When you use ACK managed clusters and ACK dedicated clusters, the clusters may use other cloud services. For example, Elastic Compute Service (ECS) instances are deployed as nodes in your clusters. You are charged for the clusters you use and the Alibaba Cloud resources that are used by your clusters.
Overview
The following figure shows the Alibaba Cloud services that are related to ACK managed clusters and ACK dedicated clusters.
The Alibaba Cloud services in the following figure are for reference only. The actual Alibaba Cloud services that you activate and use shall prevail. For information about how to view bills, see Query bills.
Compute resources
ECS nodes
Nodes in ACK managed clusters and ACK dedicated clusters are deployed on Elastic Compute Service instances. A node corresponds to an ECS instance. You are charged for ECS instances deployed as nodes based on the billing rules of ECS.
The control plane (consisting of master nodes) of an ACK managed cluster is managed by ACK. No ECS instance fees are charged for the control plane.
The control plane (consisting of master nodes) of an ACK dedicated cluster requires manual maintenance. You are charged ECS instance fees for the control plane. When you create an ACK dedicated cluster, you can specify the number of ECS instances in the cluster and the billing method of the instances.
Billable items
The configurations of an ECS instance include the instance type, image, Elastic Block Storage (EBS) resources. You may be charged an instance type fee and a cloud disk fee. For more information, see ECS billing overview.
Billing methods
ECS instances support the subscription and pay-as-you-go billing methods. You can select the billing method of an ECS instance based on your business requirements. For more information, see Overview of ECS billing methods.
If the billing method of your ECS instance does not meet your business requirements, you can change the billing method. For more information, see Change the billing method of an instance from subscription to pay-as-you-go and Change the billing method of an instance from pay-as-you-go to subscription.
ImportantWhen you change the billing method of an ECS instance from pay-as-you-go to subscription, do not select Switch to Subscription. Otherwise, workloads on the instance cannot be restarted. As a result, workloads on the instance may be affected. For more information, see Why do applications fail to restart after I change the billing method of a data disk mounted to an ECS instance from pay-as-you-go to subscription when I change the billing method of the ECS instance from pay-as-you-go to subscription?
When the system scales out a node pool, newly added ECS instances use the billing method of the node pool. If you want to change the billing method of a node pool, see Modify a node pool.
If your ECS instance uses the subscription billing method, we recommend that you take note of the subscription duration and renew the instance before it expires. Instance expiration may affect your business. For more information, see Renew a subscription ECS instance.
If you want to reduce ECS resource costs, you can use savings plans and preemptible instances.
Auto scaling
ACK implements auto scaling for ECS nodes based on Auto Scaling(ESS) . The auto scaling feature can automatically scale compute resources based on the resource demands of your business. You can use ESS free of charge. However, you are charged for the ECS instances that are scaled by Auto Scaling. For more information, see Auto Scaling billing overview.
Virtual nodes
You can utilize the computing power of Elastic Container Instance(ECI) and Container Compute Service (ACS) in ACK clusters based on virtual nodes. When you use Elastic Container Instance-based pods and ACS pods, you are charged for the resources used by the pods based on the billing rules of Elastic Container Instance and ACS.
For more information about how to utilize the computing power of Elastic Container Instance, see Virtual nodes. For more information about how Elastic Container Instance-based pods are billed, see Billing overview of Elastic Container Instance
For more information about how to utilize the computing power of ACS, see Use the computing power of ACS in ACK Pro clusters. For more information about how ACS pods are billed, see ACS billing overview.
Network resources
Basic resources
Virtual Private Cloud is used to set up the cluster network. You are not charged for creating VPCs or vSwitches. However, you are charged fees when you use features such as VPC peering connections, traffic mirroring, and flow logs. For more information, see VPC billing overview.
Internet communication
By default, Internet communication is disabled for ACK clusters. If you require Internet access, for example, you need to pull images over the Internet, you must use the following cloud services.
Cloud service | Usage notes | Billing description |
NAT Gateway | NAT Gateway is a network address translation service that supports SNAT and DNAT. After you create an Internet NAT gateway in the VPC where your cluster is deployed, your cluster can access the Internet. For more information, see the following topics: | Note Internet NAT gateways enable Internet access based on elastic IP addresses (EIPs). Therefore, you are charged for the Internet NAT gateways and EIPs that are used. |
Elastic IP Address(EIP) | EIPs are public IP addresses that you can purchase and manage based on your business requirements. You can enable Internet access for a resource by associating an EIP with the resource. When you use ACK clusters, EIPs are required in the following scenarios:
|
SLB
When you use ACK clusters, Server Load Balancer instances are required in the following scenarios:
Scenario | Usage notes | Billing description |
Create and associate a Classic Load Balancer (CLB) instance with the API server of an ACK cluster | When you create an ACK cluster, you must create a CLB instance and associate the instance with the API server of the cluster. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster. | |
Create LoadBalancer Services | When you create LoadBalancer Services to expose applications, you must create CLB instances or Network Load Balancer (NLB) instances for the LoadBalancer Services. For more information, see Use an existing SLB instance to expose an application and Use an automatically created SLB instance to expose an application. | |
Use ALB Ingresses | When you use ALB Ingresses, you must associate ALB instances with the ALB Ingresses. For more information, see ALB Ingress management. |
Other cloud services
Cloud service | Usage notes | Billing description |
Microservices Engine(MSE) | You can use MSE Ingresses to enable load balancing for ACK clusters based on MSE cloud-native gateways. For more information, see MSE Ingress management. | When you use MSE Ingresses in your clusters, MSE cloud-native gateways are automatically created for the MSE Ingresses. For more information about the billing rules of MSE cloud-native gateways, see Billing overview of common instances. For more information about the billing rules of other features provided by MSE, see MSE billing overview. |
Service Mesh(ASM) | You can interface applications deployed in an ACK cluster with ASM. This simplifies service management by using service meshes, enables service observability, and reduces the workload of development and O&M. For more information, see ASM. | ASM provides different service editions and charges you for the ASM instances that you use. In addition, you are charged for the cloud resources that are associated with the ASM instances that you use. For more information, see Billing. |
Container image management
Container Registry(ACR) is a platform that allows you to manage and distribute cloud-native artifacts in a secure and efficient manner. Cloud-native artifacts include container images and Helm charts that meet the standards of Open Container Initiative (OCI). You can use ACR to manage container images. When you deploy a workload in your ACK cluster, you can pull the image from ACR to the cluster. ACR provides Enterprise Edition and Personal Edition. For more information about the billing rules of Container Registry, see Container Registry billing rules.
Storage resources
When you run workloads in ACK clusters, you may have storage requirements such as persistent storage of application data, storage of sensitive and configuration data, and dynamical provision of storage resources. ACK clusters provide the container storage feature based on the Container Storage Interface (CSI) plug-in. This feature uses Alibaba Cloud storage services to provide and manage statically or dynamically provisioned volumes. You are charged for the cloud storage resources that you use.
Cloud service | Usage notes | Billing description |
Elastic Block Storage(EBS) | Cloud disks are block-level storage devices that use a distributed multi-replica mechanism to ensure low latency and high reliability. Cloud disks are ideal for applications that require high IOPS and low latency but do not require data sharing. For more information, see Disk volumes. |
|
File Storage NAS | NAS is a distributed file storage solution that provides shared access and scalability. NAS file systems support standard protocols such as Network File System (NFS) and are ideal for data sharing and web application storage. For more information, see NAS volumes. | |
Object Storage Service(OSS) | OSS is a cost-effective storage solution that provides ultra-large storage space. OSS is suitable for data that is not frequently modified, such as images, audio files, and video files. For more information, see OSS volumes. |
Observability
The observability capability of Kubernetes includes monitoring and logging. Monitoring allows developers to keep track of system operations. Logging facilitates diagnostics and troubleshooting. For more information, see Observability.
Logging
You can use Simple Log Service SLS to collect the logs of control plane logs, nodes, applications, and containers. Simple Log Services supports log retrieval and log analysis. For more information, see Log management.
SLS uses the pay-as-you-go billing method. You are charged based on the usage of each billable item of Simple Log Service. You can purchase resource plans to offset fees. For more information about the billing of SLS, see Simple Log Service billing overview.
Monitoring
ACK provides basic monitoring, application monitoring, event monitoring, and Prometheus monitoring. The following table describes the cloud services that are required to enable monitoring for ACK clusters
Cloud service | Usage notes | Billing description |
Managed Service for Prometheus | You can enable Managed Service for Prometheus for an ACK cluster to monitor the cluster and containers in the cluster in real time. After you enable Managed Service for Prometheus, you can view metrics displayed in Grafana dashboards. For more information, see Use Managed Service for Prometheus. | |
Application Real-Time Monitoring Service (ARMS) Application Monitoring | ARMS provides the Application Monitoring feature to help you monitor application performance. After you install ARMS Application Monitoring, you can perform all-around monitoring on your applications. For more information, see Application monitoring. | |
Cloud Monitor(CMS) | You can use CMS to monitor the status of nodes and applications in your cluster. You can also use CloudMonitor to configure monitoring and alerting based on container metrics. For more information, see Basic resource monitoring. |
Security
Container security
You can use Security Center to monitor the security events of application runtimes in ACK clusters and generate alerts when anomalies are detected. Security Center provides the baseline check and vulnerability fixing features. For more information, see Use security monitoring.
The Basic edition of Security Center provides a limited number of features. To use more features, we recommend that you purchase a paid edition of Security Center. For example, you can purchase a paid edition in the following scenarios:
Container runtimes are diagnosed by using Security Center. To enable this parameter, you must first purchase Security Center Advanced Edition or higher editions.
If you need to fix the OS Common Vulnerabilities and Exposures (CVEs) in node pools, you must purchase Security Center Enterprise Edition or higher.
For more information about the billing rules of Security Center, see Security Center billing overview.
Permission control
Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM together with the role-based access control (RBAC) provided by Kubernetes to manage the permissions on cloud resources and Kubernetes resources in your clusters. For more information, see Authorization.
RAM is provided free of charge. You can use RAM after your Alibaba Cloud account passes real-name verification.
Key management
You can use Key Management Service (KMS) to manage and encrypt Secrets in your clusters. For more information about the features of KMS, refer to the following topics:
KMS provides default keys for server-side encryption in Alibaba Cloud services free of charge. You can use the default keys without the need to purchase a KMS instance. If you want to increase the number of Customer Master Keys (CMKs), use Secrets Manager, or build an application-layer cryptographic solution for self-managed applications, you must purchase a KMS instance of the software or hardware key management type. For more information, see KMS billing.