ACK provides components across categories including application management, log monitoring, networking, security, and elasticity to help you manage and maintain clusters. ACK automatically upgrades some components; you can manually upgrade others or configure them with finer granularity as needed.
Prerequisites
Before you begin, ensure that you have:
Manage components
-
Log on to the ACK console. In the left navigation pane, click ACK consoleClusters.
-
On the Clusters page, click the name of the target cluster. In the left navigation pane, click Add-ons.
-
On the Add-ons page, search for the target component. On the component card, install, uninstall, upgrade, or modify component parameters as needed.
Parameter customization for select control plane core components is supported only on ACK managed cluster Pro Edition, ACK serverless cluster Pro Edition, ACK Edge cluster Pro Edition, and ACK LINGJUN Cluster.
Component types
ACK components fall into two types:
-
System components: Installed by default when you create an ACK cluster.
-
Optional components: Available to install when creating an ACK cluster to extend cluster capabilities.
Component catalog
Core components
| Component | Type | Description |
|---|---|---|
| Kube Scheduler | System component | A control plane component that schedules pods to appropriate nodes based on node resource usage and pod scheduling requirements. |
| Cloud Controller Manager | System component | Manages load balancing for cross-node communication in Kubernetes clusters. Integrates Kubernetes with Alibaba Cloud networking services, including CLB, NLB, and VPC. |
| Kube API server | System component | The bus and ingress gateway for Kubernetes clusters. |
| Kube Controller Manager | System component | The manager for internal resources in Kubernetes clusters. |
| ACK Virtual Node | Optional component | Based on the open-source Virtual Kubelet project, extends support for Aliyun Provider and connects Kubernetes with ACS and ECI. |
Application management
| Component | Type | Description |
|---|---|---|
| Appcenter (Deprecated) | Optional component | Provides unified management for multi-cluster application deployment and lifecycle. Use the application distribution feature of Distributed Cloud Container Platform ACK One instead. |
| ack-kruise | Optional component | Manages application containers, sidecar containers, and image distribution. |
| migrate-controller | Optional component | Based on the open-source Velero project, backs up and migrates Kubernetes applications and PV data. |
Log monitoring
| Component | Type | Description |
|---|---|---|
| alicloud-monitor-controller | System component | Integrates ACK with Cloud Monitor. |
| metrics-server | System component | An enhanced monitoring collection component based on the community open-source project. Provides a Metrics API for data consumption and enables HPA (Horizontal Pod Autoscaler). |
| ack-cost-exporter | Optional component | Processes data for ACK cost analysis. |
| ack-node-problem-detector | Optional component | An enhanced node anomaly monitoring component based on the community open-source project. Integrates with third-party monitoring platforms. |
| ack-onepilot | Optional component | An ARMS probe access assistant for Kubernetes application integration. Monitors Java, Golang, and Python applications in container environments. |
| ack-sysom-monitor | Optional component | Monitors the OS kernel layer in ACK clusters. |
| ack-arms-cmonitor | Optional component | Uses the eBPF edition of ARMS Application Monitoring to non-invasively monitor containerized applications. |
| ack-arms-prometheus | Optional component | Uses Alibaba Cloud Prometheus to monitor Container Service for Kubernetes clusters. |
| logtail-ds | Optional component | Uses Simple Log Service (SLS) to collect Kubernetes container logs. |
Storage
| Component | Type | Description |
|---|---|---|
| storage-operator | System component | Manages the lifecycle of storage components. |
| csi-plugin | Optional component | Supports mounting and unmounting volumes. Installed by default when you create a cluster. |
| csi-provisioner | Optional component | Supports automatic volume creation. Installed by default if you select the CSI plug-in when creating a cluster. |
| csi-compatible-controller | Optional component | Allows csi-plugin and FlexVolume storage components to coexist. |
Networking
| Component | Type | Description |
|---|---|---|
| CoreDNS | System component | The default DNS service discovery plug-in in ACK clusters. Complies with the Kubernetes DNS-Based Service Discovery specification. |
| Gateway API | System component | A set of Kubernetes resources for modeling service network traffic, providing an extensible and role-oriented service networking model. |
| ACK eRDMA Controller | Optional component | Manages eRDMA network interface controllers (NICs). |
| ACK NodeLocal DNSCache | Optional component | A DNS local caching solution based on the open-source NodeLocal DNSCache project. |
| ALB Ingress Controller | Optional component | Based on Alibaba Cloud Application Load Balancer (ALB), provides advanced Ingress traffic management compatible with Nginx Ingress. Supports HTTP, HTTPS, and QUIC protocols for large-scale Layer 7 traffic in cloud-native scenarios. |
| MSE Ingress Controller | Optional component | Based on the MSE cloud-native gateway, suited for microservice scenarios. Compatible with Nginx Ingress and supports phased release, prefetch, and rate limiting. |
| Terway | Optional component | Alibaba Cloud's open-source CNI (Container Network Interface) plug-in. Supports eBPF network acceleration and Kubernetes standard NetworkPolicy. Installed by default if you select Terway when creating a cluster. For other ACK cluster scenarios, install Terway to use the NetworkPolicy feature. |
| Flannel | Optional component | A CNI plug-in that uses the Alibaba Cloud VPC network mode. Installed by default if you select Flannel when creating a cluster. |
| Nginx Ingress Controller | Optional component | Parses Ingress forwarding rules and forwards incoming requests to the appropriate backend Service. |
| Poseidon | Optional component | ACK's self-developed NetworkPolicy plug-in that supports Kubernetes standard NetworkPolicy. For ACK serverless clusters and scenarios using ECI instances, install Poseidon to use the NetworkPolicy feature. |
| Sidecar Acceleration using eBPF | Optional component | Reduces network latency in Alibaba Cloud Service Mesh using sidecar acceleration. |
| Gateway with Inference Extension | Optional component | Built on the open-source Envoy Gateway project, supports Kubernetes Layer 4/Layer 7 routing and provides intelligent load balancing for AI large language model (LLM) inference scenarios. |
Security
| Component | Type | Description |
|---|---|---|
| ack-advanced-audit | Optional component | Based on the open-source Falco project, uses eBPF to audit system calls for operations within containers, letting you audit commands executed by team members or applications inside a container. |
| ack-pod-identity-webhook | Optional component | Simplifies use of the RRSA (RAM Roles for Service Accounts) feature by automatically injecting OIDC tokens and environment variable configurations into application pods. |
| ack-ram-authenticator | System component | An authentication plugin for ACK managed clusters. Uses Kubernetes Webhook Token Authentication to authenticate API server requests via RAM, and provides RAM-to-RBAC identity mappings as CRDs (Custom Resource Definitions). |
| gatekeeper | Optional component | Manages and applies OPA (Open Policy Agent) policies within clusters, enabling features such as namespace label management. |
| kritis-validation-hook | Optional component | Validates container image signatures during trusted container deployment. |
| aliyun-acr-credential-helper | Optional component | Pulls private images by reading the acr-configuration in the kube-system namespace. Supports ACR Enterprise Edition and ACR Personal Edition created on or before September 8, 2024, cross-account authorization or AccessKey ID and AccessKey secret configurations, and pulling images from Container Registry across different regions. |
| policy-template-controller | Optional component | Implements policy management features. |
| security-inspector | Optional component | Enables the security inspection feature. |
Elasticity and scheduling
| Component | Type | Description |
|---|---|---|
| ACK GOATScaler | Optional component | Provides instant node elasticity. |
| ack-kubernetes-cronhpa-controller | Optional component | Enables scheduled (cron-based) scaling for application workloads. |
| ack-vertical-pod-autoscaler | Optional component | Monitors pod resource consumption and provides CPU and memory recommendations. Adjusts resource allocation without changing the replica count, suited for stateful applications. |
| AHPA Controller | Optional component | Predicts the number of pods an application needs based on historical metrics, using proactive and reactive prediction to scale resources at the earliest opportunity. Supports max/min pod policies per time period. |
| ack-koordinator (ack-slo-manager) | Optional component | Supports differentiated SLO (Service Level Objective) capabilities in ACK, improving resource utilization while maintaining application service quality. |
Others
| Component | Type | Description |
|---|---|---|
| ack-helm-manager | Optional component | Provides management for custom components. |
| ack-cgpu | Optional component | Enables multiple containers to share a single GPU device through a GPU sharing scheduling framework. |
| Argo Workflows | Optional component | Built on native Argo Workflows with stability and performance enhancements. Supports large-scale workflow deployment for scenarios such as machine learning pipelines, autonomous driving simulation, genome sequencing, batch data processing, CI/CD, and infrastructure automation. |
| aliyun-acr-acceleration-suite | Optional component | A client plug-in for on-demand container image loading acceleration. Deployed as a DaemonSet on worker nodes. |
| sandboxed-container-controller | Optional component | A dedicated controller for the sandboxed container runtime that enhances and extends sandboxed container features. |
| sandboxed-container-helper | Optional component | Provides diagnostics and O&M for sandboxed containers. |
| sgx-device-plugin | Optional component | A Kubernetes device plugin jointly developed by Alibaba Cloud Container Service and Ant Financial for Intel SGX, enabling SGX use in containers. |