All Products
Search
Document Center

Container Service for Kubernetes:What is ACK Serverless

Last Updated:Jun 17, 2026

ACK Serverless runs Kubernetes workloads without node management, with pay-as-you-go billing and second-level pod scaling.

Product overview

Important

Starting February 17, 2025, Alibaba Cloud ACK Serverless will disable cluster creation for new users who have not previously created an ACK Serverless cluster. You can use serverless container compute through Container Compute Service (ACS). ACS clusters support the full lifecycle management of enterprise-grade Kubernetes containerized applications, providing you with more powerful features and services. For more information about ACS, see ACS product overview.

  • For users who have not created an ACK Serverless cluster, the interface for creating a new ACK Serverless cluster is unavailable. To use Serverless container computing capabilities:

  • For existing ACK Serverless cluster users, your current ACK Serverless clusters and new cluster creation within default quotas remain unaffected. You can continue operations as documented, with no service interruptions or adjustments required.

See [Product Change] Announcement on the discontinuation of the cluster creation feature for new users of ACK Serverless.

ACK Serverless is a serverless Kubernetes container service from Alibaba Cloud. In an ACK Serverless cluster from ACK Serverless, deploy container applications without purchasing nodes, managing nodes, or capacity planning. Pay-as-you-go billing applies to the CPU and memory resources configured for your applications. ACK Serverless clusters are fully Kubernetes-compatible, letting you focus on applications instead of infrastructure.

The ACK Serverless cluster has two editions: ACK Serverless Basic cluster and ACK Serverless Pro cluster. The ACK Serverless Pro cluster, an ACK Serverless cluster built on the ACK Serverless Basic cluster, enhances reliability and security for enterprise production with an SLA. See Cluster overview for ACK Serverless Pro cluster details.

Key benefits

Benefit

Description

Out of the box

Quickly create clusters and deploy applications without managing Kubernetes nodes or servers.

Massive capacity

Support up to 50,000 pods per cluster without extra configuration or capacity planning.

Important

We recommend a maximum of 20,000 if pods are mapped to a large number of Services.

Elasticity in seconds

Create thousands of pods within seconds to handle traffic spikes without latency bottlenecks.

Predictive scaling

Predicts resource usage from historical data and prepares resources to handle traffic surges.

Native compatibility

Full Kubernetes compatibility for seamless migration of native Kubernetes applications and ecosystem benefits.

Secure isolation

Pods run on ECI. Each pod runs in a strongly isolated lightweight virtual sandbox.

Reduced costs

Pay-as-you-go billing with no charges when applications are idle, eliminating idle resource costs and reducing O&M overhead.

Service integration

Integrate containers with Alibaba Cloud services and enable container-to-VM communication.

Pro Edition clusters

Higher reliability, stronger SLA, and larger cluster capacity. Seamless migration from Basic to Pro Edition.

ACK Serverless clusters compared with ACK clusters

The following figure shows a standard ACK cluster on the left and an ACK Serverless cluster on the right.

image

Use cases

Use case

Description

Application hosting

ACK Serverless clusters eliminate node management, maintenance, and capacity planning, significantly reducing infrastructure and O&M costs.

Bursty workloads

For bursty workloads such as online education and e-commerce, second-level scaling of ACK Serverless clusters reduces compute costs, minimizes idle waste, and handles traffic spikes. See Auto scaling overview.

Data processing

For data processing workloads like Spark jobs, ACK Serverless clusters quickly launch pods to process tasks. Pods are released after computation, stopping billing and reducing costs. See Use ACK Serverless to create Spark jobs.

CI/CD

Set up a continuous integration (CI) environment such as Jenkins or GitLab Runner on an ACK Serverless cluster to create a pipeline that quickly compiles source code, builds and pushes images, and deploys applications. Each CI task is securely isolated with no fixed resource pool, reducing compute costs. See Deploy Jenkins in an ACK Serverless cluster and build and deploy an application.

Scheduled tasks

Run scheduled tasks in an ACK Serverless cluster where billing stops after the task is complete. No fixed resource pool needed, avoiding resource waste. See CronHPA-based scheduled scaling.

Core features

ACK Serverless clusters are fully Kubernetes-compatible. Review the following features before deploying production workloads to an ACK Serverless cluster.

ECI profile

Pods in an ACK Serverless cluster run on ECI. Configure the ECI profile, a ConfigMap named eci-profile in the kube-system namespace, to control pod and cluster behavior.

Field

Description

vpcId

The ID of the Virtual Private Cloud (VPC) where the pods reside.

securityGroupId

The ID of the security group.

vSwitchIds

The vSwitch IDs. Specify multiple IDs separated by commas (,). Virtual nodes are generated based on these vSwitches.

selectors

The pod selector. Selects pods by namespace and labels to auto-append annotations or labels.

enableClusterIp

Specifies whether to enable ClusterIP. Default value: true.

enableLogController

Specifies whether to enable the Alibaba Cloud log controller. Default value: false.

enablePVCController

Specifies whether to enable the PVC controller. Default value: false.

enablePrivateZone

Specifies whether to enable PrivateZone service discovery. Default value: false.

featureGates

Feature gates for unstable features.

See ECI overview.

Virtual nodes

An ACK Serverless cluster requires no worker node management. For Kubernetes compatibility, the cluster displays virtual nodes with massive compute capacity for elastic scaling. Virtual nodes are generated from the vSwitchIds field in the eci-profile ConfigMap and consume no compute resources.

image

Pod configuration

Add annotations to pods in an ACK Serverless cluster to customize their behavior.

Important
  • These annotations apply only to ECI-based pods on virtual nodes, not pods on regular nodes.

  • Add annotations under the metadata field of the pod. For example, when you configure a Deployment, add the annotations under spec.template.metadata.

  • Pod annotations override the same settings in the ECI profile.

Parameter

Example value

Description

Related documentation

k8s.aliyun.com/eci-security-group

sg-bp1dktddjsg5nktv****

The ID of the security group.

Assign a security group to an ECI pod

k8s.aliyun.com/eci-vswitch

vsw-bp1xpiowfm5vo8o3c****

The vSwitch ID. Specify multiple IDs for multi-zone deployment.

Create an ECI pod across multiple zones

k8s.aliyun.com/eci-schedule-strategy

vSwitchOrdered

The multi-zone scheduling strategy. Valid values:

  • vSwitchOrdered: Schedules pods to vSwitches in the specified order.

  • vSwitchRandom: Schedules pods to vSwitches at random.

k8s.aliyun.com/eci-ram-role-name

AliyunECIContainerGroupRole

The RAM role for the ECI pod to access other Alibaba Cloud services.

Configure a RAM role

k8s.aliyun.com/eci-use-specs

2-4Gi,4-8Gi,ecs.c6.xlarge

The ECI instance specifications. Supports multiple specs: vCPU-memory combinations or ECS instance types.

Specify multiple instance types for an ECI pod

k8s.aliyun.com/eci-spot-strategy

SpotAsPriceGo

The preemptible instance policy. Valid values:

  • SpotAsPriceGo: Automatically bids at the current market price.

  • SpotWithPriceLimit: Sets a maximum bid price.

Create a preemptible ECI pod

k8s.aliyun.com/eci-spot-price-limit

0.5

The price limit for the preemptible instance.

Note

This annotation is valid only when k8s.aliyun.com/eci-spot-strategy is set to SpotWithPriceLimit.

k8s.aliyun.com/eci-cpu-option-core

2

The number of physical CPU cores.

Specify CPU options

k8s.aliyun.com/eci-cpu-option-ht

1

The number of threads per core.

k8s.aliyun.com/eci-reschedule-enable

"true"

Specifies whether to enable ECI pod rescheduling.

ECI pod annotations

k8s.aliyun.com/pod-fail-on-create-err

"true"

Specifies whether to mark the pod as Failed if creation fails.

ECI pod annotations

k8s.aliyun.com/eci-image-snapshot-id

imc-2zebxkiifuyzzlhl****

The ID of the image cache.

Note

Supports manual specification or automatic matching. Automatic matching is recommended.

Use an image cache to accelerate pod creation

k8s.aliyun.com/eci-image-cache

"true"

Automatically match an image cache.

Note

Supports manual specification or automatic matching. Automatic matching is recommended.

k8s.aliyun.com/acr-instance-id

cri-j36zhodptmyq****

The ID of the Container Registry Enterprise Edition instance.

To specify an instance in another region, prefix the instance ID with the region ID. For example: "cn-beijing:cri-j36zhodptmyq****".

Pull images from a Container Registry Enterprise Edition instance without a secret

k8s.aliyun.com/eci-eip-instanceid

eip-bp1q5n8cq4p7f6dzu****

The ID of the EIP instance.

Associate an EIP with an ECI pod

k8s.aliyun.com/eci-with-eip

"true"

Specifies whether to automatically create and associate an EIP.

k8s.aliyun.com/eip-bandwidth

5

The bandwidth of the EIP.

k8s.aliyun.com/eip-common-bandwidth-package-id

cbwp-2zeukbj916scmj51m****

The ID of the EIP bandwidth plan.

k8s.aliyun.com/eip-isp

BGP

The EIP line type. Valid only for pay-as-you-go EIPs. Valid values:

  • BGP: BGP (Multi-ISP) line.

  • BGP_PRO: BGP (Multi-ISP) Pro line.

k8s.aliyun.com/eip-internet-charge-type

PayByBandwidth

The billing method of the EIP. Valid values:

  • PayByBandwidth: Pay by bandwidth.

  • PayByTraffic: Pay by data transfer.

k8s.aliyun.com/eci-enable-ipv6

"true"

Specifies whether to assign an IPv6 address.

Assign an IPv6 address to an ECI pod

k8s.aliyun.com/eci-ipv6-bandwidth-enable

"true"

Specifies whether to enable IPv6 public network access for the ECI pod.

k8s.aliyun.com/eci-ipv6-bandwidth

100M

The maximum public bandwidth of the IPv6 address.

kubernetes.io/ingress-bandwidth

40M

The inbound bandwidth.

Limit the inbound and outbound bandwidth of an ECI pod

kubernetes.io/egress-bandwidth

20M

The outbound bandwidth.

k8s.aliyun.com/eci-extra-ephemeral-storage

50Gi

The size of the temporary storage space.

Increase the size of the temporary storage space

k8s.aliyun.com/eci-eviction-enable

"true"

Specifies whether to auto-evict ECI pods with insufficient temporary storage.

Automatically evict pods that have insufficient temporary storage

k8s.aliyun.com/eci-core-pattern

/pod/data/dump/core

The directory where core dump files are saved.

View core dump files

k8s.aliyun.com/eci-ntp-server

100.100.*.*

The Network Time Protocol (NTP) server.

Configure an NTP service for a pod

k8s.aliyun.com/plain-http-registry

"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80"

The address of a self-managed image repository.

Configure this parameter to pull images over HTTP from self-managed repositories. This prevents pull failures caused by protocol mismatches.

Use a self-managed image repository

k8s.aliyun.com/insecure-registry

"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80"

The address of a self-managed image repository.

Configure this parameter to skip certificate verification for self-managed repositories with self-signed certificates. This prevents pull failures caused by certificate errors.

See ECI pod annotations.

Network management

By default, ECI pods use host network mode with an elastic network interface (ENI) on the vSwitch, enabling communication with ECS and RDS instances in the same VPC.

Type

Description

Service

  • Supports ClusterIP and LoadBalancer Service types.

  • NodePort Services and session affinity are not supported.

    Note

    ACK Serverless clusters do not support node-related features.

Ingress

  • SLB Ingress: Use Layer 7 forwarding of Server Load Balancer (SLB) without deploying a controller. See Ingress example.

  • Nginx Ingress: Deploy an Nginx Ingress Controller to create an Nginx Ingress. See ingress-nginx example.

Service discovery

For Service-based service discovery, enable PrivateZone or CoreDNS when creating the cluster. You can also enable PrivateZone through the ECI profile or install CoreDNS from the Add-ons page.

Elastic IP Address (EIP)

Associate an EIP with an ECI pod — auto-create one or bind an existing EIP.

Storage management

Mount Alibaba Cloud block storage and file storage on pods.

Storage type

Description

Alibaba Cloud Block Storage (Disk)

Alibaba Cloud File Storage (NAS)

Observability

Feature

Description

Logging

In an ACK Serverless cluster, enable Log Service by editing the eci-profile ConfigMap to collect pod logs. See Collect application logs using pod environment variables.

Monitoring

Install the arms-prometheus component for cluster monitoring. See Managed Service for Prometheus.

Image management

  • ACK Serverless clusters support image caching to accelerate pod creation. See Use an image cache.

  • When pulling images from Container Registry (ACR) Enterprise Edition in an ACK Serverless cluster, configure secret-free pulling to simplify setup.

Auto scaling

ACK Serverless clusters have no physical nodes, so no node capacity planning is needed. Configure Horizontal Pod Autoscaler (HPA) or CronHPA for on-demand pod scaling. See Auto scaling overview.

Authorization

To access other Alibaba Cloud services from application pods, configure RAM Roles for Service Accounts (RRSA).

Cluster management

Type

Description

Intelligent O&M

Use Intelligent O&M to periodically check ACK Serverless cluster health or run pre-checks for upgrades and migrations.

Upgrades

ACK Serverless clusters support seamless upgrades without service disruption.

Pro Edition

Provides a higher level of reliability, an SLA, and larger cluster capacity.

Migration

Seamlessly migrate trial or early ACK Serverless Basic Edition clusters to ACK Serverless Pro Edition for enhanced service assurance.

Component management

ACK Serverless clusters provide components to extend cluster functionality. Deploy, upgrade, or uninstall them as needed. See Manage components.

Managed components

ACK Serverless clusters manage some system components so you can focus on applications. Core Kubernetes components in an ACK Serverless cluster — including Kube Scheduler, Cloud Controller Manager, Kube Controller Manager, and Kube API Server — are managed. ACK Serverless clusters will progressively roll out managed versions of storage, networking, and monitoring components.

Important

Managed components still create objects such as ClusterRoles, ClusterRoleBindings, ServiceAccounts, Services, and ConfigMaps in the cluster. These objects consume no ECI resources. Do not modify them.

Managed components are deployed by ACK Serverless but remain accessible through the same APIs in the ACK Serverless cluster. Benefits:

  • No ECI instance resources consumed from your account, saving costs.

  • Automatically deployed and maintained in an optimal state.

  • They support a high-availability architecture.

Application management

Install Helm applications from the Marketplace on the ACK console and manage them on the Helm page. See Use Helm to simplify application deployment.

Billing

ACK Serverless clusters are available in Basic and Pro editions. Billable items and pricing vary by edition. See Billing of ACK Serverless clusters.

Limitations

Note the following ACK Serverless cluster limitations:

  • DaemonSet workloads are not supported. Use a sidecar container as a workaround.

  • You cannot specify HostPath or HostNetwork in a pod's manifest.

  • Privileged containers are not supported. Use a Security Context to add specific capabilities instead.

    Note

    The privileged container feature is in internal preview. To try this feature, submit a ticket.

  • NodePort Services and session affinity are not supported.

  • The China (Shenzhen Finance) and China GovCloud regions are not supported.

Contact us

If you have questions about ASK clusters, join the DingTalk group 31544226.

<