High-performance cluster management |
- ACK provides three types of clusters: ACK dedicated cluster, ACK managed cluster,
and serverless Kubernetes (ASK) cluster.
- By default, the control plane of an ACK managed cluster is deployed across three zones
to ensure high availability.
- ACK allows you to add thousands of Elastic Compute Service (ECS) nodes to a single
cluster. For more information about resource quotas, see Resource quota limits.
- ACK allows you to deploy a cluster across different zones and register external clusters
with ACK, which helps implement centralized management for your services. For more
information about registered clusters, see Overview.
|
Ultrahigh resource elasticity |
- ACK can automate pod scaling based on the resource utilization of pods.
- ACK can scale out to thousands of nodes within minutes.
- ACK supports fast startup of elastic container instances in ASK clusters. You can
launch up to 500 elastic container instances in an ASK cluster within 30 seconds.
- ACK supports push-button vertical or horizontal scaling.
- ACK allows you to configure affinity rules for services to help you better schedule
your business.
- ACK provides native support for open source Horizontal Pod Autoscaler (HPA), Vertical
Pod Autoscaler (VPA), and Kubernetes Autoscaler.
- ACK provides the scheduled scaling capability, which is similar to the function of
CronHPA. ACK also supports serverless scalability, which is similar to the function
of vk-autoscaler.
- ACK provides fine-grained scheduling for online business based on the elastic workload
feature.
- ACK provides the alibaba-metrics-adapter component to meet different scaling needs.
ACK also optimizes application scaling by using Ingress gateways and Sentinel-based
flow control.
|
All-in-one container management |
- Application management:
- ACK supports canary release, blue-green deployment, application monitoring, and application
autoscaling.
- ACK provides a built-in application marketplace that supports push-button deployment,
which allows you to quickly deploy applications by using Helm.
- Image registry based on Container Registry (What is Container Registry?):
- Container Registry provides highly available image hosting and high-concurrency image
distribution.
- Container Registry supports image acceleration.
- Container Registry supports large-scale P2P image distribution and can concurrently
distribute images to up to 10,000 nodes through an optimized distribution procedure,
delivering four times the distribution efficiency when compared with conventional
methods.
Note Self-managed image registries may fail to respond when millions of clients attempt
to pull images at the same time. Container Registry is a more reliable alternative
which is fully managed, helping you reduce maintenance workloads and keep applications
up-to-date.
- Logging:
- ACK collects cluster logs to Log Service.
- ACK supports integration with third-party open source logging solutions.
- Monitoring:
- ACK supports container-level and VM-level monitoring.
- ACK supports integration with third-party open source monitoring solutions.
|
Support for a variety of nodes |
- ACK supports the following types of nodes:
- Nodes equipped with x86-based computing resources, such as ECS instances based on
the x86 architecture.
- Nodes equipped with heterogeneous computing resources, such as GPU-accelerated ECS
instances, NPU-accelerated ECS instances, and FPGA-accelerated ECS instances.
- Nodes equipped with bare metal computing resources, such as ECS bare metal instances.
- Nodes equipped with serverless computing resources, such as ACK virtual nodes.
- Edge nodes. ACK@Edge supports centralized management of nodes in the cloud and nodes at the edge, and
implements unified application release. This increases application release efficiency
by three times.
- ACK supports the following billing methods:
- Preemptible instance
- Subscription
- Pay-as-you-go
|
Optimized IaaS capabilities |
|
Enterprise-grade security and stability |
ACK adopts a multi-layer security mechanism to protect the underlying infrastructure,
intermediate software supply chains, and top-layer runtime environments.
- Multi-layer security capabilities:
- Infrastructure security: ACK provides complete network isolation and end-to-end data
encryption, and implements an authorization system based on Alibaba Cloud Resource
Access Management (RAM) and Kubernetes Role-Based Access Control (RBAC). This enables
fine-grained permission management and comprehensive auditing.
- Software supply chain security: ACK provides a secure DevSecOps pipeline that provides
protection across the entire development lifecycle, including the cloud-native delivery
chain, image scanning, image signing, and image synchronization.
- Runtime security: ACK ensures runtime security based on multiple capabilities, including
application-level security policies, configuration inspections, runtime monitoring
and alerting, and key encryption and management.
- Built-in security capabilities:
- ACK provides optimized OS images and supports Kubernetes versions and Docker versions
with enhanced stability and security.
- ACK enhances the security compliance of cluster configurations, system components,
and OS images based on the Center for Internet Security (CIS) Benchmark and Alibaba
Cloud best practices for container security.
- ACK grants worker nodes minimum permissions to manage cloud resources by default.
- Sandboxed-Container: Sandboxed-Container is a container runtime developed by ACK for enhancing container
security. You can use Sandboxed-Container to run an application in a sandboxed and
lightweight VM, which has a dedicated kernel. Sandboxed-Container is suitable for
isolating untrusted applications, unhealthy applications, low-performance applications,
and workloads among users.
- TEE-based confidential computing: ACK provides a cloud-native, all-in-one solution for confidential computing based
on Intel Software Guard Extensions (Intel SGX). This solution ensures data security,
integrity, and confidentiality when you develop, manage, and deliver trusted applications
and confidential computing tasks. The confidential computing capabilities provided
by ACK allow you to isolate sensitive data and code by using a trusted execution environment.
|
24/7 technical support |
ACK provides 24/7 technical support through the ticketing system. |