Quotas and limits for Container Service for Kubernetes - Container Service for Kubernetes

This topic describes the quotas and limits of Alibaba Cloud Container Service for Kubernetes (ACK). These limits apply to product and cluster configurations, single-cluster capacity, cluster quotas, and quotas for underlying cloud dependencies.

Limits

Product and cluster configuration limits

Before you activate Container Service for Kubernetes, be aware of the following limits on ACK clusters.

Limit	Description
Account verification	Before creating an ACK cluster, complete account verification and activate ACK. For more information, see Activate ACK.
Cluster configuration	After an ACK cluster is created, the following configurations cannot be changed. The VPC of the cluster cannot be changed. The cluster type cannot be directly changed. For example, you cannot directly change an ACK dedicated cluster to an ACK managed cluster. You can hot migrate ACK dedicated clusters to ACK managed Pro clusters. For more information, see Hot migrate an ACK dedicated cluster to an ACK managed Pro cluster. The cluster edition cannot be directly changed. For example, you cannot change an ACK managed Pro cluster to an ACK managed Basic cluster. You can hot migrate ACK managed Basic clusters to ACK managed Pro clusters. For more information, see Hot migrate an ACK managed Basic cluster to an ACK managed Pro cluster. You cannot switch between the Terway and Flannel container network plugins.
ECS instance (node instance) configuration	Three billing methods are supported: pay-as-you-go, subscription, and spot instances. You can switch the billing method of an instance from pay-as-you-go to subscription in the ECS console. For more information, see Switch between billing methods. Because underlying dependencies such as ECS have quota and inventory limits, only some nodes may be successfully created when you create or scale out a cluster, or when a cluster is automatically scaled. The node specifications must be 4 CPU cores and 8 GB of memory or higher. For more information, see ECS instance type configuration recommendations.
Cluster control plane component access traffic	When you access control plane components, such as the API Server and etcd, through an API or the command line, traffic throttling may be triggered due to bandwidth limits if you read many cluster events at a time. This may cause the read operation to fail. Query cluster events in Event Center, or add a paging parameter, such as `--chunk-size=500`, to the API or command to reduce the amount of data in a single request. For more information, see Scenario 1: Use NPD and the Kubernetes Event Center of SLS to monitor cluster events. In addition, if you frequently encounter throttling issues in an ACK managed Basic cluster, migrate to an ACK managed Pro cluster. For more information, see Hot migrate an ACK Basic cluster to an ACK Pro cluster.

Single-cluster capacity limits

ACK managed Pro clusters and ACK managed Basic clusters are used in different scenarios and have different capacity limits.

ACK managed Pro cluster: Recommended for enterprise production environments.
Note
In an ACK managed Pro cluster that uses the Terway network plugin with IPvlan enabled, the cluster can contain up to 5,000 nodes and 50,000 pods. The total number of mappings between services and pods cannot exceed 64,000.
ACK managed Basic cluster: Suitable for personal testing or learning purposes only.

The following table describes the maximum capacity of different resource types in a single cluster.

Type	ACK managed Pro cluster	ACK managed Basic cluster
etcd storage capacity	8 GB	2 GB
Total size of etcd objects for each resource type	800 MB	200 MB
Node	5,000 by default, 15,000 at most	10
Pod	150,000	300
Namespace	10,000	100
ConfigMap	30,000	300
Secret	100,000	1,000
PVC	100,000	1,000
PV	100,000	1,000
Service	10,000	100
Role	50,000	500
RoleBinding	50,000	500
CRD	100,000	1,000
Number of CRs for each CRD type	100,000	1,000

Quotas

Cluster quotas

Note

The following table lists only the default quotas. To view adjustable quotas and their upper limits, or to request a quota increase, go to Quota Center.

Cluster type		Max clusters per Alibaba Cloud account	Max node pools per cluster^①	Max nodes per cluster	Max pods per node^②	How to increase quota
ACK managed cluster	Basic Edition	2	10	10	If you use the Flannel container network plugin: 256 If you use the Terway container network plugin: The pod quota of a single node is determined by the node specifications. For more information about how to calculate the quota, see Calculate the maximum number of pods per node	Not requestable
ACK managed cluster	Pro Edition	100	100	If you use the Flannel container network plugin: 200 by default, 1,000 at most If you use the Terway container network plugin: 5,000 by default, 15,000 at most		log on to the Quota Center console and submit an application
ACK dedicated cluster		0	100			log on to the Quota Center console and submit an application
ACK Serverless cluster	Basic Edition	2	Not applicable	Not applicable	1,000^③	log on to the Quota Center console and submit an application
ACK Serverless cluster	Pro Edition	100	Not applicable	Not applicable	Up to 50,000 Important If many pods are associated with a service, we recommend that you keep the number of pods below 20,000.	log on to the Quota Center console and submit an application
ACK Edge cluster	Basic Edition	2	10	10	256	Request not permitted
ACK Edge cluster	Pro Edition	100	100	1,000	256	log on to the Quota Center console and submit an application
Registered cluster		5	100	Not applicable	256	log on to the Quota Center console and submit an application

①: For the new quota on the maximum number of node pools per cluster to take effect, you must also request a quota increase for the total number of scaling groups in Auto Scaling. To do this, submit a request in the Quota Center.
②: Maximum number of pods per node
- The maximum number of pods per node depends on the cluster's container network plugin.
  - Flannel network mode: The maximum number of pods is determined by the pod CIDR block that is specified when the cluster is created. You cannot request a quota increase for this limit.
  - Terway network mode: The maximum number of pods depends on the number of Elastic Network Interfaces (ENIs) that the ECS instance type supports. We recommend that you select high-specification, later-generation ECS instance types.
- The maximum number of pods per node is the limit for a single worker node, whereas the maximum number of pods per cluster is the limit for the entire ACK cluster. You can add more nodes to increase the total number of pods that the cluster supports. However, an excessively large cluster may affect availability and performance. Plan the use of large-scale clusters with care. For more information, see Recommendations for using large-scale clusters.
③: ACK Serverless clusters do not use physical nodes. This quota refers to the maximum number of pods that a single ACK Serverless cluster can support.

Quotas for underlying cloud dependencies

Product type	Limit	Default limit	How to increase quota
Elastic Compute Service	Resource Orchestration Service (ROS) quota	100	submit a ticket
	vCPU quota for pay-as-you-go instances	500 cores	submit a ticket
	Purchase of high-specification pay-as-you-go instances (more than 16 vCPU cores)	Instance types with less than 16 vCPU cores	submit a ticket
	vCPU quota for spot instances	800 cores	submit a ticket
	Change of billing method from pay-as-you-go to subscription	The following instance types (families) cannot be changed: t1, s1, s2, s3, c1, c2, m1, m2, n1, n2, and e3	submit a ticket
	Maximum number of ECS instances in a single Auto Scaling (ESS) scaling group	2,000	log on to the Quota Center console and submit an application
	Operating systems	Nodes that run the following operating systems can be added to an ACK cluster: Alibaba Cloud Linux CentOS 7.x Note CentOS 8.x and later are not supported. Windows Server 2019 and Windows Server version 1809 and later.	None
Network	Applicable only to clusters that use the Flannel network plugin The maximum number of custom route entries per route table (excluding dynamically propagated route entries)	200	For more information, see General quotas.
	The number of vSwitches that can be created in a VPC.	150
	The number of VPCs that can be created in a region.	10
	The maximum number of private IP addresses that a security group of the VPC type can contain within an Alibaba Cloud account per region	Basic security group: 6,000 Enterprise security group: 65,535	To increase the quota for basic security groups, go to Quota Center.
	The maximum number of security groups allowed for an Alibaba Cloud account per region	You can view or apply to increase the quota by using the quota ID `q_security-groups`. For more information, see View or increase ECS quotas.
	The maximum number of secondary elastic network interfaces (ENIs) that can be created for an Alibaba Cloud account per region	You can view the quota by using the quota ID `q_elastic-network-interfaces`. For more information, see View or increase ECS quotas.	View or increase ECS quotas
	Maximum number of EIPs that each Alibaba Cloud account can apply for	20	Choose one of the following methods as needed: Go to the Quota Management page and request a quota increase. For more information, see Manage service quotas. Go to the Quota Center and request a quota increase. For more information, see Request a quota increase.
Server Load Balancer (SLB)	Maximum number of CLB instances that can be created by each Alibaba Cloud account	30	Choose one of the following methods as needed: Go to the Quota Management page in the CLB console, find the quota slb_quota_instances_num, and then click Apply in the Actions column. For more information, see Manage quotas. Log on to the Quota Center console and request a quota increase. For more information, see Manage CLB quotas.
	Maximum number of backend servers that can be added to a CLB instance	200	Choose one of the following methods as needed: Go to the Quota Management page in the CLB console, find the quota slb_quota_backendservers_num, and then click Apply in the Actions column. For more information, see Manage quotas. Log on to the Quota Center console and request a quota increase. For more information, see Manage CLB quotas.
	Maximum number of listeners that can be added to a CLB instance	50	Choose one of the following methods as needed: Go to the Quota Management page in the CLB console, find the quota slb_quota_listeners_num, and then click Apply in the Actions column. For more information, see Manage quotas. Log on to the Quota Center console and request a quota increase. For more information, see Manage CLB quotas.
	Maximum number of times that a server can be added as a CLB backend server	50	None
Elastic Block Storage	Maximum number of pay-as-you-go disks in all regions for an account	The number of instances in all regions under the account × 5. Each account can create a minimum of 10 pay-as-you-go disks.	submit a ticket
Elastic Block Storage	Maximum total capacity of pay-as-you-go data disks for an account	This quota depends on your Elastic Compute Service usage, region, and disk type. You can view the quota in Quota Center. For more information, see Elastic Block Storage.	submit a ticket

References

When you use Container Service for Kubernetes clusters, be aware of the usage notes and high-risk operations that apply to different cluster types and functional modules. Reviewing this information can help prevent business interruptions caused by improper operations. For more information, see Usage notes and high-risk operations.
When you use ACK managed clusters and ACK dedicated clusters, configure clusters, workloads, and components according to your requirements to ensure the stability and reliability of your applications. For more information, see Recommended configurations for workloads.