Container Service for Kubernetes (ACK) is a managed service that helps manage containers to ensure high performance. It is one of the first container services that pass the Certified Kubernetes Conformance Program in the world. You can use ACK to manage the lifecycle of enterprise-level Kubernetes containerized applications. This allows you to run Kubernetes containerized applications on the cloud in an efficient and simple manner.
ACK cluster types
ACK provides the following types of clusters: ACK managed clusters and ACK dedicated clusters. ACK managed clusters include ACK Basic clusters and ACK Pro clusters. The following table describes the differences between the two cluster types.
Item | ACK dedicated cluster | ACK managed cluster |
Cluster and node management | You are required to create and manage master nodes and worker nodes. | You need to create only worker nodes. ACK creates and manages master nodes. |
You have full and fine-grained control over the cluster infrastructure, but you need to plan and manage the clusters and update nodes. | ACK manages the master nodes and provides a simple, cost-effective, and highly available solution. | |
Billing methods | You are not charged for cluster management. However, you are charged for the resources used to create the master nodes, worker nodes, and other basic resources. |
|
Usage scenarios | All scenarios in which Kubernetes is used | All scenarios in which Kubernetes is used |
User profile |
|
|
Architecture of ACK managed clusters
ACK manages the control planes of ACK managed clusters to provide stable, high-availability, high-performance, and secure Kubernetes services. The managed components include kube-apiserver, kube-controller-manager, kube-scheduler, and etcd. The control plane of each ACK managed cluster contains at least two kube-apiserver components and three etcd components, which are deployed in different zones to ensure zone-level high availability. ACK actively monitors the status of the control planes, installs vulnerability patches, and offers a service level agreement (SLA) for the control planes.
Core features
Cluster management
Cluster creation: You can create various types of clusters based on your business requirements. ACK allows you to customize cluster configurations and select Elastic Compute Service (ECS) instances of different types as worker nodes. For more information, see Create an ACK managed cluster and Create an ACK dedicated cluster.
Cluster upgrade: You can upgrade the Kubernetes version of your clusters manually or automatically. ACK allows you to update your system components in a centralized manner. For more information, see Manually upgrade ACK clusters and Automatically upgrade a cluster.
Auto scaling: You can vertically scale your clusters directly in the console to respond to unexpected business fluctuations. You can also configure service-level affinity rules and horizontal scaling settings for your business.
Scheduling: ACK supports hybrid scheduling of different elastic resources, fine-grained scheduling of heterogeneous resources, and scheduling of batch computing tasks. This helps improve the performance of applications and the overall resource utilization for clusters.
Multi-cluster management: You can register clusters that are deployed in data centers and clusters in multiple clouds or regions in a centralized manner.
Permission management: ACK integrates Resource Access Management (RAM) and role-based access control (RBAC) for permission management.
Node pools
ACK enables full lifecycle management for node pools and allows you to customize the configurations of each node pool in a cluster. For example, you can configure the vSwitches, container runtime, operating system, and security groups for a node pool based on your business requirements. For more information, see Node pool overview.
Application management
Application creation: You can create various types of applications from images or templates. ACK allows you to customize application configurations, such as environment variables, health checks, disk mounting, and logging.
Lifecycle management: You can use ACK to manage the lifecycle of applications. For example, you can view, update, replace, and delete applications, roll back application versions, view application events, perform rolling updates, and use triggers to redeploy applications.
Pod scheduling: ACK supports pod scheduling based on pod affinity, node affinity, and pod anti-affinity.
Pod scaling: You can manually scale pods or automate pod scaling by using the Horizontal Pod Autoscaler (HPA).
Application release: ACK supports canary releases and blue-green deployments. You can use these features to better manage the application release lifecycle.
Application catalog: ACK provides the application catalog feature to facilitate application deployment and cloud service integration.
Application center: The application center provides a unified management panel for you to deploy your applications and monitor the topology of your applications. You can use the application center to implement unified version management and rollback in continuous deployment scenarios.
Application backup and recovery: You can back up applications and restore applications from backup data. For more information, see Back up and restore applications in an ACK cluster.
Knative: Knative is a Kubernetes-based serverless framework. After you deploy Knative components, you can use Knative to manage services and drive events.
Volumes
The Container Storage Interface (CSI) plug-in is supported. For more information, see CSI overview.
Operations on volumes and persistent volume claims (PVCs):
You can create block storage volumes, Apsara File Storage NAS (NAS) volumes, and Object Storage Service (OSS) volumes.
You can mount a volume to a PVC.
You can dynamically create and migrate volumes.
You can view and update volumes and PVCs by running scripts.
Networks
You can create container networks by using the Flannel or Terway plug-in. For more information, see Network overview.
You can specify CIDR blocks for services and pods.
You can use the network policy feature of ACK to control access to specific applications. For more information, see Use network policies in ACK clusters.
You can use ingresses for traffic routing. For more information, see Ingress management.
You can implement DNS-based service discovery. For more information, see DNS overview.
GPU
ACK allows you to schedule, manage, and maintain various heterogeneous computing resources in a centralized manner. This significantly improves the utilization of GPU resources in ACK clusters for heterogeneous computing. For more information, see Overview.
O&M and security
Monitoring: ACK integrates Managed Service for Prometheus (Prometheus) to monitor clusters, nodes, applications, and pods.
Logging: ACK integrates Simple Log Service to collect and store logs of clusters and containers.
Alerting: ACK supports alerting based on cluster events and container metrics. For more information, see Alert management.
Cluster inspections and diagnostics
Cluster check: You can use this feature to check whether your ACK cluster meets the requirements before you perform an operation such as upgrading or migrating a cluster.
Cluster inspection: You can use this feature to view the status of ACK clusters and identify potential risks in the clusters, such as insufficient quotas of cloud resources or high usage of key resources in ACK clusters. You can troubleshoot the risks and fix the issues based on the recommended solutions.
Cluster diagnostics: You can use this feature to diagnose nodes, pods, Services, Ingresses, memory, and networks with a few clicks to identify issues in your ACK clusters.
Cost analysis: ACK visualizes the resource usage and cost distribution of your clusters and improves resource utilization.
Security center: ACK actively inspects your applications for security risks and provides security policies for runtime monitoring and alerting.
Sandboxed-Container: Sandboxed-Container is a container runtime developed by ACK to enhance container security. You can use Sandboxed-Container to run an application in a sandboxed and lightweight VM, which has a dedicated kernel. Sandboxed-Container is suitable for isolating untrusted applications, unhealthy applications, low-performance applications, and workloads among users.
TEE-based confidential computing: ACK provides a cloud-native, all-in-one solution for confidential computing based on Intel Software Guard Extensions (Intel SGX). This solution ensures data security, integrity, and confidentiality when you develop, manage, and deliver trusted applications and confidential computing tasks. The confidential computing capabilities provided by ACK allow you to isolate sensitive data and code by using a trusted execution environment.
Service architecture
The following figure shows the architecture of ACK.
Container Registry provides secure hosting and lifecycle management for cloud-native assets. Container Registry is seamlessly integrated with ACK to provide an all-in-one solution for image distribution in cloud-native scenarios.
Service Mesh (ASM) is a managed service mesh platform for centralized traffic management of applications that use the microservices architecture. ASM is compatible with open source Istio and supports multi-cluster traffic management. ASM also allows you to manage communication among containerized applications and applications that run on VMs in a centralized manner.
ACK Serverless is a serverless Kubernetes service provided by Alibaba Cloud based on the elastic computing architecture. ACK Serverless allows you to create containerized Kubernetes applications without the need to manage or maintain clusters.
ACK Edge is a container service based on the standard Kubernetes runtime environment. It coordinates application delivery and O&M among the cloud, edge, and terminal. This service also enhances node autonomy at the edge.
Distributed Cloud Container Platform for Kubernetes (ACK One) is an enterprise-class cloud-native container platform that is developed by Alibaba Cloud to meet container management requirements in hybrid cloud, multi-cluster, distributed computing, and disaster recovery scenarios. You can register third-party and self-managed Kubernetes clusters that are deployed in all regions or on all types of infrastructure with ACK One. ACK One is compatible with the APIs of open source Kubernetes. This allows you to manage and maintain computing resources, networks, storage, security, monitoring data, logs, jobs, applications, and traffic in a centralized manner.
The cloud-native AI suite is used to orchestrate and manage AI-related tasks and to schedule and maintain various heterogeneous resources in containerized environments. The component set can significantly accelerate the delivery of AI projects and improve the resource utilization for clusters that consist of heterogeneous computing resources. ACK provides multiple components, extensions, and customizable configurations to support cloud-native AI capabilities.
ACK Lingjun managed clusters are developed based on ACK, which provide standard Kubernetes services with fully-managed and highly-available control planes. ACK Lingjun managed clusters allow you to use Intelligent Computing Lingjun nodes as the worker nodes of Kubernetes clusters.
Alibaba Cloud services that work with ACK
You can use ACK clusters to create resources such as ECS instances, networks, and storage resources for your applications. You can create a bundle of Alibaba Cloud services that involve the least services based on the information in the following figure to obtain technical support in cloud-native system development, security compliance, microservices, observability, storage, computing, and networks. The technical support can help you better develop and maintain your ACK clusters.
We recommend that you use the observability services provided by Alibaba Cloud, including logging and monitoring services. You can use these observability services to monitor your ACK clusters, including infrastructure resources, containers, application performance, and services.
The following table describes the cloud services that are listed in the preceding figure.
Category | Description |
Computing | ECS, Elastic Bare Metal, and Elastic GPU Service: provide worker nodes for node pools. |
Elastic Container Instance: provides elastic container instances for ACK Serverless clusters. | |
Auto Scaling: supports the configurations and auto scaling of node pools. | |
Networking | Virtual Private Cloud (VPC): provides private networks for clusters. |
Server Load Balancer (SLB): includes Application Load Balancer (ALB), Network Load Balancer (NLB), and Classic Load Balancer (CLB), exposes the Kubernetes API server and applications. | |
NAT Gateway: provides IP address translation services for the cluster so that node pools in the cluster can access the Internet. | |
Elastic IP Address (EIP): provides public IP addresses for individual nodes to communicate with the Internet. | |
Storage | Elastic Block Storage (EBS): provides data disks that you can mount to worker nodes to expand storage. |
NAS: provides file storage for your workloads. | |
OSS: provides shared storage for your workloads. | |
Cloud Parallel File Storage (CPFS): provides shared storage for your workloads. | |
Security | RAM: a permission management service that can work with RBAC. |
Security Center: detects security risks for containers. | |
Key Management Service (KMS): provides encryption for secrets in your ACK clusters. | |
Observability | Prometheus: provides Prometheus monitoring services for your ACK clusters and monitors the topology of your clusters. |
Simple Log Service: collects and stores ACK cluster logs. | |
Cloud-native assets | Container Registry: provides image repositories for container images. |
Others | Resource Orchestration Service (ROS): uses templates to facilitate resource orchestration. |
References
References | Description |
Benefits | ACK provides various and powerful capabilities for cluster management, resource scaling, all-in-one container management, and security compliance. For more information, see Benefits. |
Billing | You are charged for cluster management, node management, and related cloud resources when you use ACK clusters. For more information, see Billing. |
Getting Started | You can get started with ACK. For example, you can use ACK to deploy a magic cube game and deploy stateless applications. For more information, see Getting Started. |
User Guide | You can refer to the user guide of ACK to use resources and capabilities of ACK, such as clusters, nodes, node pools, networks, applications, Knative, storage, observability, cost management suite, and auto scaling. For more information, see User Guide. |
Best Practices | You can refer to the best practices of ACK in different scenarios to use resources and capabilities of ACK, such as clusters, nodes, node pools, networks, applications, Knative, storage, observability, cost management suite, and auto scaling. For more information, see Best Practices. |
Developer Reference | In addition to the ACK console and kubectl, you can access ACK by using APIs, SDKs, CLI, and Terraform. For more information, see Developer Reference. |
Learning materials |