When you run ACK managed clusters or ACK dedicated clusters, you pay for more than the cluster itself. The ECS instances serving as nodes, the load balancers fronting your API server, and every other Alibaba Cloud service your cluster depends on are billed independently under their own pricing rules.
The following diagram shows the cloud services associated with ACK managed clusters and ACK dedicated clusters.
The diagram shows common associated services for reference. The actual services you activate and their costs depend on your configuration. To view your bills, see Query bills.
Control plane costs: managed vs. dedicated
The cluster type you choose directly affects control plane costs:
| Cluster type | Control plane management | Control plane ECS charges |
|---|---|---|
| ACK managed cluster | Managed by ACK | None — no ECS fees for master nodes |
| ACK dedicated cluster | Managed by you | Charged — you specify the number and billing method of master node ECS instances at cluster creation |
Compute resources
ECS nodes
Each node in an ACK cluster maps to one Elastic Compute Service (ECS) instance, billed under ECS billing rules.
Billable items
An ECS instance is billed for its instance type, image, and Elastic Block Storage (EBS) resources — resulting in an instance type fee and a cloud disk fee. Use the price calculator to estimate costs before purchasing.
Billing methods
ECS instances support two billing methods:
-
Subscription: Pay upfront for a fixed term. Renew before the instance expires to avoid service disruption. See Renew a subscription ECS instance.
-
Pay-as-you-go: Pay for actual usage. ECS instances added through node scaling use pay-as-you-go by default.
To switch between billing methods, see Change from subscription to pay-as-you-go and Change the billing method from pay-as-you-go to subscription.
When changing from pay-as-you-go to subscription, do not select Switch to Subscription in the Data Disk section. Doing so prevents workloads on the instance from restarting. For details, see Why do applications fail to restart after I change the billing method of a data disk mounted to an ECS instance from pay-as-you-go to subscription?
If you change the billing method of a node pool, newly added ECS instances from scale-out use the node pool's billing method. To update it, see Modify a node pool.
Reduce ECS costs
To reduce ECS resource costs, use savings plans and preemptible instances.
To unsubscribe from subscription ECS resources and request a refund, see Unsubscription policy.
Auto scaling
ACK uses Auto Scaling (ESS) to automatically add or remove ECS nodes based on workload demand. ESS itself is free — you pay only for the ECS instances it provisions. See Auto Scaling billing overview.
Virtual nodes
Virtual nodes let you run pods backed by Elastic Container Instance (ECI) or Container Compute Service (ACS) resources, without provisioning ECS instances. Charges apply to the pod resources consumed.
-
ECI-based pods: See Virtual nodes and Billing overview of Elastic Container Instance.
-
ACS pods: See Use the computing power of ACS in ACK Pro clusters and ACS billing overview.
Network resources
VPC
Virtual Private Cloud (VPC) provides the network foundation for your cluster. Creating VPCs and vSwitches is free. You are charged only when you use advanced features such as VPC peering connections, traffic mirroring, and flow logs. See VPC billing overview.
Internet access
Internet access is disabled by default for ACK clusters. To enable it — for example, to pull container images from the internet — you need the following cloud services.
| Service | Purpose | Billing |
|---|---|---|
| NAT Gateway | Provides SNAT and DNAT for cluster-to-internet and internet-to-pod traffic. See Enable an existing ACK cluster to access the Internet and Configure DNAT to expose a pod. | NAT Gateway billing and EIP billing overview — Internet NAT gateways require EIPs, so both are charged. |
| Elastic IP Address (EIP) | Required to expose the API server to the internet, bind an EIP to a pod, or attach an EIP to an Internet NAT gateway. See Expose the API server to the Internet, Attach an independent EIP to a pod, and Associate an EIP with the elastic container instance on which a Knative Service runs. | EIP billing overview |
Load balancers
ACK clusters use Server Load Balancer (SLB) instances in several scenarios. Some are created automatically during cluster setup; others are created when you configure specific features.
| Scenario | Usage notes | Billing |
|---|---|---|
| Create and associate a Classic Load Balancer (CLB) instance with the API server of an ACK cluster | When you create an ACK cluster, you must create a CLB instance and associate the instance with the API server of the cluster. See Create an ACK managed cluster and Create an ACK dedicated cluster (discontinued). | CLB billing |
| Create LoadBalancer Services | When you create LoadBalancer Services to expose applications, you must create CLB instances or Network Load Balancer (NLB) instances for the LoadBalancer Services. See Use an existing Server Load Balancer instance to expose an application and Use an automatically created SLB instance to expose an application. | CLB billing and NLB billing |
| Use ALB Ingresses | When you use ALB Ingresses, you must associate Application Load Balancer (ALB) instances with the ALB Ingresses. See ALB Ingress management. | ALB billing overview |
Other network services
| Service | Usage | Billing |
|---|---|---|
| Microservices Engine (MSE) | MSE cloud-native gateways are automatically created when you use MSE Ingresses for load balancing. See MSE Ingress management . | Billing overview of common instances |
| Service Mesh (ASM) | Integrates applications deployed in ACK with ASM for service mesh capabilities. See ASM. | ASM billing — charged per ASM instance edition, plus associated cloud resources |
Container image management
Container Registry (ACR) stores and distributes container images and Helm charts that meet Open Container Initiative (OCI) standards. When you deploy workloads, ACK pulls images from ACR. ACR is available in Personal Edition and Enterprise Edition. See Container Registry billing rules.
Storage resources
ACK provides container storage through the Container Storage Interface (CSI) plug-in, backed by Alibaba Cloud storage services. You are charged for the storage resources your workloads consume.
| Service | Best for | Billing |
|---|---|---|
| Elastic Block Storage (EBS) | High-IOPS, low-latency workloads that don't require data sharing — backed by distributed multi-replica cloud disks. See Disk volumes. | EBS billing |
| File Storage NAS | Shared file access across pods, using NFS (Network File System) protocol. See NAS volumes. | NAS billing overview |
| Object Storage Service (OSS) | Large-scale storage of infrequently modified data such as images, audio, and video. See OSS volumes. | OSS billing overview |
Observability
Logging
Simple Log Service (SLS) collects logs from the control plane, nodes, applications, and containers. SLS uses pay-as-you-go billing — you pay per billable item consumed. Purchase resource plans to offset fees. See Simple Log Service billing overview and Logging management.
Monitoring
ACK supports four monitoring types: basic monitoring, event monitoring, application monitoring, and Prometheus monitoring.
| Service | Usage | Billing |
|---|---|---|
| Managed Service for Prometheus | Real-time cluster and container monitoring with Grafana dashboards. See Connect to and configure Managed Service for Prometheus. | Billing for Managed Service for Prometheus, Billing description, and Container Monitoring billing |
| Application Real-Time Monitoring Service (ARMS) Application Monitoring | All-around application performance monitoring. See Application monitoring. | Billing for ARMS Application Monitoring |
| Cloud Monitor (CMS) | Node and application status monitoring, with alerting on container metrics. See \[Discontinued\] Basic resource monitoring. | Billing overview |
Security
Container security
Security Center monitors application runtimes in ACK clusters and alerts on anomalies. It also provides baseline checks and vulnerability fixing features. See Use security monitoring.
The Basic edition is free but limited. Purchase a paid edition in these scenarios:
-
Container runtime diagnostics: Requires Security Center Advanced Edition or higher.
-
OS CVE fixing in node pools: Requires Security Center Enterprise Edition or higher.
Permission control
Resource Access Management (RAM) works alongside Kubernetes role-based access control (RBAC) to manage permissions on both cloud resources and Kubernetes resources in your clusters. See Authorization.
RAM is free. It requires your Alibaba Cloud account to complete real-name verification.
Key management
Key Management Service (KMS) manages and encrypts Kubernetes Secrets in your clusters. See Guidelines for importing secrets from KMS for applications and Use KMS to encrypt Kubernetes Secrets.
Default keys for server-side encryption in Alibaba Cloud services are free — no KMS instance required. Purchase a KMS instance (software or hardware key management type) if you need to:
-
Increase the number of Customer Master Keys (CMKs)
-
Use Secrets Manager
-
Build an application-layer cryptographic solution for self-managed applications
See KMS billing.