ACK Serverless runs Kubernetes workloads without node management, with pay-as-you-go billing and second-level pod scaling.
Product overview
Starting February 17, 2025, Alibaba Cloud ACK Serverless will disable cluster creation for new users who have not previously created an ACK Serverless cluster. You can use serverless container compute through Container Compute Service (ACS). ACS clusters support the full lifecycle management of enterprise-grade Kubernetes containerized applications, providing you with more powerful features and services. For more information about ACS, see ACS product overview.
For users who have not created an ACK Serverless cluster, the interface for creating a new ACK Serverless cluster is unavailable. To use Serverless container computing capabilities:
Create an ACS cluster and leverage Serverless resources within it.
Use Serverless computing elastically in ACK Managed Cluster Pro Edition.
For existing ACK Serverless cluster users, your current ACK Serverless clusters and new cluster creation within default quotas remain unaffected. You can continue operations as documented, with no service interruptions or adjustments required.
ACK Serverless is a serverless Kubernetes container service from Alibaba Cloud. In an ACK Serverless cluster from ACK Serverless, deploy container applications without purchasing nodes, managing nodes, or capacity planning. Pay-as-you-go billing applies to the CPU and memory resources configured for your applications. ACK Serverless clusters are fully Kubernetes-compatible, letting you focus on applications instead of infrastructure.
The ACK Serverless cluster has two editions: ACK Serverless Basic cluster and ACK Serverless Pro cluster. The ACK Serverless Pro cluster, an ACK Serverless cluster built on the ACK Serverless Basic cluster, enhances reliability and security for enterprise production with an SLA. See Cluster overview for ACK Serverless Pro cluster details.
Key benefits
|
Benefit |
Description |
|
Out of the box |
Quickly create clusters and deploy applications without managing Kubernetes nodes or servers. |
|
Massive capacity |
Support up to 50,000 pods per cluster without extra configuration or capacity planning. Important We recommend a maximum of 20,000 if pods are mapped to a large number of Services. |
|
Elasticity in seconds |
Create thousands of pods within seconds to handle traffic spikes without latency bottlenecks. |
|
Predictive scaling |
Predicts resource usage from historical data and prepares resources to handle traffic surges. |
|
Native compatibility |
Full Kubernetes compatibility for seamless migration of native Kubernetes applications and ecosystem benefits. |
|
Secure isolation |
Pods run on ECI. Each pod runs in a strongly isolated lightweight virtual sandbox. |
|
Reduced costs |
Pay-as-you-go billing with no charges when applications are idle, eliminating idle resource costs and reducing O&M overhead. |
|
Service integration |
Integrate containers with Alibaba Cloud services and enable container-to-VM communication. |
|
Higher reliability, stronger SLA, and larger cluster capacity. Seamless migration from Basic to Pro Edition. |
ACK Serverless clusters compared with ACK clusters
The following figure shows a standard ACK cluster on the left and an ACK Serverless cluster on the right.
Use cases
|
Use case |
Description |
|
Application hosting |
ACK Serverless clusters eliminate node management, maintenance, and capacity planning, significantly reducing infrastructure and O&M costs. |
|
Bursty workloads |
For bursty workloads such as online education and e-commerce, second-level scaling of ACK Serverless clusters reduces compute costs, minimizes idle waste, and handles traffic spikes. See Auto scaling overview. |
|
Data processing |
For data processing workloads like Spark jobs, ACK Serverless clusters quickly launch pods to process tasks. Pods are released after computation, stopping billing and reducing costs. See Use ACK Serverless to create Spark jobs. |
|
CI/CD |
Set up a continuous integration (CI) environment such as Jenkins or GitLab Runner on an ACK Serverless cluster to create a pipeline that quickly compiles source code, builds and pushes images, and deploys applications. Each CI task is securely isolated with no fixed resource pool, reducing compute costs. See Deploy Jenkins in an ACK Serverless cluster and build and deploy an application. |
|
Scheduled tasks |
Run scheduled tasks in an ACK Serverless cluster where billing stops after the task is complete. No fixed resource pool needed, avoiding resource waste. See CronHPA-based scheduled scaling. |
Core features
ACK Serverless clusters are fully Kubernetes-compatible. Review the following features before deploying production workloads to an ACK Serverless cluster.
ECI profile
Pods in an ACK Serverless cluster run on ECI. Configure the ECI profile, a ConfigMap named eci-profile in the kube-system namespace, to control pod and cluster behavior.
|
Field |
Description |
|
vpcId |
The ID of the Virtual Private Cloud (VPC) where the pods reside. |
|
securityGroupId |
The ID of the security group. |
|
vSwitchIds |
The vSwitch IDs. Specify multiple IDs separated by commas (,). Virtual nodes are generated based on these vSwitches. |
|
selectors |
The pod selector. Selects pods by namespace and labels to auto-append annotations or labels. |
|
enableClusterIp |
Specifies whether to enable ClusterIP. Default value: true. |
|
enableLogController |
Specifies whether to enable the Alibaba Cloud log controller. Default value: false. |
|
enablePVCController |
Specifies whether to enable the PVC controller. Default value: false. |
|
enablePrivateZone |
Specifies whether to enable PrivateZone service discovery. Default value: false. |
|
featureGates |
Feature gates for unstable features. |
See ECI overview.
Virtual nodes
An ACK Serverless cluster requires no worker node management. For Kubernetes compatibility, the cluster displays virtual nodes with massive compute capacity for elastic scaling. Virtual nodes are generated from the vSwitchIds field in the eci-profile ConfigMap and consume no compute resources.
Pod configuration
Add annotations to pods in an ACK Serverless cluster to customize their behavior.
-
These annotations apply only to ECI-based pods on virtual nodes, not pods on regular nodes.
-
Add annotations under the
metadatafield of the pod. For example, when you configure a Deployment, add the annotations underspec.template.metadata. -
Pod annotations override the same settings in the ECI profile.
|
Parameter |
Example value |
Description |
Related documentation |
|
k8s.aliyun.com/eci-security-group |
sg-bp1dktddjsg5nktv**** |
The ID of the security group. |
|
|
k8s.aliyun.com/eci-vswitch |
vsw-bp1xpiowfm5vo8o3c**** |
The vSwitch ID. Specify multiple IDs for multi-zone deployment. |
|
|
k8s.aliyun.com/eci-schedule-strategy |
vSwitchOrdered |
The multi-zone scheduling strategy. Valid values:
|
|
|
k8s.aliyun.com/eci-ram-role-name |
AliyunECIContainerGroupRole |
The RAM role for the ECI pod to access other Alibaba Cloud services. |
|
|
k8s.aliyun.com/eci-use-specs |
2-4Gi,4-8Gi,ecs.c6.xlarge |
The ECI instance specifications. Supports multiple specs: vCPU-memory combinations or ECS instance types. |
|
|
k8s.aliyun.com/eci-spot-strategy |
SpotAsPriceGo |
The preemptible instance policy. Valid values:
|
|
|
k8s.aliyun.com/eci-spot-price-limit |
0.5 |
The price limit for the preemptible instance. Note
This annotation is valid only when k8s.aliyun.com/eci-spot-strategy is set to SpotWithPriceLimit. |
|
|
k8s.aliyun.com/eci-cpu-option-core |
2 |
The number of physical CPU cores. |
|
|
k8s.aliyun.com/eci-cpu-option-ht |
1 |
The number of threads per core. |
|
|
k8s.aliyun.com/eci-reschedule-enable |
"true" |
Specifies whether to enable ECI pod rescheduling. |
|
|
k8s.aliyun.com/pod-fail-on-create-err |
"true" |
Specifies whether to mark the pod as Failed if creation fails. |
|
|
k8s.aliyun.com/eci-image-snapshot-id |
imc-2zebxkiifuyzzlhl**** |
The ID of the image cache. Note
Supports manual specification or automatic matching. Automatic matching is recommended. |
|
|
k8s.aliyun.com/eci-image-cache |
"true" |
Automatically match an image cache. Note
Supports manual specification or automatic matching. Automatic matching is recommended. |
|
|
k8s.aliyun.com/acr-instance-id |
cri-j36zhodptmyq**** |
The ID of the Container Registry Enterprise Edition instance. To specify an instance in another region, prefix the instance ID with the region ID. For example: "cn-beijing:cri-j36zhodptmyq****". |
Pull images from a Container Registry Enterprise Edition instance without a secret |
|
k8s.aliyun.com/eci-eip-instanceid |
eip-bp1q5n8cq4p7f6dzu**** |
The ID of the EIP instance. |
|
|
k8s.aliyun.com/eci-with-eip |
"true" |
Specifies whether to automatically create and associate an EIP. |
|
|
k8s.aliyun.com/eip-bandwidth |
5 |
The bandwidth of the EIP. |
|
|
k8s.aliyun.com/eip-common-bandwidth-package-id |
cbwp-2zeukbj916scmj51m**** |
The ID of the EIP bandwidth plan. |
|
|
k8s.aliyun.com/eip-isp |
BGP |
The EIP line type. Valid only for pay-as-you-go EIPs. Valid values:
|
|
|
k8s.aliyun.com/eip-internet-charge-type |
PayByBandwidth |
The billing method of the EIP. Valid values:
|
|
|
k8s.aliyun.com/eci-enable-ipv6 |
"true" |
Specifies whether to assign an IPv6 address. |
|
|
k8s.aliyun.com/eci-ipv6-bandwidth-enable |
"true" |
Specifies whether to enable IPv6 public network access for the ECI pod. |
|
|
k8s.aliyun.com/eci-ipv6-bandwidth |
100M |
The maximum public bandwidth of the IPv6 address. |
|
|
kubernetes.io/ingress-bandwidth |
40M |
The inbound bandwidth. |
|
|
kubernetes.io/egress-bandwidth |
20M |
The outbound bandwidth. |
|
|
k8s.aliyun.com/eci-extra-ephemeral-storage |
50Gi |
The size of the temporary storage space. |
|
|
k8s.aliyun.com/eci-eviction-enable |
"true" |
Specifies whether to auto-evict ECI pods with insufficient temporary storage. |
Automatically evict pods that have insufficient temporary storage |
|
k8s.aliyun.com/eci-core-pattern |
/pod/data/dump/core |
The directory where core dump files are saved. |
|
|
k8s.aliyun.com/eci-ntp-server |
100.100.*.* |
The Network Time Protocol (NTP) server. |
|
|
k8s.aliyun.com/plain-http-registry |
"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80" |
The address of a self-managed image repository. Configure this parameter to pull images over HTTP from self-managed repositories. This prevents pull failures caused by protocol mismatches. |
|
|
k8s.aliyun.com/insecure-registry |
"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80" |
The address of a self-managed image repository. Configure this parameter to skip certificate verification for self-managed repositories with self-signed certificates. This prevents pull failures caused by certificate errors. |
See ECI pod annotations.
Network management
By default, ECI pods use host network mode with an elastic network interface (ENI) on the vSwitch, enabling communication with ECS and RDS instances in the same VPC.
|
Type |
Description |
|
Service |
|
|
Ingress |
|
|
Service discovery |
For Service-based service discovery, enable PrivateZone or CoreDNS when creating the cluster. You can also enable PrivateZone through the ECI profile or install CoreDNS from the Add-ons page. |
|
Elastic IP Address (EIP) |
Associate an EIP with an ECI pod — auto-create one or bind an existing EIP. |
Storage management
Mount Alibaba Cloud block storage and file storage on pods.
|
Storage type |
Description |
|
Alibaba Cloud Block Storage (Disk) |
|
|
Alibaba Cloud File Storage (NAS) |
|
Observability
|
Feature |
Description |
|
Logging |
In an ACK Serverless cluster, enable Log Service by editing the eci-profile ConfigMap to collect pod logs. See Collect application logs using pod environment variables. |
|
Monitoring |
Install the arms-prometheus component for cluster monitoring. See Managed Service for Prometheus. |
Image management
-
ACK Serverless clusters support image caching to accelerate pod creation. See Use an image cache.
-
When pulling images from Container Registry (ACR) Enterprise Edition in an ACK Serverless cluster, configure secret-free pulling to simplify setup.
Auto scaling
ACK Serverless clusters have no physical nodes, so no node capacity planning is needed. Configure Horizontal Pod Autoscaler (HPA) or CronHPA for on-demand pod scaling. See Auto scaling overview.
Authorization
To access other Alibaba Cloud services from application pods, configure RAM Roles for Service Accounts (RRSA).
Cluster management
|
Type |
Description |
|
Intelligent O&M |
Use Intelligent O&M to periodically check ACK Serverless cluster health or run pre-checks for upgrades and migrations. |
|
Upgrades |
ACK Serverless clusters support seamless upgrades without service disruption. |
|
Pro Edition |
Provides a higher level of reliability, an SLA, and larger cluster capacity. |
|
Migration |
Seamlessly migrate trial or early ACK Serverless Basic Edition clusters to ACK Serverless Pro Edition for enhanced service assurance. |
Component management
ACK Serverless clusters provide components to extend cluster functionality. Deploy, upgrade, or uninstall them as needed. See Manage components.
Managed components
ACK Serverless clusters manage some system components so you can focus on applications. Core Kubernetes components in an ACK Serverless cluster — including Kube Scheduler, Cloud Controller Manager, Kube Controller Manager, and Kube API Server — are managed. ACK Serverless clusters will progressively roll out managed versions of storage, networking, and monitoring components.
Managed components still create objects such as ClusterRoles, ClusterRoleBindings, ServiceAccounts, Services, and ConfigMaps in the cluster. These objects consume no ECI resources. Do not modify them.
Managed components are deployed by ACK Serverless but remain accessible through the same APIs in the ACK Serverless cluster. Benefits:
-
No ECI instance resources consumed from your account, saving costs.
-
Automatically deployed and maintained in an optimal state.
-
They support a high-availability architecture.
Application management
Install Helm applications from the Marketplace on the ACK console and manage them on the Helm page. See Use Helm to simplify application deployment.
Billing
ACK Serverless clusters are available in Basic and Pro editions. Billable items and pricing vary by edition. See Billing of ACK Serverless clusters.
Limitations
Note the following ACK Serverless cluster limitations:
-
DaemonSet workloads are not supported. Use a sidecar container as a workaround.
-
You cannot specify
HostPathorHostNetworkin a pod'smanifest. -
Privileged containers are not supported. Use a Security Context to add specific capabilities instead.
NoteThe privileged container feature is in internal preview. To try this feature, submit a ticket.
-
NodePort Services and session affinity are not supported.
-
The China (Shenzhen Finance) and China GovCloud regions are not supported.
Contact us
If you have questions about ASK clusters, join the DingTalk group 31544226.