High-performance cluster management
ACK provides three types of clusters: ACK dedicated cluster, ACK managed cluster, and ACK Serverless cluster.
By default, the control plane of an ACK managed cluster is deployed across three zones to ensure high availability.
ACK allows you to add thousands of Elastic Compute Service (ECS) nodes to a single cluster. For more information about resource quotas, see Quotas.
ACK allows you to deploy a cluster across different zones and register external clusters with ACK, which helps implement centralized management for your services. For more information about registered clusters, see Overview.
Ultrahigh resource elasticity
ACK can automate pod scaling based on the resource utilization of pods.
ACK can scale out to thousands of nodes within minutes.
ACK supports fast startup of elastic container instances in ACK Serverless clusters. You can launch up to 500 elastic container instances in an ACK Serverless cluster within 30 seconds.
ACK supports push-button vertical or horizontal scaling.
ACK allows you to configure affinity rules for services to help you better schedule your business.
ACK provides native support for open source Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler (VPA), and Kubernetes Autoscaler.
ACK provides the scheduled scaling capability, which is similar to the function of CronHPA. ACK also supports serverless scalability, which is similar to the function of vk-autoscaler.
ACK provides fine-grained scheduling for online business based on the elastic workload feature.
ACK provides the alibaba-metrics-adapter component to meet different scaling needs. ACK also optimizes application scaling by using Ingress gateways and Sentinel-based flow control.
All-in-one container management
Support for a variety of nodes
Optimized IaaS capabilities
Enterprise-grade security and stability
ACK adopts a multi-layer security mechanism to protect the underlying infrastructure, intermediate software supply chains, and top-layer runtime environments.
Multi-layer security capabilities:
Infrastructure security: ACK provides complete network isolation and end-to-end data encryption, and implements an authorization system based on Alibaba Cloud Resource Access Management (RAM) and Kubernetes Role-Based Access Control (RBAC). This enables fine-grained permission management and comprehensive auditing.
Software supply chain security: ACK provides a secure DevSecOps pipeline that provides protection across the entire development lifecycle, including the cloud-native delivery chain, image scanning, image signing, and image synchronization.
Runtime security: ACK ensures runtime security based on multiple capabilities, including application-level security policies, configuration inspections, runtime monitoring and alerting, and key encryption and management.
Built-in security capabilities:
ACK provides optimized OS images and supports Kubernetes versions and Docker versions with enhanced stability and security.
ACK enhances the security compliance of cluster configurations, system components, and OS images based on the Center for Internet Security (CIS) Benchmark and Alibaba Cloud best practices for container security.
ACK grants worker nodes minimum permissions to manage cloud resources by default.
Sandboxed-Container: Sandboxed-Container is a container runtime developed by ACK for enhancing container security. You can use Sandboxed-Container to run an application in a sandboxed and lightweight VM, which has a dedicated kernel. Sandboxed-Container is suitable for isolating untrusted applications, unhealthy applications, low-performance applications, and workloads among users.
TEE-based confidential computing: ACK provides a cloud-native, all-in-one solution for confidential computing based on Intel Software Guard Extensions (Intel SGX). This solution ensures data security, integrity, and confidentiality when you develop, manage, and deliver trusted applications and confidential computing tasks. The confidential computing capabilities provided by ACK allow you to isolate sensitive data and code by using a trusted execution environment.
24/7 technical support
ACK provides 24/7 technical support through the ticketing system.