This topic describes the limits that apply when you use Container Service for Kubernetes (ACK).
Overview
Before you use ACK, take note of the following limits:
You must pass real-name verification before you can create an ACK cluster.
You cannot perform the following operations on an ACK cluster after it is created:
Change the virtual private cloud (VPC) in which the cluster resides.
Change the cluster type from ACK managed to ACK dedicated or from ACK Pro to ACK standard.
Change the network plug-in.
Change the volume plug-in.
Migrate applications across different namespaces.
The following limits apply to Elastic Compute Service (ECS) instances in ACK clusters:
The pay-as-you-go and subscription billing methods are supported. Other resources, such as Server Load Balancer (SLB) instances, support only the pay-as-you-go billing method. You can change the billing method of an ECS instance from pay-as-you-go to subscription in the ECS console.
When you create, expand, or scale out ACK clusters, the system may fail to create ECS nodes if the ECS quota limit is reached or ECS instances are out of stock.
If you choose the subscription billing method for ECS instances when you create a cluster, the system may fail to create ECS nodes if the ECS quota limit is reached or ECS instances are out of stock. However, subscription instances that have been created will not be released before their subscriptions expire. You can add these instances to other clusters if needed.
NoteTo avoid paying for idle resources, we recommend that you choose the pay-as-you-go billing method for ECS instances when you create a cluster. You can change the billing method to subscription in the ECS console if needed.
You must select instance types that provide at least 4 vCPUs and 8 GiB of memory.
Limits on access to control plane components:
Bandwidth limits apply when you access control pane components, including kube-apiserver and etcd, of a cluster by calling API operations or by using the CLI. If you attempt to read a large number of cluster events at a time, bandwidth throttling may be triggered and you may fail to read the events. We recommend that you query cluster events by using the Kubernetes event center feature of Log Service. Alternatively, you can add paging parameters, such as
--chunk-size=500
, to the API request or command lines to reduce the number of events to be read per request. If you frequently encounter bandwidth throttling on an ACK standard cluster, we recommend that you migrate workloads from the cluster to an ACK Pro cluster.For more information about the Kubernetes event center feature of Log Service, see Scenario 1: Use node-problem-detector with the Kubernetes event center of Log Service to sink cluster events.
For more information about how to migrate workloads from an ACK standard cluster to an ACK Pro cluster, see Hot migration from ACK basic clusters to ACK Pro clusters.
Resource quota limits
The resource quota limits and use scenarios for ACK Pro clusters are different from the resource limits and use scenarios for ACK standard clusters.
ACK Pro clusters are ideal for enterprise customers.
NoteIf you install Terway and enable the Terway IPVLAN mode in an ACK Pro cluster, you can create at most 5,000 nodes, 50,000 pods, and 64,000 mappings between pods and Services in the cluster.
ACK standard clusters are ideal for individual developers in terms of testing and learning.
Item | ACK Pro | ACK standard |
etcd storage | 8 GB | 2 GB |
Maximum etcd storage for each type of objects | 800 MB | 200 MB |
Node | The default is 5000 and the maximum is 10000. | 10 |
Pod | 150,000 | 300 |
Configmap | 30,000 | 300 |
Secret | 30,000 | 300 |
PVC | 100,000 | 1,000 |
PV | 100,000 | 1,000 |
Service | 10,000 | 100 |
CRD | 100,000 | 1,000 |
Quotas
Cluster type | Maximum number of clusters within an Alibaba Cloud account | Maximum number of node pools in a cluster① | Maximum number of nodes in a cluster | Maximum number of pods on a node② | Adjustable | |
ACK managed | Standard | 2 | 10 | 10 | 256 | N/A |
Pro | 100 | 100 | The default is 5000 and the maximum is 10000. | 256 | ||
ACK dedicated | 5 | 100 | 1000 | 256 | ||
ACK Serverless | Standard | 2 | N/A | N/A | 1000③ | N/A |
Pro | 100 | N/A | N/A | The default is 10000 and the maximum is 20000. | ||
ACK edge | Standard | 2 | 10 | 10 | 256 | N/A |
Pro | 100 | 100 | 1000 | 256 | ||
Registered | 5 | 100 | N/A | 256 |
①To increase the maximum number of node pools supported by a cluster, you need to submit a ticket to request a quota increase for scaling groups.
②This quota takes effect only in Flannel network mode and cannot be increased. In Terway network mode, this quota is determined by the number of IP addresses that can be allocated by the node.
③ACK Serverless clusters do not contain nodes. The quota indicates the maximum number of pods on a node of an ACK Serverless standard cluster and cannot be increased.
This topic lists only the default quotas. To increase quotas, go to the Quota Center page and submit applications.
Quota limits on underlying cloud resources
Category | Item | Quota for general users | Adjustable |
Number of Resource Orchestration Service (ROS) templates | Default: 100 | ||
Maximum number of vCPUs of all pay-as-you-go instances | 500 | ||
High-specification pay-as-you-go instances (equipped with more than 16 vCPUs) | Unavailable for purchase. Only pay-as-you-go instances with less than 16 vCPUs can be purchased. | ||
Maximum number vCPUs of all preemptible instances | 800 | ||
Change the billing method of an instance from pay-as-you-go to subscription | Unavailable for the following instance families: t1, s1, s2, s3, c1, c2, m1, m2, n1, n2, and e3. | ||
Maximum number of ECS instances in a scaling group | 2,000 | ||
Operating system | Nodes that run the following operating systems can be added to an ACK cluster:
| N/A | |
Number of custom route entries in a route table | 200 | ||
Number of vSwitches in a VPC | 24 | ||
Number of VPCs within an Alibaba Cloud account | 10 | ||
Number of private IP addresses in a VPC | 65535 | N/A | |
Number of IP addresses that can be added to a basic security group | 2000 | N/A | |
Number of elastic network interfaces (ENIs) | 50000 | N/A | |
Number of elastic IP addresses (EIPs) within an Alibaba Cloud account | 20 | ||
Number of SLB instances within an Alibaba Cloud account | 60 | ||
Number of backend servers that can be attached to an SLB instance | 200 | N/A | |
Number of listeners that can be added to an SLB instance | 50 | ||
Number of times that an ECS instance can be repeatedly added to SLB instances as a backend server | 50 | N/A | |
Number of pay-as-you-go disks in all regions within an Alibaba Cloud account | This quota is five times the number of ECS instances across all regions within an Alibaba Cloud account. However, Alibaba Cloud allows you to create at least 10 pay-as-you-go disks in all regions within an Alibaba Cloud account. | ||
Total capacity of all pay-as-you-go disks that are used as data disks within an Alibaba Cloud account | This quota is subject to the number of ECS instances within the account, regions in which the ECS instances reside, and disk types that the ECS instances use. You can go to the Privileges & Quotas page in the ECS console to view details. For more information, see View and increase instance quotas. |