: an ACK container runtime that runs applications in a sandboxed lightweight VM with a dedicated kernel, suitable for isolating untrusted, unhealthy, or low-performance workloads, and workloads among users. TEE-based confidential computing: a cloud-native solution for confidential computing based on Intel Software Guard Extensions (Intel SGX). Isolates sensitive data and code in a trusted execution environment (TEE) to ensure data security, integrity, and confidentiality. |
| Support | 24/7 professional technical support through a ticket system. |
Why use ACK instead of self-managed Kubernetes
Setting up and maintaining a self-managed Kubernetes cluster demands significant ongoing investment across three dimensions.
Setup complexity. Configuring Kubernetes components, certificates, keys, plugins, and tooling from scratch typically takes an experienced engineer several days to weeks. ACK handles this automatically, letting your team skip straight to deploying workloads.
Integration costs. Connecting a self-managed cluster to cloud services—logging, monitoring, storage—requires custom integration work your team must own and maintain. ACK integrates with Alibaba Cloud services out of the box, so you pay for the services rather than the integration effort.
Continuous maintenance. Container technology evolves rapidly. Staying current means continuous experimentation, upgrades, and testing. ACK delivers security-hardened Kubernetes versions and automated upgrade paths, shifting that burden from your team to Alibaba Cloud.