This topic describes ACK benefits and the drawbacks of self-managed Kubernetes.
-
Run production-grade Kubernetes clusters without managing control plane infrastructure
-
Scale from hundreds to thousands of nodes in minutes with built-in autoscaling
-
Integrate natively with Alibaba Cloud networking, storage, and security services
-
Get 24/7 technical support through a ticket system
Capabilities
| Capability | Description |
|---|---|
| Cluster management | Three cluster types: ACK dedicated, ACK managed, and ACK Serverless. ACK managed clusters deploy management nodes across three zones for high availability by default. A single cluster supports thousands of ECS nodes. ACK also supports cross-zone and registered clusters. See Quota limits. |
| Elastic scaling | Adjusts container counts by resource usage and scales to thousands of nodes within minutes. With ACK Serverless and Elastic Container Instance (ECI), 500 pods start in 30 seconds. Supports one-click vertical scaling, horizontal application scaling, and resource affinity policies. Includes standard Kubernetes autoscalers: Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler (VPA), and Cluster Autoscaler. ACK also provides CronHPA for scheduled scaling, vk-autoscaler for serverless scaling, and alibaba-metrics-adapter for application-layer scaling in scenarios such as Ingress gateways and Sentinel-based microservice throttling. Supports fine-grained elastic scheduling for online services. |
| Container management | Application management: phased releases, blue-green deployments, monitoring, and autoscaling. Built-in marketplace for one-click Helm deployment. Container Registry (ACR): high-availability image registry that supports high concurrency, with image acceleration and peer-to-peer (P2P) distribution to up to 10,000 nodes at 4x efficiency. Improves registry reliability when millions of clients pull images concurrently, reducing operations overhead compared to self-managed registries. Logging: integrated with Simple Log Service (SLS) and third-party solutions. Monitoring: container-level and VM-level monitoring, with support for third-party solutions. |
| Node types | By resource type: x86 ECS instances; GPU-, FPGA-, and ASIC-accelerated ECS instances; ECS Bare Metal Instances; ACK virtual nodes for serverless workloads; and edge nodes via ACK Edge clusters, with unified cloud-edge management and 3x publishing efficiency. See What is ACK Edge?. By billing method: spot instances, subscription, and pay-as-you-go. |
| Networking, storage, and load balancing | Networking: VPC and ENI plugins deliver 20% higher performance than common network solutions, with container access policies and throttling. Storage: Alibaba Cloud disks, NAS, and OSS, backed by standard CSI drivers. Supports dynamic creation and migration of persistent volumes. Load balancing: public and internal-facing Server Load Balancer (SLB) instances that automatically update network configuration during frequent releases, providing higher stability and reliability than self-managed Ingress. |
| Security | ACK provides end-to-end security across the development lifecycle—from infrastructure to the software supply chain to the runtime environment. Infrastructure security: comprehensive network isolation and control, end-to-end data encryption, and Role-Based Access Control (RBAC) integrated with Alibaba Cloud accounts and Resource Access Management (RAM) users for fine-grained permission management and auditing. Software supply chain security: a complete DevSecOps pipeline that includes image scanning, secure cloud-native delivery chains, image signing, and image synchronization. Runtime security: application-level security policy management, configuration inspection, runtime monitoring and alerting, and secret key encryption and management. Default security: container-optimized OS images, security-hardened Kubernetes and containerd versions, cluster configuration hardening based on ACK security best practices, and minimal default cloud resource permissions for nodes. Sandboxed-Container: an ACK container runtime that runs applications in a sandboxed lightweight VM with a dedicated kernel, suitable for isolating untrusted, unhealthy, or low-performance workloads, and workloads between users. TEE-based confidential computing: a cloud-native solution for confidential computing based on Intel Software Guard Extensions (Intel SGX). Isolates sensitive data and code in a trusted execution environment (TEE) to ensure data security, integrity, and confidentiality. |
| Support | 24/7 technical support through a ticket system. |
Why use ACK instead of self-managed Kubernetes
Self-managed Kubernetes demands ongoing investment across three dimensions.
Setup complexity. Configuring Kubernetes components, certificates, keys, plugins, and tooling from scratch takes days to weeks. ACK automates this, so your team deploys workloads immediately.
Integration costs. Connecting a self-managed cluster to cloud services—logging, monitoring, storage—requires custom work your team must maintain. ACK integrates with Alibaba Cloud services out of the box.
Continuous maintenance. Container technology evolves rapidly, requiring continuous upgrades and testing. **Specialized expertise.** Container platforms span networking, storage, operating systems, and orchestration, each requiring dedicated specialists.