Quotas and limits on ACK - Container Service for Kubernetes

This topic describes the quotas and limits on using Container Service for Kubernetes (ACK), including cloud service and cluster configuration limits, individual cluster capacity limits, cluster quotas, and dependent cloud service quotas.

Limits

Cloud service and cluster configuration limits

Before you activate ACK and when you use ACK clusters, take note of the following limits.Container Service for Kubernetes

Limit	Description
Account authentication	You need to complete real-name verification and activate ACK before you can create ACK clusters. For more information, see Quick start for first-time users.
Cluster configurations	After you create an ACK cluster, you cannot modify the following cluster configurations. You cannot change the virtual private cloud (VPC) of the cluster. You cannot change the cluster type. For example, you cannot directly change the cluster type from ACK dedicated cluster to ACK managed cluster. Hot migration from ACK basic clusters to ACK Pro clusters is supported. You cannot change the cluster edition. For example, you cannot change the cluster edition from ACK Pro cluster to ACK Basic cluster. Hot migration from ACK basic clusters to ACK Pro clusters is supported. You cannot switch between the Terway and Flannel network plug-ins.
ECS instance (node instance) configurations	Three billing methods are supported: pay-as-you-go, subscription, and preemptible instances. You can change the billing method from pay-as-you-go to subscription in the Elastic Compute Service (ECS) console. For more information, see Change the billing method. Due to the quota and stock limits of the dependent cloud services such as ECS, ACK may succeed to create only partial nodes when creating or scaling out a cluster. The node specifications must be 4 vCPUs and 8 GB of memory or higher. For more information, see Suggestions on choosing ECS specifications for ACK clusters.
Access to control plane components	When you use the API or CLI to access a control plane component, such as the API server or etcd, to query large numbers of cluster events, traffic throttling may be triggered due to the bandwidth limit. As a result, the query operation may fail. We recommend that you query cluster events by using the event center. You can also add pagination parameters, such as `--chunk-size=500`, to the API request or command lines to reduce the number of events to be returned per request. For more information, see Scenario 1: Use node-problem-detector with the Kubernetes event center of Log Service to sink cluster events. If traffic throttling is frequently triggered in an ACK Basic cluster, we recommend that you migrate your applications to an ACK Pro cluster. For more information, see Hot migration from ACK basic clusters to ACK Pro clusters.

Individual cluster capacity limit

ACK Pro clusters and ACK Basic clusters are applicable to different scenarios. Therefore, the cluster capacities are also different.

ACK Pro clusters: We recommend that you use this type of cluster in enterprise production environments.
Note
If an ACK Pro cluster uses Terway and has IPVLAN enabled, you can add less than 5,000 nodes to the cluster and create at most 50,000 pods. You can create at most 64,000 mappings between Services and pods.
ACK Basic clusters: This type of cluster is only for individual testing or learning.

The following table describes the capacities of different resources in an ACK cluster.

Resource	ACK Pro cluster	ACK Basic cluster
etcd storage	8 GB	2 GB
Maximum etcd storage for each type of objects	800 MB	200 MB
Nodes	The default is 5,000 and the maximum is 15,000	10
Pods	150,000	300
Namespaces	10,000	100
ConfigMaps	30,000	300
Secrets	100,000	1,000
PVCs	100,000	1,000
PVs	100,000	1,000
Services	10,000	100
Roles	50,000	500
RoleBindings	50,000	500
CRDs	100,000	1,000

Quotas

Cluster quotas

Note

The following table describes the default values of different cluster quotas. You can view the adjustable quotas and their maximum values in the Quota Center console and apply for quota increases.

Cluster type		Maximum number of clusters within an Alibaba Cloud account	Maximum number of node pools in a cluster^①	Maximum number of nodes in a cluster	Maximum number of pods on a node^②	How to apply for a quota increase
ACK managed cluster	Basic	2	10	10	If the network plug-in is Flannel: 256. If the network plug-in is Terway: It depends on the node specifications.	Not adjustable
ACK managed cluster	Pro	100	100	If the network plug-in is Flannel: The default is 200 and the maximum is 1000. If the network plug-in is Terway: The default is 5,000 and the maximum is 15,000.		log on to the Quota Center console and submit an application
ACK dedicated cluster		0	100			log on to the Quota Center console and submit an application
ACK Serverless cluster	Basic	2	N/A	N/A	1,000^③	log on to the Quota Center console and submit an application
ACK Serverless cluster	Pro	100	N/A	N/A	The maximum is 50,000. Important We recommend that you keep the number of pods under 20,000 if a large number of pods are associated with the Service.	log on to the Quota Center console and submit an application
ACK Edge cluster	Basic	2	10	10	256	Not adjustable
ACK Edge cluster	Pro	100	100	1,000	256	log on to the Quota Center console and submit an application
Registered cluster		5	100	N/A	256	log on to the Quota Center console and submit an application

①: For the new quota on the maximum number of node pools per cluster to take effect, you must also increase the quota on scaling groups. To do this, log on to the Quota Center console and apply for a quota increase.
②: The maximum number of pods on a node
- The maximum number of pods on a node depends on the cluster network plug-in.
  - Flannel: The maximum number of pods on a node depends on the cluster CIDR block that you specified when you create the cluster. Refer to the preceding table for the quota limit. However, the quota is not adjustable in this scenario.
  - Terway: The maximum number of pods on a node depends on the number of elastic network interfaces (ENIs) supported by the corresponding ECS instance type. We recommend that you choose the latest ECS instance types and ECS instance types with high specifications.
- The quota on the maximum number of pods per node is subject to a worker node. The quota on the maximum number of pods per cluster is subject to an ACK cluster. You can add nodes to an ACK cluster to increase the pod quota. However, when the cluster size grows, the availability and performance of the cluster may be compromised. We recommend that you decide the cluster size properly. For more information, see Suggestions on using large-scale clusters.
③: ACK Serverless clusters does not have physical nodes. This quota specifies the maximum number of pods that can run in an ACK Serverless cluster.

Dependent cloud service quotas

Cloud service	Quota	Default value	How to apply for a quota increase
ECS	Maximum number of Resource Orchestration Service (ROS) templates	100	submit a ticket
	Maximum number of vCPUs of all pay-as-you-go instances	500	submit a ticket
	High-specification pay-as-you-go instances (equipped with more than 16 vCPUs)	Only pay-as-you-go instances with less than 16 vCPUs can be purchased	submit a ticket
	Maximum number vCPUs of all preemptible instances	800	submit a ticket
	Change the billing method from pay-as-you-go to subscription	The following instance types (or families) are not supported: t1, s1, s2, s3, c1, c2, m1, m2, n1, n2, and e3	submit a ticket
	Maximum number of ECS instances in a scaling group	2,000	log on to the Quota Center console and submit an application
	OS	Nodes that run the following operating systems can be added to an ACK cluster: Alibaba Cloud Linux CentOS 7.x Note CentOS 8.x and later are not supported. Windows Server 2019 and Windows Server version 1809 and later.	N/A
Networking	Only applicable to clusters that use the Flannel network plug-in. Maximum number of custom routes that can be created in each route table (excluding dynamic routes)	200	Use one of the following methods: Go to the Quota Management page to request an increase. For more information, see Manage VPC quotas. Go to the Quota Center page to submit a quota increase request. For more information, see Request a quota increase.
	Maximum number of vSwitches that can be created in each VPC	150
	Maximum number of VPCs that can be created in each region	10
	Maximum number of private IP addresses that can be contained in a security group of the VPC type	Basic security group: 6,000 Advanced security group: 65,535	To apply for the basic security group, go to the Quota Center.
	Maximum number of security groups in an account	View and change the quota in the Quota Center console.
	Maximum number of secondary ENIs that can be created in an account	View the quota in the Quota Center console.	Go to the Quota Center console.
	Maximum number of elastic IP addresses (EIPs) that each Alibaba Cloud account can apply for	20	Use one of the following methods: Go to the Quota Management page and request a quota increase. For more information, see Manage service quotas. Go to the Quota Center and request a quota increase. For more information, see Request a quota increase.
Load balancing	Maximum number of CLB instances that can be created by each Alibaba Cloud account	30	Use one of the following methods: Go to the Quota Management page in the CLB console, find the quota slb_quota_instances_num, and then click Apply in the Actions column. For more information, see Manage quotas. Log on to the Quota Center console and request a quota increase. For more information, see Manage CLB quotas.
	Maximum number of backend servers that can be added to a CLB instance	200	Use one of the following methods: Go to the Quota Management page in the CLB console, find the quota slb_quota_backendservers_num, and then click Apply in the Actions column. For more information, see Manage quotas. Log on to the Quota Center console and request a quota increase. For more information, see Manage CLB quotas.
	Maximum number of listeners that can be added to a CLB instance	50	Use one of the following methods: Go to the Quota Management page in the CLB console, find the quota slb_quota_listeners_num, and then click Apply in the Actions column. For more information, see Manage quotas. Log on to the Quota Center console and request a quota increase. For more information, see Manage CLB quotas.
	Maximum number of times that a server can be added as a CLB backend server	50	N/A
Elastic Block Storage (EBS)	Maximum number of pay-as-you-go disks in all regions within an Alibaba Cloud account	This quota is five times the number of ECS instances across all regions within an Alibaba Cloud account. However, Alibaba Cloud allows you to create at least 10 pay-as-you-go disks in all regions within an Alibaba Cloud account.	submit a ticket
Elastic Block Storage (EBS)	Total capacity of all pay-as-you-go disks that are used as data disks within an Alibaba Cloud account	This quota is subject to the number of ECS instances within the account, regions in which the ECS instances reside, and disk types that the ECS instances use. You can go to the Privileges page in the ECS console to view details. For more information, see View and increase instance quotas.	submit a ticket

References

When you use different types of ACK clusters, you need to pay close attention to the usage notes and instructions on high-risk operations for different modules. Otherwise, your businesses may be interrupted.Container Service for Kubernetes For more information, see Usage notes and instructions on high-risk operations.
When you use ACK managed clusters and ACK dedicated clusters, you must configure the clusters, workloads, and components properly to ensure the stability and reliability of applications in the clusters. For more information, see Recommended configurations for high reliability.