View, install, upgrade, and configure cluster components across networking, storage, security, and more.
Prerequisites
Before you begin, ensure that you have:
Manage components
-
Log on to the ACK console. In the left-side navigation pane, click Clusters.
-
On the Clusters page, click the target cluster name. In the left-side navigation pane, click Add-ons.
-
On the Add-ons page, find the target component and install, uninstall, upgrade, or configure parameters as needed.
Only selected control plane core components support parameter customization on ACK Pro (managed, serverless, or Edge) and ACK Lingjun clusters.
Component types
ACK components fall into two types:
-
System components: Installed by default when you create an ACK cluster.
-
Add-ons : Available to install when creating an ACK cluster to extend cluster capabilities.
Component catalog
Core components
| Component | Type | Description |
|---|---|---|
| Kube Scheduler | System component | Schedules pods to nodes based on resource usage and scheduling requirements. |
| Cloud Controller Manager | System component | Manages cross-node load balancing. Integrates with Alibaba Cloud networking services including CLB, NLB, and VPC. |
| Kube API server | System component | The bus and ingress gateway for Kubernetes clusters. |
| Kube Controller Manager | System component | The manager for internal resources in Kubernetes clusters. |
| ACK Virtual Node | Add-on | Extends Virtual Kubelet with Aliyun Provider to connect Kubernetes with ACS and ECI. |
Application management
| Component | Type | Description |
|---|---|---|
| Appcenter (Deprecated) | Add-on | Manages multi-cluster application deployment and lifecycle. Use application distribution in ACK One instead. |
| ack-kruise | Add-on | Manages application containers, sidecar containers, and image distribution. |
| migrate-controller | Add-on | Backs up and migrates Kubernetes applications and PV data using Velero. |
Logging and monitoring
| Component | Type | Description |
|---|---|---|
| alicloud-monitor-controller | System component | Integrates ACK with Cloud Monitor. |
| metrics-server | System component | Enhanced metrics collector based on the community project. Provides Metrics API and enables HPA (Horizontal Pod Autoscaler). |
| ack-cost-exporter | Add-on | Processes data for ACK cost analysis. |
| ack-node-problem-detector | Add-on | Enhanced node anomaly monitoring based on the community project. Integrates with third-party monitoring platforms. |
| ack-onepilot | Add-on | ARMS probe assistant for Kubernetes. Monitors Java, Golang, and Python applications in containers. |
| ack-sysom-monitor | Add-on | Monitors the OS kernel layer in ACK clusters. |
| ack-arms-cmonitor | Add-on | Non-invasively monitors containerized applications using ARMS eBPF. |
| ack-arms-prometheus | Add-on | Monitors ACK clusters using Alibaba Cloud Prometheus. |
| logtail-ds | Add-on | Uses Simple Log Service (SLS) to collect Kubernetes container logs. |
Storage
| Component | Type | Description |
|---|---|---|
| storage-operator | System component | Manages the lifecycle of storage components. |
| csi-plugin | Add-on | Mounts and unmounts volumes. Installed by default. |
| csi-provisioner | Add-on | Automatically creates volumes. Installed by default with the CSI plug-in. |
| csi-compatible-controller | Add-on | Allows csi-plugin and FlexVolume storage components to coexist. |
Networking
| Component | Type | Description |
|---|---|---|
| CoreDNS | System component | Default DNS service discovery plug-in. Complies with the Kubernetes DNS-Based Service Discovery specification. |
| Gateway API | System component | Kubernetes resources for modeling service network traffic with an extensible, role-oriented networking model. |
| ACK eRDMA Controller | Add-on | Manages eRDMA network interface controllers (NICs). |
| ACK NodeLocal DNSCache | Add-on | DNS local cache based on the open-source NodeLocal DNSCache project. |
| ALB Ingress Controller | Add-on | Advanced Ingress traffic management based on Application Load Balancer (ALB), compatible with Nginx Ingress. Supports HTTP, HTTPS, and QUIC for large-scale Layer 7 traffic. |
| MSE Ingress Controller | Add-on | Based on the MSE cloud-native gateway, suited for microservice scenarios. Compatible with Nginx Ingress and supports phased release, prefetch, and rate limiting. |
| Terway | Add-on | Alibaba Cloud's open-source CNI plug-in. Supports eBPF acceleration and Kubernetes NetworkPolicy. Installed by default when Terway is selected during cluster creation. In other scenarios, install Terway for NetworkPolicy support. |
| Flannel | Add-on | CNI plug-in using Alibaba Cloud VPC network mode. Installed by default when Flannel is selected during cluster creation. |
| Nginx Ingress Controller | Add-on | Parses Ingress rules and routes requests to backend Services. |
| Poseidon | Add-on | ACK's NetworkPolicy plug-in. Install for NetworkPolicy support in ACK serverless clusters and ECI scenarios. |
| Sidecar Acceleration using eBPF | Add-on | Reduces network latency in Alibaba Cloud Service Mesh (ASM) with sidecar acceleration. |
| Gateway with Inference Extension | Add-on | Built on Envoy Gateway. Supports Layer 4/Layer 7 routing with intelligent load balancing for large language model (LLM) inference. |
Security
| Component | Type | Description |
|---|---|---|
| ack-advanced-audit | Add-on | Uses eBPF-based Falco to audit system calls and commands executed within containers. |
| ack-pod-identity-webhook | Add-on | Simplifies RRSA by auto-injecting OIDC tokens and environment variables into application pods. |
| ack-ram-authenticator | System component | Authenticates API server requests via RAM using Webhook Token Authentication. Provides RAM-to-RBAC identity mappings as CRDs. |
| gatekeeper | Add-on | Manages OPA (Open Policy Agent) policies within clusters for features such as namespace label management. |
| kritis-validation-hook | Add-on | Validates container image signatures during trusted container deployment. |
| aliyun-acr-credential-helper | Add-on | Pulls private images using acr-configuration in kube-system. Supports ACR Enterprise Edition and ACR Personal Edition created on or before September 8, 2024, cross-account authorization, AccessKey configuration, and cross-region image pulls. |
| policy-template-controller | Add-on | Implements policy management features. |
| security-inspector | Add-on | Enables the security inspection feature. |
Elasticity and scheduling
| Component | Type | Description |
|---|---|---|
| ACK GOATScaler | Add-on | Provides instant node elasticity. |
| ack-kubernetes-cronhpa-controller | Add-on | Enables scheduled (cron-based) scaling for application workloads. |
| ack-vertical-pod-autoscaler | Add-on | Monitors pod resource consumption and provides CPU and memory recommendations. Adjusts resource allocation without changing the replica count, suited for stateful applications. |
| AHPA Controller | Add-on | Predicts the number of pods an application needs based on historical metrics, using proactive and reactive prediction to scale resources at the earliest opportunity. Supports max/min pod policies per time period. |
| ack-koordinator (ack-slo-manager) | Add-on | Supports differentiated SLO (Service Level Objective) capabilities in ACK, improving resource utilization while maintaining application service quality. |
Others
| Component | Type | Description |
|---|---|---|
| ack-helm-manager | Add-on | Provides management for custom components. |
| ack-cgpu | Add-on | Enables GPU sharing across multiple containers. |
| Argo Workflows | Add-on | Enhanced Argo Workflows with stability and performance improvements. Supports large-scale workflows for scenarios such as machine learning pipelines, autonomous driving simulation, genome sequencing, batch processing, CI/CD, and infrastructure automation. |
| aliyun-acr-acceleration-suite | Add-on | Client plug-in for on-demand image loading acceleration. Deployed as a DaemonSet on worker nodes. |
| sandboxed-container-controller | Add-on | Enhances and extends sandboxed container runtime features. |
| sandboxed-container-helper | Add-on | Provides diagnostics and O&M for sandboxed containers. |
| sgx-device-plugin | Add-on | Kubernetes device plug-in for Intel SGX, jointly developed by Alibaba Cloud and Ant Financial. |