All Products
Search
Document Center

Container Service for Kubernetes:Cloud resource fee

Last Updated:Feb 18, 2025

When you use ACK managed clusters and ACK dedicated clusters, the clusters may use other cloud services. For example, Elastic Compute Service (ECS) instances are deployed as nodes in your clusters. You are charged for the clusters you use and the Alibaba Cloud resources that are used by your clusters.

Overview

The following figure shows the Alibaba Cloud services that are related to ACK managed clusters and ACK dedicated clusters.

Note

The Alibaba Cloud services in the following figure are for reference only. The actual Alibaba Cloud services that you activate and use shall prevail. For information about how to view bills, see Query bills.

image

Compute resources

ECS nodes

Nodes in ACK managed clusters and ACK dedicated clusters are deployed on Elastic Compute Service instances. A node corresponds to an ECS instance. You are charged for ECS instances deployed as nodes based on the billing rules of ECS.

Note
  • The control plane (consisting of master nodes) of an ACK managed cluster is managed by ACK. No ECS instance fees are charged for the control plane.

  • The control plane (consisting of master nodes) of an ACK dedicated cluster requires manual maintenance. You are charged ECS instance fees for the control plane. When you create an ACK dedicated cluster, you can specify the number of ECS instances in the cluster and the billing method of the instances.

Billable items

The configurations of an ECS instance include the instance type, image, Elastic Block Storage (EBS) resources. You may be charged an instance type fee and a cloud disk fee. For more information, see ECS billing overview.

Billing methods

ECS instances support the subscription and pay-as-you-go billing methods. You can select the billing method of an ECS instance based on your business requirements. For more information, see Overview of ECS billing methods.

Auto scaling

ACK implements auto scaling for ECS nodes based on Auto Scaling(ESS) . The auto scaling feature can automatically scale compute resources based on the resource demands of your business. You can use ESS free of charge. However, you are charged for the ECS instances that are scaled by Auto Scaling. For more information, see Auto Scaling billing overview.

Virtual nodes

You can utilize the computing power of Elastic Container Instance(ECI) and Container Compute Service (ACS) in ACK clusters based on virtual nodes. When you use Elastic Container Instance-based pods and ACS pods, you are charged for the resources used by the pods based on the billing rules of Elastic Container Instance and ACS.

Network resources

Basic resources

Virtual Private Cloud is used to set up the cluster network. You are not charged for creating VPCs or vSwitches. However, you are charged fees when you use features such as VPC peering connections, traffic mirroring, and flow logs. For more information, see VPC billing overview.

Internet communication

By default, Internet communication is disabled for ACK clusters. If you require Internet access, for example, you need to pull images over the Internet, you must use the following cloud services.

Cloud service

Usage notes

Billing description

NAT Gateway

NAT Gateway is a network address translation service that supports SNAT and DNAT. After you create an Internet NAT gateway in the VPC where your cluster is deployed, your cluster can access the Internet. For more information, see the following topics:

Note

Internet NAT gateways enable Internet access based on elastic IP addresses (EIPs). Therefore, you are charged for the Internet NAT gateways and EIPs that are used.

Elastic IP Address(EIP)

EIPs are public IP addresses that you can purchase and manage based on your business requirements. You can enable Internet access for a resource by associating an EIP with the resource. When you use ACK clusters, EIPs are required in the following scenarios:

EIP billing overview

SLB

When you use ACK clusters, Server Load Balancer instances are required in the following scenarios:

Scenario

Usage notes

Billing description

Create and associate a Classic Load Balancer (CLB) instance with the API server of an ACK cluster

When you create an ACK cluster, you must create a CLB instance and associate the instance with the API server of the cluster. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster.

CLB billing

Create LoadBalancer Services

When you create LoadBalancer Services to expose applications, you must create CLB instances or Network Load Balancer (NLB) instances for the LoadBalancer Services. For more information, see Use an existing SLB instance to expose an application and Use an automatically created SLB instance to expose an application.

Use ALB Ingresses

When you use ALB Ingresses, you must associate ALB instances with the ALB Ingresses. For more information, see ALB Ingress management.

ALB billing

Other cloud services

Cloud service

Usage notes

Billing description

Microservices Engine(MSE)

You can use MSE Ingresses to enable load balancing for ACK clusters based on MSE cloud-native gateways. For more information, see MSE Ingress management.

When you use MSE Ingresses in your clusters, MSE cloud-native gateways are automatically created for the MSE Ingresses. For more information about the billing rules of MSE cloud-native gateways, see Billing overview of common instances.

For more information about the billing rules of other features provided by MSE, see MSE billing overview.

Service Mesh(ASM)

You can interface applications deployed in an ACK cluster with ASM. This simplifies service management by using service meshes, enables service observability, and reduces the workload of development and O&M. For more information, see ASM.

ASM provides different service editions and charges you for the ASM instances that you use. In addition, you are charged for the cloud resources that are associated with the ASM instances that you use. For more information, see Billing.

Container image management

Container Registry(ACR) is a platform that allows you to manage and distribute cloud-native artifacts in a secure and efficient manner. Cloud-native artifacts include container images and Helm charts that meet the standards of Open Container Initiative (OCI). You can use ACR to manage container images. When you deploy a workload in your ACK cluster, you can pull the image from ACR to the cluster. ACR provides Enterprise Edition and Personal Edition. For more information about the billing rules of Container Registry, see Container Registry billing rules.

Storage resources

When you run workloads in ACK clusters, you may have storage requirements such as persistent storage of application data, storage of sensitive and configuration data, and dynamical provision of storage resources. ACK clusters provide the container storage feature based on the Container Storage Interface (CSI) plug-in. This feature uses Alibaba Cloud storage services to provide and manage statically or dynamically provisioned volumes. You are charged for the cloud storage resources that you use.

Cloud service

Usage notes

Billing description

Elastic Block Storage(EBS)

Cloud disks are block-level storage devices that use a distributed multi-replica mechanism to ensure low latency and high reliability. Cloud disks are ideal for applications that require high IOPS and low latency but do not require data sharing. For more information, see Disk volumes.

File Storage NAS

NAS is a distributed file storage solution that provides shared access and scalability. NAS file systems support standard protocols such as Network File System (NFS) and are ideal for data sharing and web application storage. For more information, see NAS volumes.

NAS billing overview

Object Storage Service(OSS)

OSS is a cost-effective storage solution that provides ultra-large storage space. OSS is suitable for data that is not frequently modified, such as images, audio files, and video files. For more information, see OSS volumes.

OSS billing overview

Observability

The observability capability of Kubernetes includes monitoring and logging. Monitoring allows developers to keep track of system operations. Logging facilitates diagnostics and troubleshooting. For more information, see Observability.

Logging

You can use Simple Log Service SLS to collect the logs of control plane logs, nodes, applications, and containers. Simple Log Services supports log retrieval and log analysis. For more information, see Log management.

SLS uses the pay-as-you-go billing method. You are charged based on the usage of each billable item of Simple Log Service. You can purchase resource plans to offset fees. For more information about the billing of SLS, see Simple Log Service billing overview.

Monitoring

ACK provides basic monitoring, application monitoring, event monitoring, and Prometheus monitoring. The following table describes the cloud services that are required to enable monitoring for ACK clusters

Cloud service

Usage notes

Billing description

Managed Service for Prometheus

You can enable Managed Service for Prometheus for an ACK cluster to monitor the cluster and containers in the cluster in real time. After you enable Managed Service for Prometheus, you can view metrics displayed in Grafana dashboards. For more information, see Use Managed Service for Prometheus.

Application Real-Time Monitoring Service (ARMS) Application Monitoring

ARMS provides the Application Monitoring feature to help you monitor application performance. After you install ARMS Application Monitoring, you can perform all-around monitoring on your applications. For more information, see Application monitoring.

Billing for ARMS Application Monitoring

Cloud Monitor(CMS)

You can use CMS to monitor the status of nodes and applications in your cluster. You can also use CloudMonitor to configure monitoring and alerting based on container metrics. For more information, see Basic resource monitoring.

Billing overview

Security

Container security

You can use Security Center to monitor the security events of application runtimes in ACK clusters and generate alerts when anomalies are detected. Security Center provides the baseline check and vulnerability fixing features. For more information, see Use security monitoring.

The Basic edition of Security Center provides a limited number of features. To use more features, we recommend that you purchase a paid edition of Security Center. For example, you can purchase a paid edition in the following scenarios:

  • Container runtimes are diagnosed by using Security Center. To enable this parameter, you must first purchase Security Center Advanced Edition or higher editions.

  • If you need to fix the OS Common Vulnerabilities and Exposures (CVEs) in node pools, you must purchase Security Center Enterprise Edition or higher.

For more information about the billing rules of Security Center, see Security Center billing overview.

Permission control

Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM together with the role-based access control (RBAC) provided by Kubernetes to manage the permissions on cloud resources and Kubernetes resources in your clusters. For more information, see Authorization.

RAM is provided free of charge. You can use RAM after your Alibaba Cloud account passes real-name verification.

Key management

You can use Key Management Service (KMS) to manage and encrypt Secrets in your clusters. For more information about the features of KMS, refer to the following topics:

KMS provides default keys for server-side encryption in Alibaba Cloud services free of charge. You can use the default keys without the need to purchase a KMS instance. If you want to increase the number of Customer Master Keys (CMKs), use Secrets Manager, or build an application-layer cryptographic solution for self-managed applications, you must purchase a KMS instance of the software or hardware key management type. For more information, see KMS billing.