All Products
Document Center

Container Service for Kubernetes:Overview of managed node pools

Last Updated:Jun 06, 2023

Container Service for Kubernetes (ACK) allows you to create managed node pools. Managed node pools can automate O&M tasks for specific nodes. For example, managed node pools can automatically patch high-risk Common Vulnerabilities and Exposures (CVE) vulnerabilities or fix specific anomalies. This improves the O&M efficiency. This topic introduces managed node pools and describes the use scenarios and features of managed node pools. It also compares regular node pools and managed node pools.

Table of contents

Usage notes

  • Managed node pools update nodes by replacing the system disks of the nodes. After the nodes are updated, the data stored on the previous system disks is deleted. The data disks that are mounted to the nodes are not affected. Do not use system disks to persist data.

  • Before a managed node pool replaces the system disk of a node, it disables and drains the node. This may restart the pods on the node and interrupt persistent connections.

  • When exceptions occur on a node in a managed node pool, the managed node pool may restart the node to fix the exceptions. This restarts the pods on the node.

  • To patch CVE vulnerabilities, you must activate Security Center and ensure a sufficient quota of servers that can be protected by Security Center. For more information, see Purchase Security Center.

  • We recommend that you enable the event center so that you can receive alert notifications about managed node pools. For more information about how to enable the event center, see Event monitoring.

  • We recommend that you install ack-node-problem-detector so that the system can identify node anomalies. For more information about ack-node-problem-detector, see ack-node-problem-detector.

Managed node pool diagram

Managed node pool

Use scenarios

  • Users focus on application development instead of the O&M of worker nodes.

  • These users require elasticity instead of immutability for workloads. The pods of their applications are insensitive to node changes and are tolerable to migrations.

Key features

  • You can create multiple managed node pools in a Container Service for Kubernetes (ACK) cluster.

  • Before a node is updated by replacing the system disk of the node, ACK runs the kubectl cordon command to change the node to the Unschedulable state. Then, ACK evicts the pods on the node. If the pods are not evicted within 15 minutes, ACK forcefully replaces the system disk.

  • A managed node pool monitors the status of nodes in the node pool. If the status is not reported from a node for more than 10 minutes or a node is in the NotReady state, ACK restarts the node to restore the workloads on the node.

Comparison between managed node pools and regular node pools

  • Regular node pool: You can use a regular node pool to manage a set of nodes that have the same configurations, such as specifications, labels, and taints. You can manually manage and maintain the nodes in a regular node pool.

  • Managed node pool: Managed node pools provide automated O&M features, such as automatic high-risk vulnerability patching and automatic node repair.


To change the type of a node pool, go to the Node Pools page, find the node pool that you want to manage, and then click Enable Managed Node Pool or Disable Managed Node Pool in the Actions column. Make sure that the node pool and the cluster run as expected before you change the type of the node pool.

The following table compares managed node pools and regular node pools.


Regular node pool

Managed Node Pool


Managed by users.

Partially managed by ACK.

O&M time window

No O&M time window needs to be set.

An O&M time window must be set. Managed node pools can run automated O&M tasks, such as high-risk CVE vulnerability patching, within the specified time window,

Node repair

Manually performed.

Automatically performed.

  • Managed node pools help simplify your O&M work. However, you may still need to manually fix some complex node issues. For more information about automatic node repair, see Auto repair of managed node pools.

  • If you want to disable the automated O&M feature for a managed node pool, go to the Cluster Information page, click the Basic Information tab, and then turn off Maintenance Window. For more information, see View cluster information.

CVE patching

Manually triggered.

Automatically triggered to patch high-risk vulnerabilities.


CVE patching is an advanced feature provided by Security Center. To use CVE patching, you must purchase Security Center Enterprise Edition or higher. ACK does not charge additional fees. For more information, see Vulnerability patching.

Component update

Manually performed.

Automatically performed.

Minor kubelet version update

Manually performed.

Automatically performed.

Instant ContainerOS scale-out

Not supported.


If you use ContainerOS to add 1,000 nodes in a cluster, it requires only 53 seconds to initialize 90% of the nodes. If you use CentOS to add 1,000 nodes in a cluster, it requires 330 seconds to initialize 90% of the nodes. Therefore, ContainerOS is more efficient than CentOS.


ContainerOS is an operating system that Alibaba Cloud provides for containerized development. ContainerOS is fully compatible with Kubernetes. For more information about ContainerOS, see ContainerOS overview.

Operating systems

The following operating systems are supported:

  • Alibaba Cloud Linux

  • CentOS

  • Windows

The following operating systems are supported:

  • Alibaba Cloud Linux

  • CentOS