This topic describes the limits that apply when you use Container Service for Kubernetes (ACK).
Overview
Before you use ACK, take note of the following limits:
You must pass real-name verification before you can create an ACK cluster.
You cannot perform the following operations on an ACK cluster after it is created:
Change the virtual private cloud (VPC).
Change the cluster type from ACK managed to ACK dedicated or from ACK Pro to ACK Basic.
Change the network plug-in.
Change the volume plug-in.
Migrate applications across different namespaces.
The following limits apply to Elastic Compute Service (ECS) instances in ACK clusters:
The pay-as-you-go and subscription billing methods are supported. Other resources, such as Server Load Balancer (SLB) instances, support only the pay-as-you-go billing method. You can change the billing method of an ECS instance from pay-as-you-go to subscription in the ECS console.
When you create, expand, or scale out ACK clusters, the system may fail to create ECS nodes if the ECS quota limit is reached or ECS instances are out of stock.
If you choose the subscription billing method for ECS instances when you create a cluster, the system may fail to create ECS nodes if the ECS quota limit is reached or ECS instances are out of stock. However, subscription instances that have been created will not be released before their subscriptions expire. You can add these instances to other clusters if needed.
NoteTo avoid paying for idle resources, we recommend that you choose the pay-as-you-go billing method for ECS instances when you create a cluster. You can change the billing method to subscription in the ECS console if needed.
You must select instance types that provide at least 4 vCPUs and 8 GiB of memory.
Limits on access to control plane components:
Bandwidth limits apply when you access control panel components, including kube-apiserver and etcd, of a cluster by calling API operations or by using the CLI. If you attempt to read a large number of cluster events at a time, bandwidth throttling may be triggered and you may fail to read the events. We recommend that you query cluster events by using the Kubernetes event center feature of Simple Log Service. Alternatively, you can add pagination parameters, such as
--chunk-size=500
, to the API request or command lines to reduce the number of events to be returned per request. If an ACK Basic cluster frequently triggers bandwidth throttling, we recommend that you migrate workloads from the cluster to an ACK Pro cluster.For more information about the Kubernetes event center feature of Simple Log Service, see Scenario 1: Use node-problem-detector with the Kubernetes event center of Simple Log Service to sink cluster events.
For more information about how to migrate workloads from an ACK Basic cluster to an ACK Pro cluster, see Hot migration from ACK basic clusters to ACK Pro clusters.
Resource quota limits
The resource quota limits and use scenarios of ACK Pro clusters are different from those of ACK Basic clusters.
ACK Pro clusters are ideal for enterprise customers.
NoteIf you install Terway and enable the Terway IPVLAN mode in an ACK Pro cluster, you can create at most 5,000 nodes, 50,000 pods, and 64,000 mappings between pods and Services in the cluster.
ACK Basic clusters are ideal for individual developers in terms of testing and learning.
Resource | ACK Pro | ACK Basic |
etcd storage | 8 GB | 2 GB |
Maximum etcd storage for each type of objects | 800 MB | 200 MB |
Node | The default is 5,000 and the maximum is 10,000. | 10 |
Pod | 150,000 | 300 |
Configmap | 30,000 | 300 |
Secret | 30,000 | 300 |
PVC | 100,000 | 1,000 |
PV | 100,000 | 1,000 |
Service | 10,000 | 100 |
CRD | 100,000 | 1,000 |
Resource quotas
Cluster type | Maximum number of clusters within an Alibaba Cloud account | Maximum number of node pools in a cluster① | Maximum number of nodes in a cluster | Maximum number of pods on a node② | Method for requesting a quota increase | |
ACK managed clusters | Basic | 2 | 10 | 10 | 256 | N/A |
Pro | 100 | 100 | The default is 5,000 and the maximum is 10,000. | 256 | ||
ACK dedicated clusters | 5 | 100 | 1,000 | 256 | ||
ACK Serverless clusters | Basic | 2 | N/A | N/A | 1,000③ | N/A |
Pro | 100 | N/A | N/A | The default is 10,000 and the maximum is 20,000. | ||
ACK Edge clusters | Basic | 2 | 10 | 10 | 256 | N/A |
Pro | 100 | 100 | 1,000 | 256 | ||
Registered clusters | 5 | 100 | N/A | 256 |
①To increase the quota for the maximum number of node pools in a cluster, you must submit an application in the Quota Center console to increase the quota for scaling groups.
②This quota takes effect only in Flannel network mode and cannot be increased. In Terway network mode, this quota is determined by the number of IP addresses that can be allocated by the node.
③ACK Serverless clusters do not contain nodes. The quota limits the maximum number of pods that can be deployed in an ACK Serverless Basic cluster. The quota cannot be increased.
This topic lists only the default quotas. To increase quotas, go to the Quota Center page and submit applications.
Quota limits on underlying cloud resources
Cloud resource | Limit | Limit for regular users | Application method for quota increase |
Number of Resource Orchestration Service (ROS) templates | Default: 100 | ||
Maximum number of vCPUs of all pay-as-you-go instances | 500 | ||
High-specification pay-as-you-go instances (equipped with more than 16 vCPUs) | Unavailable for purchase. Only pay-as-you-go instances with less than 16 vCPUs can be purchased. | ||
Maximum number of vCPUs of all preemptible instances | 800 | ||
Change the billing method of an instance from pay-as-you-go to subscription | Unavailable for the following instance families: t1, s1, s2, s3, c1, c2, m1, m2, n1, n2, and e3. | ||
Maximum number of ECS instances in a scaling group | 2,000 | ||
OS | Nodes that run the following operating systems can be added to an ACK cluster:
| N/A | |
Number of custom route entries in a route table | 200 | ||
Number of vSwitches in a VPC | 24 | ||
Number of VPCs within an Alibaba Cloud account | 10 | ||
Number of private IP addresses in a VPC | 65,535 | N/A | |
Number of IP addresses that can be added to a basic security group | 2,000 | N/A | |
Number of elastic network interfaces (ENIs) | 50,000 | N/A | |
Number of elastic IP addresses (EIPs) within an Alibaba Cloud account | 20 | ||
Number of SLB instances within an Alibaba Cloud account | 60 | ||
Number of backend servers that can be attached to an SLB instance | 200 | N/A | |
Number of listeners that can be added to an SLB instance | 50 | ||
Number of times that an ECS instance can be repeatedly added to SLB instances as a backend server | 50 | N/A | |
Number of pay-as-you-go disks in all regions within an Alibaba Cloud account | This quota is five times the number of ECS instances across all regions within an Alibaba Cloud account. However, Alibaba Cloud allows you to create at least 10 pay-as-you-go disks in all regions within an Alibaba Cloud account. | ||
Total capacity of all pay-as-you-go disks that are used as data disks within an Alibaba Cloud account | This quota is subject to the number of ECS instances within the account, regions in which the ECS instances reside, and disk types that the ECS instances use. You can go to the Privileges page in the ECS console to view details. For more information, see View and increase instance quotas. |