This topic describes the release notes for Container Service for Kubernetes (ACK) and provides links to the relevant references.

Background information

  • The following Kubernetes versions are supported by ACK: 1.22.3, 1.20.11, and 1.18.8.

  • The following operating systems are supported by ACK: CentOS 7.9, Alibaba Cloud Linux 3.2104, Alibaba Cloud Linux 2.1903, Windows Server 2019, and Windows Server Core 1909.

April 2022

Feature Description Region References
Auto scaling supported by node pools Auto scaling can be enabled or disabled for node pools on the Edit page of the node pools in the ACK console.
  • Before you enable auto scaling, you must click Configure Auto Scaling on the node pool details page to configure auto scaling.
  • When you enable auto scaling for a node pool, you must specify the maximum number of instances and minimum number of instances.
All regions Auto scaling of nodes
RRSA supported by ACK clusters

The RAM Roles for Service Accounts (RRSA) feature can be used to enforce access control on applications that are deployed in an ACK cluster. After you enable RRSA for a cluster, different pods in the cluster can call different API operations.

Only clusters that run Kubernetes 1.22 or later versions support RRSA. The cluster types that support RRSA include ACK standard cluster, ACK Pro cluster, serverless Kubernetes (ASK) standard cluster, and ASK Pro cluster.

All regions Use RRSA to authorize pods to access different cloud services
Expansion without service interruptions supported by disk volumes Disk volumes can be expanded without service interruptions by using the Container Storage Interface (CSI) plug-in in ACK clusters that run Kubernetes 1.16 or later. You can expand the disk and file system that are mounted to your application in the ACK console without interrupting the pods that are provisioned for the application. All regions Expand a disk volume without service interruptions
Security inspection and configuration inspection results displayed on the cluster overview page Security inspection results and configuration inspection results are displayed on the cluster overview page. The information helps you identify and eliminate the potential risks in your cluster. All regions
Alibaba Cloud Linux 3 images available when you use custom images to deploy nodes Alibaba Cloud Linux 3 images can be used as custom images for nodes when you create node pools. All regions For more information about Alibaba Cloud Linux, see Overview.
policy-template-controller released The policy-template-controller component is a Kubernetes controller that is used to manage pod security policies based on clusters and policy instances that are created from policy templates. All regions For more information about how to configure security policies for containers, see Configure and enforce ACK pod security policies.
Untrusted image detection and blocking based on policy governance The policy governance feature is integrated with the proactive defense feature of Security Center to detect the deployment of untrusted images. You can configure security policies to deny or allow the deployments of untrusted images, or generate alerts upon image deployments. This provides dynamic security management based on policies and ensures that the applications in your cluster are deployed with images that meet your security requirements. All regions Overview
Computing power allocation policies for GPU sharing supported by ACK dedicated clusters GPU sharing, GPU memory isolation, and GPU computing power isolation are supported by ACK dedicated clusters. ACK dedicated clusters also support computing power allocation policies for GPU sharing to meet various business requirements. All regions Configure a computing power allocation policy for GPU sharing
Vulnerability CVE-2021-25745 fixed

The spec.rules[].http.paths[].path field of the Ingress configuration can be used by attackers to obtain the credentials of the NGINX Ingress controller. The credentials can be used to gain access to all Secrets in the cluster.

A policy that is used to mitigate the impact of this vulnerability is provided by the policy governance feature. You can enable this policy to automatically detect and block the creation requests that match this policy.

All regions
Vulnerability CVE-2021-25746 fixed

The metadata.annotations parameter can be used by attackers to obtain the credentials of the NGINX Ingress controller. The credentials can be used to gain access to all Secrets in the cluster.

A policy that is used to mitigate the impact of this vulnerability is provided by the policy governance feature. You can enable this policy to automatically detect and block the creation requests that match this policy.

All regions

March 2022

Feature Description Region References
AHPA supported by ACK and ASK Advanced Horizontal Pod Autoscaler (AHPA) is supported by ACK clusters and ASK clusters. AHPA performs predictive scaling to provision resources based on periodic data inspection. AHPA is suitable for applications whose workloads periodically change. You can use AHPA to resolve the issue that resources cannot be deployed for applications at the earliest opportunity. Invitational preview AHPA for predictive scaling
ack-net-exporter available in application catalogs ack-net-exporter is a network monitoring tool that is developed based on extended Berkeley Packet Filter (eBPF) and Linux proc filesystem (procfs). ack-net-exporter is suitable for monitoring complex network issues in cloud-native scenarios.
  • ack-net-exporter supports the conntrack, ipvlan, and softnet metrics.
  • You can integrate ack-net-exporter with Application Real-Time Monitoring Service (ARMS) to create visualized dashboards.
All regions App Marketplace
Cluster inspection (cluster configuration inspection and security inspection) supported ACK provides the cluster inspection feature. You can enable this feature when you create a cluster. This feature allows you to periodically scan the status of clusters and identity potential risks. For example, you can use this feature to check the remaining quotas of cloud resources and the usage of key resources in Kubernetes clusters. We recommend that you enable this feature when you create a cluster. All regions Use the cluster inspection feature to identify potential risks
Application logs supported by ASK Application logs can be collected from ASK clusters. The log collection component is managed by ACK. You do not need to manually deploy pods for the component. All regions Enable Log Service
Image caches supported by ASK ASK allows you to use the ImageCache CustomResourceDefinition (CRD) to create image caches. You can use image caches to accelerate the creation of pods. All regions Use image caches to accelerate the creation of pods

February 2022

Feature Description Region References
RHEL7.9 supported by worker nodes RHEL7.9 can be selected when you select a custom OS image for worker nodes. All regions Create a Kubernetes cluster by using a custom image
Support for multiple security groups in a cluster that uses Terway In a cluster that uses the Terway network plug-in, Terway uses elastic network interfaces (ENIs) to assign IP addresses to containers. You can associate at most five security groups with an ENI that is created by Terway. This helps you regulate access control on pods in a flexible manner. All regions Associate multiple security groups with an ENI
Custom configurations for CoreDNS Custom configurations are supported for CoreDNS. You can customize the configurations of the CoreDNS component on the Add-ons page of the ACK console. The custom configurations are retained after you update the CoreDNS version.
Note You can customize configurations only for CoreDNS versions later than 1.8.4.2.
All regions Manage system components
ExternalDNS available in App Catalog You can use ExternalDNS to configure external DNS servers for Ingresses and Services in your ACK clusters. This allows you to use public DNS servers to discover Kubernetes resources in your clusters. ExternalDNS works in a similar way as kube-dns. ExternalDNS retrieves information about Services and Ingresses from the Kubernetes API server and creates DNS records. All regions Use ExternalDNS to configure external DNS servers
gRPC supported by ALB Ingresses The gRPC protocol is supported by Application Load Balancer (ALB) Ingresses. To use gRPC, add the annotation alb.ingress.kubernetes.io/backend-protocol: "grpc" . All regions Configure the HTTPS or gRPC protocol
ALB Ingresses supported by ASK Knative Knative is an open source, serverless application framework. Knative can help you deploy serverless workloads to Kubernetes and manage these workloads. ALB is a load balancing service intended for applications that use the HTTP, HTTPS, or Quick UDP Internet Connection (QUIC) protocol. ALB is highly scalable and can distribute large amounts of network traffic at Layer 7. ASK allows you to deploy ALB Ingresses based on Knative. All regions Use ALB Ingresses in Knative
Authorization management, node pools, and template management optimized The ACK console is optimized to improve user experience:
  • You can select multiple namespaces when you manage authorizations. You can grant permissions on multiple namespaces at a time.
  • A filter is added to the node management module. You can use this filter to show only unschedulable nodes. This improves the O&M efficiency.
  • You can add variables to templates when you use the template editor to manage templates. This improves the efficiency of template development.
All regions

January 2022

Feature Description Region References
Supplementation of preemptible instances supported by node pools The supplementation of preemptible instances is supported by the cost optimization scaling policy of node pools. After the supplementation of preemptible instances is enabled, the system attempts to add a new preemptible instance to the scaling group 5 minutes before a preemptible instance is reclaimed from the scaling group. All regions Manage node pools
Custom images selectable during node pool creation Custom images contain custom scripts and optimized parameters and can be used to deploy the operating systems of worker nodes. You can directly use custom images without the need to be added to a whitelist. You must use custom images that are based on Alibaba Cloud Linux 2.1903 or CentOS 7.9. All regions Manage node pools
New region ACK managed and ACK dedicated clusters are available in the China North 2 Finance region. China North 2 Finance region Supported regions
KMS keys that have automatic rotation enabled supported by Secret encryption Keys that are created in KMS can be used to encrypt Secrets in ACK Pro clusters. ACK allows you to use KMS keys that have automatic rotation enabled to encrypt Secrets in your clusters. When a key is being automatically rotated, the old key version is used to encrypt the existing Secrets in your cluster. All regions Use KMS to encrypt Kubernetes Secrets
Resource priority-based scheduling supported by Cybernetes Priority-based resource scheduling is provided by Alibaba Cloud to meet elasticity requirements in pod scheduling. A ResourcePolicy specifies the priorities of nodes in descending order for pod scheduling. When the system deploys or scales out pods for an application, pods are scheduled to nodes based on the priorities of the nodes that are listed in the ResourcePolicy. When you scale in the application, pods are deleted from nodes in the reverse sequence. All regions Configure priority-based resource scheduling

December 2021

Feature Description Region References
ACK One ACK One is a distributed cloud container platform that is provided by Alibaba Cloud. ACK One allows enterprise users to manage cloud-native applications in hybrid cloud, multi-cluster, distributed computing, and disaster recovery scenarios. You can register external Kubernetes clusters that are deployed in all regions or on all types of infrastructure with ACK One. In addition, ACK One is compatible with the APIs of open source Kubernetes. This allows you to centrally manage and maintain computing resources, networks, storage, security, monitoring, logs, jobs, applications, and traffic. All regions ACK One overview
Kubernetes 1.22.3 Kubernetes 1.22.3 can be selected when you create clusters. All regions Kubernetes 1.22 release notes
Deployment sets for node pools Deployment sets are used to manage the distribution of Elastic Compute Service (ECS) instances. ECS instances in a deployment set are distributed across multiple physical servers for high redundancy. This improves the availability of your applications. A node pool that is associated with a deployment set contains ECS nodes that are distributed across multiple physical servers. You can configure pod affinity to deploy your application pods to different ECS nodes. This way, disaster recovery is implemented and the availability of your applications is improved. All regions Associate a deployment set with a node pool
Workbench Workbench is used to log on to containers. Workbench provides higher stability and compatibility compared with the previous terminal tool. To log on to a container by using Workbench, find the container on the Pods page and click Terminal in the Actions column. All regions Connection methodsGuidelines on instance connection
Custom configurations for the NGINX Ingress controller The parameters of the NGINX Ingress controller can be configured on the Add-ons page of the ACK console. The custom configurations are retained after you update the NGINX Ingress controller. You can configure resource requests, resource limits, enable the host network mode, enable admission webhooks, and specify node selectors for the NGINX Ingress controller. All regions N/A
Prometheus monitoring dashboards Monitoring dashboards of the cloud controller manager (CCM) and kube-controller-manager are provided for ACK Pro clusters. This helps you gain better insight into your clusters. You can view the dashboards on the Prometheus Monitoring page in the Operations module of the ACK console. All regions Enable ARMS Prometheus
Log center The log of the CCM can be collected by using the log center feature. The log center feature is available in ASK Pro clusters. This improves the observability of ASK clusters. All regions Collect the logs of control plane components in an ACK managed cluster
OPA-based policy governance The Policy Governance feature is provided by ACK. This feature is developed based on the Open Policy Agent (OPA) policy engine and the gatekeeper admission controller. Policy Governance provides a variety of predefined policies that apply to more Kubernetes scenarios than pod security policies (PSPs). In addition, the configuration of these policies is easy and flexible, which helps the O&M engineers of enterprises better utilize the capabilities that are provided by ACK pod security policies. All regions Configure and enforce ACK pod security policies
Node pool priorities Node pool priorities can be specified in the node pool auto scaling policy. If multiple node pools meet the requirement, ACK selects the node pool with the highest priority for a scale-out activity. All regions Auto scaling of nodes
Open source the ALB Ingress controller on GitHub The ALB Ingress controller is compatible with the NGINX Ingress controller, and provides improved traffic routing capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and HTTP, HTTPS, and QUIC protocols. The ALB Ingress controller meets the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. All regions v2.2.0

November 2021

Feature Description Region References
ALB Ingresses-based routing ALB Ingresses can be created in the ACK console. You can create Ingress rules in ALB Ingresses and customize Ingress configurations. ALB Ingresses use ALB instances to balance the traffic loads at Layer 7. All regions Access Services by using an ALB Ingress
Support for multiple route tables by using CCM ACK uses the CCM to add route entries to the route table of the virtual private cloud (VPC) in which the cluster is deployed. This enables network connectivity between pods in the cluster. Multiple route tables can be configured for a VPC by using the CCM. To create multiple route tables for a VPC, configure the CCM on the Add-ons page or modify the CCM ConfigMap. All regions Configure multiple route tables for a VPC
Desired number of nodes The number of nodes in a node pool can be changed by setting the desired number of nodes in the node pool. If you set the desired number of nodes to a value larger than the current number of nodes, the node pool is scaled out after you submit the change. If you set the desired number of nodes to a value smaller than the current number of nodes, the node pool is scaled in after you submit the change. The scaling activity is performed based on the scaling policy that you configure when you create the node pool. All regions Manage node pools
ACK quotas The display of quotas and applications for quota increases are optimized by ACK. ACK displays the quotas of ACK managed clusters, ACK dedicated clusters, ASK clusters, ACK edge clusters, registered clusters, and other resources in the console. The ACK console also provides an entry point to Quota Center. All regions Limits
IPv4/IPv6 dual stack IPv4/IPv6 dual stack can be selected when you create an ASK cluster. You can use IPv6 addresses to access services in a cluster that has IPv4/IPv6 dual stack enabled.
To enable IPv4/IPv6 dual stack, the following prerequisites must be met:
  • The Kubernetes version of the cluster is 1.20.11-aliyun.1 or later.
  • The VPC in which the cluster is deployed supports IPv4/IPv6 dual stack.
All regions Create an ASK cluster
ContainerOS ContainerOS is an operating system that Alibaba Cloud provides for containerized development. ContainerOS is fully compatible with Kubernetes. ContainerOS is based on Alibaba Cloud Linux 3 and provides enhanced security, faster startup, and simplified system services and software packages. ContainerOS is preinstalled with components to provide out-of-the-box features in cloud-native scenarios. You can use ContainerOS in managed node pools in ACK clusters. ACK provides long-term free technical support for ContainerOS. All regions ContainerOS overview

October 2021

Feature Description Region References
Kubernetes 1.20.11 CVE-2021-25741 is discovered by the Kubernetes community. CVE-2021-25741 is a vulnerability that can be exploited by attackers to access the host directories by using a symbolic link and creating a container that has a subPath volume mounted. The severity of CVE-2021-25741 is rated as high. Update from Kubernetes 1.20 to Kubernetes 1.20.11 is supported. CVE-2021-25741 is fixed in Kubernetes 1.20.11. All regions
ClusterRole The lifecycles of ClusterRoles can be managed in the ACK console. This improves the efficiency of cluster management. All regions Customize an RBAC role
ARMS monitoring The network topology feature of Application Real-Time Monitoring Service (ARMS) is integrated with ACK, which helps enhance the cluster topology feature. This allows you to view the network topology of Services and workloads, and the network topology of resources and Alibaba Cloud services. All regions View the network topologies of a cluster
Cost analysis Application dashboards are provided by the cost analysis feature. Application dashboards provide cost trends, correlation analytic results, and cost saving suggestions and plans. All regions Enable cost analysis
Cloud-native AI component set
  • The user guide for the cloud-native AI component set is released.
  • Model management is supported.
  • Model evaluation is supported.
  • Accounts other than Alibaba Cloud accounts can be used to log on to AI Dashboard and AI Developer Console.
  • Fluid applications that use JindoRuntime can be monitored by Prometheus Monitoring.
All regions
ALB Ingress controller Application Load Balancer (ALB) Ingresses are compatible with NGINX Ingresses and provide improved traffic management based on ALB instances. ALB Ingresses support complex routing, automatic certificate discovery, and the HTTP, HTTPS, and Quick UDP Internet Connection (QUIC) protocols. These features fully meet the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. All regions ALB Ingress overview
ASK Pro cluster ASK Pro clusters offer higher reliability and security based on ASK clusters. In addition, ASK Pro clusters are covered by the service level agreement (SLA) that supports compensation clauses. This type of cluster is suitable for enterprise users who require high stability and security for large-scale workloads. ASK Pro clusters are now in public preview. All regions ASK Pro cluster overview

September 2021

Feature Description Region References
ARM node pools ARM node pools are supported by ACK clusters. You can select ECS instances of the g6r and c6r instance families when you create ARM node pools. Alibaba Cloud ARM instances offer cost savings in general-purpose computing scenarios where NGINX, Redis, and SQL are used, and provide high concurrency and high throughput in big data computing scenarios. All regions Manage node pools
Auto scaling for Windows node pools Auto scaling can be enabled for Windows node pools to improve the elasticity of your applications. All regions Create a Windows node pool
Windows images for node pools Windows images can be specified when you create node pools. Custom images based on Windows Server 2019 (kernel versions later than 1809) are supported. All regions Create a Windows node pool
Multiple security groups for a node pool More than one security group can be configured for a node pool to enforce fine-grained access control. All regions Manage node pools
IPv4/IPv6 dual stack The IPv4/IPv6 dual stack mode can be enabled when you create an ACK cluster. Then, clients can connect to the application in the ACK cluster through an IPv6 address. All regions Create an ACK managed cluster
CIS Kubernetes V1.20 Benchmark v1.0.0 CIS Kubernetes V1.20 Benchmark v1.0.0 is supported by the inspection feature for clusters of Kubernetes 1.20 and later. All regions Safety patrol inspection
Node pool scale-out policy and scale-in activity settings The node pool scale-out policy can be specified and scale-in activities can be set to allowed or disallowed when you configure the auto scaling feature. The node pool scale-out policy decides the priorities of the node pools that are to be scaled out. You can set the node pool scale-out policy to least-waste or random. All regions Auto scaling of nodes
Backup center The backup feature is in public preview. This feature allows you to back up applications deployed in both ACK clusters and self-managed clusters. The application backup feature of ACK is updated and renamed as backup center. This feature provides an all-in-one solution for you to back up, restore, and migrate both stateless and stateful applications deployed in ACK clusters. This solution meets the disaster recovery and migration requirements of stateful applications deployed in a hybrid cloud environment or across multiple clusters. All regions Backup center overview
Model evaluation for AI project acceleration Model evaluation includes model management and evaluation. This feature is used to control the versions of models trained by using the AI component set and evaluate models based on multiple metrics, such as the accuracy and recall rate. This feature also provides metrics to help you choose the model that best suits your business. All regions

August 2021

Feature Description Region References
ACK Scheduler V1.20-ack-4.0 released to support load-aware scheduling and Elastic Container Instance-based scheduling
  • Load-aware scheduling schedules pods to nodes with lower loads based on the historical statistics of node loads. This implements load balancing and prevents application or node exceptions caused by overloaded nodes.
  • Elastic Container Instance-based scheduling is a scheduling policy that Alibaba Cloud provides for elastic resource scheduling. You can add annotations to specify the resources that you want to use when you deploy applications. You can specify that only ECS instances or elastic container instances are used, or enable the system to request elastic container instances when ECS resources are insufficient. Elastic Container Instance-based scheduling can meet your resource requirements in different workload scenarios.
All regions
CCM 2.0.1 released to support weighted routing across multiple Services and the reuse of existing vServer groups.
  • The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port can be used to reuse an existing vServer group that is attached to a Server Load Balancer (SLB) instance.
  • When an SLB instance is shared among multiple Services, the annotation service.beta.kubernetes.io/alicloud-loadbalancer-weight can be used to set the weight of each Service.
  • The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain can be used to configure connection draining for an SLB instance. Only TCP and UDP are supported.
  • The annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout can be used to set the timeout value when connection draining is enabled for an SLB instance. Only TCP and UDP are supported.
All regions Cloud Controller Manager
Subscription clusters can be created. Subscription and auto-renewal are supported by the SLB instance that is attached to the Kubernetes API server of the cluster. Subscription clusters can be created. If you select the subscription billing method for a cluster, the ECS nodes and the SLB instance attached to the Kubernetes API server of the cluster use the subscription billing method. You can buy resource plans for elastic IP addresses (EIPs), NAT gateways, and Log Service projects that are used in the cluster. This allows you to complete all payments related to an ACK cluster at a time when you create the cluster and eliminates the hassle of paying the bills on a pay-as-you-go basis. All regions N/A
An existing SLB instance can be reused by the NGINX Ingress controller when you create a cluster. If you select the subscription billing method for a cluster, you can reuse an existing SLB instance for the NGINX Ingress controller. You can associate a subscription SLB instance that you previously created with the NGINX Ingress controller. This allows you to complete all payments related to an ACK cluster at a time when you create the cluster. All regions N/A
Intelligent O&M: Cluster diagnostics and global check released
  • The global check feature is released to troubleshoot issues in ACK clusters and networks. You can perform a global check on your cluster resources, components, and configurations with a click, and then obtain suggestions on how to fix issues. No parameter configurations are required.
  • The cluster diagnostics feature is released to troubleshoot nodes, pods, and networks in an ACK cluster.
All regions
ASK Ingress ALB controller The ALB Ingress controller is compatible with the NGINX Ingress controller and provides improved traffic routing capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and HTTP, HTTPS, and QUIC protocols. The ALB Ingress controller meets the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7. You can install the ALB Ingress controller when you create an ACK cluster or on the Add-ons page after the cluster is created. All regions ALB Ingress overview
Windows Server 2019 supported by ACK edge clusters Windows Server 2019 can be selected when you create node pools in the cloud for an ACK edge cluster. This improves the cloud-edge coordination capability of Windows applications. All regions N/A
Container Network File System (CNFS) enhanced to share and automatically expand Apsara File Storage NAS (NAS) volumes
  • CNFS allows you mount a NAS volume in sharepath mode to share the volume among multiple applications or pods.
  • CNFS allows you to configure auto expansion policies for NAS volumes. If the volume usage exceeds the threshold, the volume is automatically expanded.
All regions

July 2021

Feature Description Region References
Kubernetes version update Update from Kubernetes 1.18 to Kubernetes 1.20 is supported. All regions
CoreDNS CoreDNS is supported on the Add-ons page of the console. CoreDNS is the default plug-in used to implement DNS-based service discovery in ACK clusters and ACK edge clusters. CoreDNS provides domain name resolutions for services within the clusters. All regions CoreDNS
Cost analysis based on namespaces The cost analysis feature is improved to provide resource usage trends and the cost estimation of individual CPU cores per unit time for applications and pods based on namespace. All regions Enable cost analysis
Enhanced security for registered clusters The security of registered clusters is enhanced. You can install security-inspector, aliyun-acr-credential-helper, and gatekeeper in registered clusters. security-inspector is used to perform security scans. aliyun-acr-credential-helper is used to pull images without passwords. gatekeeper is used to manage OPA policies. All regions Overview
CNFS 1.0 The CNFS feature is released. CNFS allows you to abstract NAS file systems as Kubernetes resources by using CRD objects. You can use CNFS to create, delete, set quotas for, mount, monitor, and expand NAS file systems. CNFS provides a declarative management method, which is also used to manage containers. CNFS improves storage performance and data security. All regions CNFS overview

June 2021

Feature Description Region References
Resource groups selectable The resource group can be selected from a drop-down list when you create the cluster or node pool in the console. The cluster and ECS instances in the cluster are grouped into the selected resource group. Previously, the resource group was selected at the top of the console. The resource group that you select at the top of the console is used to filter resources displayed on the page, such as VPCs. All regions N/A
Visualized configuration for network policies Kubernetes network policies can be used to configure policy-based network control. You can use network policies to control traffic at the IP address or port level. ACK provides a visual interface that you can use to configure network policies in a convenient manner. All regions Use network policies
ACK Terway Hubble ACK Terway Hubble can be deployed in clusters by using App Catalog. ACK Terway Hubble is a network architecture, workload, and topology observability platform. You can deploy ACK Terway Hubble in an ACK managed cluster to gain observability into the network traffic and network policies. All regions Implement network observability by using ACK Terway Hubble
Cost analysis Cost allocations and trends of resources, applications, and containers can be provided at the node pool level. The cost analysis feature also provides cost optimization suggestions based on the current cost and the sales strategies of node pools. All regions Enable cost analysis
Auto scaling You can set this parameter to configure the interval at which the cluster is evaluated for scaling. You can specify 15 seconds, 30 seconds, and 1 minute as the scan interval. All regions Auto scaling of nodes
SANs modifiable for ASK clusters Custom subject alternative names (SANs) can be modified for the API server certificate of an ASK cluster. This allows you to update the information about the API server certificate, such as the domain name, IP address, and URL, after the ASK cluster is created. All regions Update the SAN of the API server certificate for an existing ACK cluster
Cluster security The inspection feature can be used to detect security risks in the workloads of a registered cluster. All regions Use the inspection feature to check for security risks in the workloads of a registered Kubernetes cluster
Topology-aware scheduling The following scheduling policies are supported by topology-aware CPU scheduling:
  • Dynamically adjust resource usage thresholds to improve the resource utilization of workloads with different priorities.
  • Use the Last Level Cache (L3 cache) and Memory Bandwidth Allocation (MBA) to improve the resource isolation of tasks with different priorities.
All regions

May 2021

Feature Description Region References
CIS reinforcement for worker nodes Center for Internet Security (CIS) reinforcement is supported for worker nodes. You can enable CIS reinforcement to enhance OS security for cluster nodes. CIS is a third-party security organization that is committed to leading a global community of enterprises, public service sectors, and academia to develop security best practice solutions.

CIS reinforcement supports only Alibaba Cloud Linux 2, which is the official OS image of Alibaba Cloud and the default OS image used in ACK clusters.

All regions CIS reinforcement
New region ACK Pro clusters are available in Nanjing Local Region. Nanjing Local Region N/A.
New region ACK Pro clusters are available in the China North 2 Ali Gov region on Alibaba Gov Cloud. China North 2 Ali Gov Supported regions
Cost analysis The cost analysis feature is added to help IT administrators analyze resource usage and allocate costs. This feature offers suggestions on cost savings and helps improve resource utilization. This feature provides the following services:
  • Cost analysis of cloud resources
  • Cost trend analysis
  • Suggestions on cost savings
  • Real-time cost forecasting
  • Cost allocation based on namespaces
  • Optimization of application costs
All regions Enable cost analysis
Custom SSL certificates Custom SSL certificates can be specified for SLB instances by using annotations when you create Ingresses in ASK clusters. The SSL certificates are no longer forcibly specified by using Secrets. All regions N/A
Topology-aware scheduling supported by AMD CPUs resource-controller V1.2.1-d1e280f-aliyun is released. This component works with ack-sceduler of Kubernetes 1.20.4 to support the topology-aware scheduling for AMD CPUs. All regions Topology-aware CPU scheduling

April 2021

Feature Description Region References
Kubernetes 1.20 Kubernetes 1.20 is supported. You can select this Kubernetes version when you create a cluster. All regions Kubernetes 1.20 release notes
Hot migration from ACK dedicated clusters to ACK Pro clusters Hot migration from existing ACK dedicated clusters to ACK Pro clusters is supported. You can dynamically migrate workloads from ACK dedicated clusters to ACK Pro clusters without service interruptions. All regions Hot migration from ACK dedicated clusters to ACK Pro clusters
NodeLocal DNSCache ACK NodeLocal DNSCache is a local DNS cache solution developed based on the open source NodeLocal DNSCache project. This solution consists of a DNS caching agent that runs as a DaemonSet and an admission controller that runs as a Deployment to dynamically inject data to DNSConfig. The admission controller listens on pod creation requests and dynamically modifies DNSConfig. This enables pods to use local cache to accelerate DNS lookups. All regions ACK NodeLocal DNSCache
Registered cluster The Kubernetes event center feature and the aliyun-acr-credential-helper component are supported in registered clusters. All regions Create a cluster registration proxy and register an on-premises cluster and Pull images without a password in a self-managed Kubernetes cluster
Custom configuration for control plane components Custom control plane parameters are supported in ACK Pro clusters to meet the requirements for modifying control plane parameters in production environments. You can modify the parameters of kube-apiserver and kube-controller-manager based on your requirements. All regions Customize the parameters of control plane components in ACK Pro clusters
Alerting The alerting feature is added to enable centralized alert management. ACK allows you to configure alerts to centrally manage exceptions in the cluster and provides various metrics for different scenarios. By default, the alerting feature is enabled when you create clusters. ACK allows you to deploy CRD objects in a cluster to configure and manage alert rules. All regions Alert management

March 2021

Feature Description Region References
Data export supported by node pools Information about nodes in a node pool can be exported to comma-separated values (CSV) files. This improves the O&M efficiency. All regions Manage node pools
SANs updatable for ACK managed clusters Updates to the SANs in the API server certificates are supported for ACK standard and ACK Pro clusters. All regions Customize the SAN of the API server certificate when you create an ACK cluster
Temporary kubeconfig files for cluster access Temporary kubeconfig files are supported for access to ACK clusters. The validity period of a temporary kubeconfig file used to access an ACK cluster ranges from 30 minutes to 3 days. This meets the requirements for temporary access to ACK clusters. All regions Connect to ACK clusters by using kubectl
containerd The containerd runtime is supported by ACK. You can select containerd as the container runtime when you create a cluster. You can also select containerd when you create a regular node pool or a managed node pool. This allows you to deploy both containerd containers and Docker containers in a cluster. Hot migration from Docker containers to containerd containers is not supported. To migrate from Docker containers to containerd containers, you must recreate pods. All regions Release notes for containerd

February 2021

Feature Description Region References
ACK edge Pro cluster ACK edge Pro clusters can be created. This type of cluster provides the same reliability and stability as ACK Pro clusters. The billing methods of ACK edge Pro clusters are also the same as those of ACK Pro clusters. All regions Introduction to professional edge Kubernetes clusters
Log center The log center feature is available in the ACK console. You can check the log of a cluster and the logs of control plane components in the log center. All regions View the logs of control plane components and View cluster logs
Prometheus monitoring dashboards A CoreDNS dashboard is displayed on the Prometheus Monitoring page in the ACK console. All regions Enable ARMS Prometheus
EIPs supported by node pools Public IPv4 addresses can be associated with regular node pools and managed node pools. When you create a regular node pool or a managed node pool, you can enable the nodes to automatically associate with EIPs. This enables the nodes to access the Internet. You can also configure a NAT gateway when you create a cluster to enable all nodes in the cluster to access the Internet by using the NAT gateway. All regions Manage node pools
New region ACK Pro clusters are available in the China South 1 Finance region. China South 1 Finance Introduction to professional managed Kubernetes clusters

January 2021

Feature Description Region References
Observability enabled for control plane components of ACK Pro clusters

The observabilities of the API server and etcd control components are enabled in ACK Pro clusters. You can observe these components in monitoring dashboards and receive alerts upon exceptions. This allows you to detect system exceptions and potential risks, and provides information to help you implement measures to ensure the stability of ACK clusters.

All regions

Enable ARMS Prometheus
Custom configuration for control plane components of ACK Pro clusters Custom parameters are supported for kube-apiserver and kube-controller-manager in ACK Pro clusters. This meets the requirements for custom parameters of cluster control components in production environments.

All regions

Customize the parameters of control plane components in ACK Pro clusters
Log collection for control plane components

Logs of control components, such as kube-apiserver, kube-controller-manager, and kube-scheduler, can be collected. To enable log collection, select Enable for Log Collection for Control Plane Components when you create a cluster. This helps you monitor the cluster status and detect anomalies in the cluster.

All regions

View the logs of control plane components
Preemptible instances supported by node pools Preemptible instances are supported when you set the billing method of a node pool. Preemptible instances are cost-effective. You can bid for idle resources of Alibaba Cloud, obtain the resources, and then run containers until the resources are reclaimed due to higher bids from other customers. This reduces the cost of computing resources.

All regions

Set the ratio of preemptible instances to pay-as-you-go instances
Edge node pool Edge node pools are supported in ACK edge clusters. You can abstract a set of nodes with one or more identical attributes into an edge node pool for an ACK edge cluster. This way, you can use the edge node pool to manage and perform O&M operations on nodes from different regions in a unified manner.

An edge node pool uses the basic or enhanced coordination network between the cloud and edge. The enhanced coordination network is built by using the software-defined networking (SDN) solution of ACK@Edge, and allows you to coordinate cloud and edge computing in a secure and fast network environment. This allows applications deployed in edge node pools to access the cloud through the VPC where the cluster is deployed. Compared with the basic coordination network, the enhanced coordination network provides higher network quality and improves data security.

All regions

Overview of edge node pools
Elastic node pool supported by registered clusters Node pools are supported in registered clusters. You can use a node pool to manage a set of ECS instances with the same attributes. You can also add them to a self-managed Kubernetes cluster or a Kubernetes cluster that is deployed in the public cloud of a third-party cloud service provider. This allows you to schedule resources in the cloud, data centers, and self-managed Kubernetes clusters in a unified, flexible, and cost-effective manner.

All regions

Configure auto scaling
Application backup The application backup feature is released. This feature meets the critical requirement for data security in Kubernetes clusters where an increasing number of applications are deployed. You can use application backups to restore applications that are accidentally disrupted for a long period of time. Different from the traditional single-server backup and disk backup, the application backup feature is used to back up applications and the relevant data, resource objects, and configurations. You can also use this feature to back up all resources in a namespace. This feature is available in ACK clusters and registered clusters. You can use this feature to back up applications, volumes, and persistent volumes (PVs) in a cluster, and also restore backups to other clusters.

All regions

Enable cluster backup
Cost reduction policy The ratio of preemptible instances to pay-as-you-go instances can be set in a node pool. This allows you to reduce the cost. However, you must make sure that the node pool has enough pay-as-you-go instances to ensure performance stability.

All regions

Set the ratio of preemptible instances to pay-as-you-go instances

December 2020

Feature Description Region References
New region

ACK is now available in the China (Guangzhou) region.

China (Guangzhou) Limits
Hot migration from ACK standard clusters to ACK Pro clusters Hot migration from existing ACK standard clusters to ACK Pro clusters is supported. Your services are not affected during the migration.

ACK Pro clusters are developed based on ACK managed clusters. This type of cluster provides higher reliability and security in large-scale production environments for enterprise users. ACK Pro clusters are also covered by SLAs that include compensation clauses.

All regions

Hot migration from ACK standard clusters to ACK Pro clusters
SLB specification selectable for the API server

The specification of the SLB instance that is used to access the API server can be selected when you create an ACK cluster. You can select different SLB specifications based on your business requirements. This allows you to handle different traffic loads on the API server of the cluster.

All regions

Create an ACK Pro cluster
Preemptible instances supported by node pools Preemptible instances are supported when you set the billing method of a node pool. Preemptible instances are cost-effective. You can bid for idle resources of Alibaba Cloud, obtain the resources, and then run containers until the resources are reclaimed due to higher bids from other customers. This reduces the cost of computing resources.

All regions

N/A
Kubernetes 1.18 Updates from Kubernetes 1.16 to 1.18 are supported.

All regions

Update the Kubernetes version of an ACK cluster
CronHPA Cron Horizontal Pod Autoscaler (CronHPA) can be enabled in the ACK console for your workloads. You must install ack-kubernetes-cronhpa-controller in the cluster before you enable CronHPA.

All regions

CronHPA
CentOS 7.8 CentOS 7.8 can be used as the node OS when you create a cluster or a node pool.

All regions

Manage node pools
Reinforcement based on classified protection Reinforcement based on classified protection is supported for the cloud-native Alibaba Cloud Linux operating system in compliance with Multi-Level Protection Scheme (MLPS) 2.0 level 3 standards. The following features are provided:
  • Implement identity authentication
  • Access control
  • Security auditing
  • Intrusion prevention
  • Malicious code protection

To enable reinforcement based on classified protection for the node OS when you create a cluster or a node pool, you must select Alibaba Cloud Linux 2.1903 as the node OS and select Reinforcement based on classified protection.

All regions

Volume snapshots supported by CSI Volume snapshots created from disks are supported by the CSI component of ACK. This allows you to back up and restore workload data.

All regions

Use volume snapshots created from disks
Cluster upgrade and new components ASK clusters can be upgraded. The metrics-server, cronhpa-controller, and alb-ingress-controller components can be installed and managed on the Add-ons page of the ACK console.

All regions

N/A

November 2020

Feature Description Region References
Managed node pools

Managed node pools that are provided by ACK support auto upgrade and auto repair. This provides centralized, managed, and O&M-free lifecycle management of nodes. You do not need to be concerned about the O&M of nodes, such as component upgrading, OS upgrading, or patching to fix Common Vulnerabilities and Exposures (CVE) vulnerabilities. ACK automatically fixes node exceptions for the nodes in a managed node pool.

Managed node pools are supported by ACK Pro clusters.

All regions

Overview
Kubernetes 1.18 supported by kubernetes-dashboard Kubernetes 1.18 is supported by the kubernetes-dashboard application provided by App Catalog. This fixes the issue that the pods of Kubernetes 1.18 cannot be accessed by terminals. You can find and install the Helm chart for kubernetes-dashboard from App Catalog.

All regions

App Marketplace
Performance levels of Enhanced SSDs configurable

The performance level of an enhanced SSD can be set to PL0 or PL1 when you create a cluster. This allows you to customize the performance level of your cluster.

This feature is supported by ACK Pro clusters, ACK standard clusters, ACK dedicated clusters, and ACK edge clusters.

All regions

FAQ
CCM The CCM is updated to V1.9.3.339-g9830b58-aliyun. Hash values are supported in the configurations of LoadBalancer Services. This way, when the CCM is restarted, only the backend vServer groups of the related SLB instances are updated if the Service configuration is not changed. The configurations of the related SLB instances and listeners are not updated.

All regions

Cloud Controller Manager
Disk monitoring supported by CSI Disk monitoring is supported by the latest version of the CSI component. This feature allows you to monitor the status of persistent volume claims (PVCs) through ARMS Prometheus when you use disks that are mounted by using the PVCs. You can also configure alerts by setting thresholds for the storage space and input/output operations per second (IOPS) of the disks.

All regions

N/A
Ingress controller and CoreDNS Ingress controllers and CoreDNS can be installed when you create an ASK cluster. You can also install CoreDNS on the Add-ons page of the ACK console after the cluster is created.

All regions

Create an ASK cluster
Node pools supported by registered clusters Node pools are supported in registered clusters. You can use a node pool in the ACK console to manage a set of ECS instances for a registered cluster. You can add ECS nodes from a node pool to a self-managed Kubernetes cluster or a Kubernetes cluster that is deployed in the public cloud of a third-party cloud service provider. You can also use node pools to manage the labels and taints of nodes in node pools.

All regions

Manage node pools

October 2020

Feature Description Region References
Time zone

The time zone can be selected when you create a cluster. By default, the time zone of your browser is selected.

This feature is supported by ACK Pro clusters, ACK standard clusters, ACK dedicated clusters, and ASK clusters.

All regions

Create an ACK managed cluster
Tagging supported for cloud disks, NAS file systems, and Log Service projects Cloud disks, NAS file systems, and Log Service projects with tags are supported by CSI and Logtail. Cloud disks, NAS file systems, and Log Service projects that are created by ACK for a cluster are added with the cluster ID as tags. This makes it easier to allocate resource fees.

All regions

N/A

September 2020

Feature Description Region References
New region ACK is available in the China (Ulanqab) region.

All regions

Introduction to professional managed Kubernetes clusters
SMB supported by Windows containers Server Message Block (SMB) file systems can be mounted to a Windows container. In the NAS console, you can create an SMB file system in the VPC where the cluster is deployed. You can also create a mount target for the file system. You must use the FlexVolume plug-in to mount an SMB file system.

All regions

Mount disks and SMB file systems to Windows pods
Time zone The time zone can be selected for master nodes and worker nodes when you create an ACK dedicated cluster or an ACK managed cluster.

All regions

N/A
Kubernetes 1.18 Kubernetes 1.18.8 is supported. You can select this Kubernetes version when you create a cluster.

ACK clusters of Kubernetes 1.18 or later no longer support Kubernetes Dashboard. To use Kubernetes Dashboard, we recommend that you install kubernetes-dashboard on the App Catalog page.

All regions

ACK support for Kubernetes 1.18 and [Product Changes] ACK ends support for Kubernetes Dashboard
NetworkPolicy configurable for Terway The NetworkPolicy feature can be enabled or disabled for Terway when you create a cluster.

All regions

Periodic inspection Periodic inspection policies can be configured for a cluster on the Inspections page of the ACK console.

All regions

Use the inspection feature to detect security risks in the workloads of an ACK cluster
Cluster auditing The cluster auditing feature can be enabled or disabled on the Cluster Auditing page of the ACK console.

All regions

Use cluster auditing
New components

The logtail-ds component is provided to collect container log from registered clusters, including stdout and log files of containers.

The migrate-controller component is provided to migrate applications across Kubernetes clusters. This component is developed based on the open source Velero project.

The ack-virtual-node component is provided to enable auto scaling for registered clusters.

All regions

Sandboxed-Container 2.0 Sandboxed-Container is updated to V2.0. Sandboxed-Container 2.0 has the following benefits:
  • Sandboxed-Container is a container runtime that is developed by Alibaba Cloud based on lightweight virtual machines. Compared with Sandboxed-Container 1.0, Sandboxed-Container 2.0 supports more lightweight and efficient deployment and simplifies the architecture and maintenance of ACK clusters.
  • Sandboxed-Container 2.0 reduces the resource overheads by 90% and improves the startup speed of sandboxed containers by three times.
  • Sandboxed-Container 2.0 increases the deployment density of sandboxed containers on a single node by 10 times.
  • Sandboxed-Container 2.0 supports the virtio-fs file system, which provides higher performance than the 9pfs file system.

All regions

Sandboxed-Container overview
Knative component supported by ASK clusters Knative components are supported in ASK clusters. Knative is a cloud-native and cross-platform orchestration engine for serverless applications. You can deploy Knative in ASK clusters. This allows you to use cloud resources by calling the Knative API without the need to pay for the Knative controller.

All regions

Overview

August 2020

Feature Description Region References
Gatekeeper The gatekeeper component can be installed on the Add-ons page of the ACK console. This component facilitates the management and implementation of policies that are executed by OPA in ACK clusters.

All regions

gatekeeper
Runtime inspection Runtime inspections can be performed on the Runtime Security page of the ACK console. This feature monitors the container runtime and triggers alerts upon the following types of security events: malicious image startups, attacks by viruses or malicious programs, intrusions into containers, container escapes, and high-risk operations on containers. To use this feature, you must first activate Security Center. If you use a Resource Access Management (RAM) user, make sure that the RAM user has the permissions to access Security Center.

All regions

Use the runtime security feature to monitor ACK clusters and configure alerts
Scheduled backup Scheduled backups are supported for Elastic Block Storage (EBS) devices. You can create scheduled snapshots from disks. To use this feature, you must first install the cluster-storage-operator component.

All regions

N/A
IPvlan and eBPF supported by Terway IPvlan and extended Berkeley Packet Filter (eBPF) are supported by Terway. If an elastic network interface (ENI) is shared among pods, Terway allows you to use IPvlan and eBPF for network virtualization.

Terway enables pod network virtualization by using the lightweight IPvlan technology. This allows pod traffic to bypass the network stack of the host and reduces the network performance overheads. Terway uses Cilium as the BPF agent on nodes to configure BPF rules for pod ENIs. This enables Services and network policies to be configured on ENIs. This way, requests within pod networks are forwarded to ENIs through IPvlan. This reduces network complexity.

Note This feature applies to the Alibaba Cloud Linux 2 operating system. To use this feature, you must Submit a ticket to apply to be added to a whitelist.

All regions

Work with Terway
New regions ACK Pro clusters are available in the China (Beijing), China (Shenzhen), Germany (Frankfurt), Indonesia (Jakarta), and China East 2 Finance regions. China (Beijing), China (Shenzhen), Germany (Frankfurt), Indonesia (Jakarta), and China East 2 Finance Introduction to professional managed Kubernetes clusters
ACK@Edge released for commercial use ACK@Edge is released for commercial use. ACK@Edge is a cloud-managed solution that is provided by ACK to coordinate cloud and edge computing.

All regions

ACK@Edge overview

July 2020

Feature Description Region References
ACK Pro cluster released for public preview ACK Pro clusters are released for public preview. This type of cluster is developed based on ACK managed cluster and provides higher reliability and security in large-scale production environments for enterprise users. ACK Pro clusters are also covered by SLAs that include compensation clauses. This type of cluster is suitable for the following users:
  • Internet enterprises. These enterprises deploy their business in large-scale production environments and require business management with high stability, security, and observability.
  • Big data computing enterprises. These enterprises deploy large-scale data computing services, high-performance data processing services, and other services with high elasticity. These services require clusters with high stability, high performance, and efficient computing capabilities.
  • International enterprises that run their business in China. These enterprises prioritize security and services that provide SLAs with compensation clauses.
  • Financial enterprises. These enterprises require SLAs that include compensation clauses.

All regions

Introduction to professional managed Kubernetes clusters
New regions ASK is available in the Japan (Tokyo) and Indonesia (Jakarta) regions. Japan (Tokyo) and Indonesia (Jakarta) ASK overview
CCM The CCM is updated to V1.9.3.313-g748f81e-aliyun. The following features are provided:
  • Supports deletion protection for SLB instances. By default, deletion protection is enabled for newly created SLB instances.
  • Supports modification protection for the configurations of SLB instances. By default, modification protection is enabled for the configurations of newly created SLB instances.
  • Allows you to specify the resource group for an SLB instance when you create a Service.
  • Allows you to specify the name of an SLB instance when you create a Service.
  • Allows you to mount pods in Terway mode to the backend of an SLB instance.

All regions

Cloud Controller Manager
Security management Security management is supported for your clusters. You can configure pod security policies and cluster inspections.

Pod security policy is a significant method to verify the security of pod configurations before pods are deployed. This ensures that applications are running in secure pods. Cluster inspection detects the security risks of workloads in an ACK cluster and generates inspection reports for your reference. This way, you can check whether the workloads in your ACK cluster run in a secure environment.

All regions

Configure pod security policies (earlier version)
Shared VPCs supported by ACK Shared VPCs are supported. A shared VPC can host cloud resources that are created by multiple accounts. The cloud resources include ECS instances, SLB instances, and ApsaraDB RDS instances. This provides a unified approach for you to manage cloud resources in a shared VPC. Shared VPCs are powered by the resource sharing mechanism. The Alibaba Cloud account that owns a shared VPC can share all vSwitches in the VPC with other accounts in the same organization. You can select a shared VPC when you create an ACK cluster. If you select a shared VPC for an ACK cluster, you can use only Terway as the network plug-in.

All regions

N/A
Cluster registration Cluster registration is supported. During daily O&M, you may need to deploy multiple clusters in the cloud and data centers. In some scenarios, you may even deploy clusters in the clouds of different cloud service providers. In these cases, you can register external Kubernetes clusters in the ACK console. This allows you to manage external Kubernetes clusters in the console and reduce O&M costs.

All regions

Overview
Workload management Redeployment and rollback of workloads are supported. ACK provides features on the workload management page in the ACK console, such as application redeployment and rollback. This makes it more convenient to manage your workloads.

All regions

Create a stateless application by using a Deployment

June 2020

Feature Description Region References
Taint management Taint management is supported for node pools. You can configure taints when you create or modify a node pool. This allows you to add taints to all nodes in the node pool. You can select Synchronize Node Labels and Taints to update taints for existing nodes in a node pool.

All regions

Manage taints
Application migration from virtual machines to ACK clusters Application migration from virtual machines to ACK clusters by using Server Migration Center (SMC) is supported. SMC allows you to migrate servers to Container Registry. You can use SMC to migrate containerized applications to Container Registry at low costs.

All regions

Migrate source servers to Container Registry

May 2020

Feature Description Region References
Advanced security groups Advanced security groups are supported when you create a cluster. You can select a basic security group, an advanced security group, or an existing security group. Compared with a basic security group, an advanced security group can contain up to 65,536 private IP addresses. Advanced security groups are used for clusters where a large number of containers or instances are deployed. All regions Create an ACK managed cluster
Component management The Prometheus component and Kubernetes event center can be installed from the Add-ons page of the ACK console. ACK is integrated with the most commonly used Prometheus component in the container monitoring field, and the most commonly used node-problem-detector (NPD) component in the O&M field. You can select these components when you create a cluster. You can also update and maintain the components on the Add-ons page of the ACK console. The Prometheus component is provided by ARMS. NPD is a tool used for node problem detection. NPD can export events that record node exceptions, such as Docker Engine hangs, Linux kernel hangs, network access issues, and file descriptor issues. You can click the Event Center tab on the Events page to view event details. All regions Enable ARMS Prometheus
Kubernetes 1.16.9 Kubernetes 1.16.9 is supported. You can create a cluster of Kubernetes 1.16.9. If the Kubernetes version of your cluster is earlier than V1.16.9, go to the Clusters page and choose More > Upgrade Cluster in the Actions column to update to Kubernetes 1.16.9. Compared with Kubernetes 1.16.6, Kubernetes 1.16.9 fixes the CVE-2020-8555 SSRF vulnerability for the kube-controller-manager component. All regions Vulnerability fixed: CVE-2020-8555 in kube-controller-manager
Elastic workload Elastic workloads are supported. You can go to the App Catalog page and select ack-kubernetes-elastic-workload to install the component. You can use ACK and Virtual Kubelet in combination to proportionally schedule pay-as-you-go and preemptible instances. This allows you to schedule your workloads with elasticity. All regions App Marketplace
Application center The application center feature is released in the ACK console. In earlier versions of the ACK console, after applications are deployed, the topology of the applications is not displayed in a unified view. Therefore, version management and rollback cannot be unified for continuous deployments. The application center provides a unified portal for your applications. This allows you to view the deployment of applications in a unified manner. You can also view the deployment status and changes of all ACK sub-resources that are allocated to each application. In addition, Gits and Helm charts are used to deploy applications in ACK clusters by versions. This allows you to publish or roll back different application versions deployed in ACK clusters. All regions Application Center overview

April 2020

Feature Description Region References
AGS released for commercial use Alibaba Cloud Genomics Service (AGS) is released for commercial use. AGS is an ACK-based big data compute service provided by Alibaba Cloud for users in the biotechnology industry. AGS provides efficient, elastic, and reliable services. AGS is faster in computing and more cost-effective than traditional methods. AGS uses the pay-as-you-go billing method and charges you based on the number of successful API calls in the backend. To submit a computing task, you only need to run a command to call the AGS API on the client. This process is counted as one API call. All regions AGS overview
Online expansion supported by dynamically provisioned volumes Expansion of dynamically provisioned volumes without restarting pods is supported for Kubernetes 1.16 and later. All regions Expand a disk volume without service interruptions
Ingress controller Multiple Ingress controllers can be deployed in a Kubernetes cluster. An Ingress is an important entry for Layer 7 services. If you create only one Ingress for a cluster, the routing performance may encounter a bottleneck. If an Ingress allows inbound access through the Internet and private network at the same time, security risks exist. To solve these issues, ACK provides a Helm chart for the Ingress controller when only one Ingress is used. The name of the Helm chart is ack-ingress-nginx. You can deploy multiple Ingress controllers from App Catalog. You can use YAML files to configure access to Internet-facing and internal-facing SLB instances separately. All regions Deploy Ingresses in a high-reliability architecture
New region ASK is available in the India (Mumbai) region. India (Mumbai) Create an ASK cluster

March 2020

Feature Description Region References
Component management The following features are added for component management:
  • Allows you to view the YAML files of components.
  • Allows you to perform health checks for nodes before component updates. This prevents component update failures that are caused by node drains or exceptions.
  • Allows you to manually refresh the Add-ons page.
All regions Manage system components
Self-managed ECS instances Nodes that run on self-managed ECS instances can be added to the backend of SLB instances by using the CCM. This way, the existing applications and containerized applications share the same SLB instances and inbound traffic. This is suitable for scenarios where existing applications are gradually replaced by containerized applications. All regions Cloud Controller Manager
Cluster expansion and node specification changes Cluster expansion and node specification changes are supported by Terway. When you manually expand a cluster, you may need to create nodes in new zones. In earlier versions, to create pods in a new zone, you must first add new pod vSwitches in the zone. You can add pod vSwitches in Terway ConfigMaps. When you change the specifications of a node, the maximum number of pods that are supported by Terway on the node also changes. After this release, the K8s max-pod parameter is automatically adjusted to fit the new node specifications. All regions Work with Terway
Node pool management Node pool management is supported. A node pool contains a group of nodes with the same configurations. For example, nodes in a node pool are configured with the same container runtime, OS, and security group. You can create multiple node pools for a cluster. This allows you to deploy a variety of services to different node pools in a cluster. Node pools also support auto scaling. Nodes can be automatically added when a node pool is short of required resources. All regions Manage node pools
Cluster inspection Cluster inspection is optimized. Cluster inspection is the core feature provided by ACK for cluster O&M. Cluster inspection dynamically scans clusters to identify potential risks. The optimization provides the following features:
  • Displays information about unknown hosts.
  • Checks the availability of Yellow dogUpdater, Modified (YUM).
  • Checks the availability of systemd.
All regions Use the global check feature to troubleshoot cluster issues
Kubernetes 1.16 Update to Kubernetes 1.16.6 is supported. You can update your clusters from Kubernetes 1.14.8 to 1.16.6. You can also create clusters that run Kubernetes 1.16.6. We recommend that you read the update notes before you update your clusters. All regions Update the Kubernetes version of an ACK cluster
New region ACK managed clusters are available in the China South 1 Finance region. China South 1 Finance Create an ACK managed cluster
ephemeral-storage The ephemeral-storage parameter is added for container configurations when you create an application. Ephemeral storage is a new storage resource similar to CPU and memory resources. Kubernetes uses this parameter to manage and schedule the transient storage of applications that run in Kubernetes clusters. The root directory and log directories (/var/log) of kubelet are stored on the primary partition of a node. In addition, emptyDir volumes, container log, image layers, and the writable layers of containers are also stored on the primary partition. Therefore, ephemeral-storage is used to manage the primary partition of a node. You can set requests and limits when you create an application. This allows you to schedule and manage the storage resources that are allocated from the primary partition to the application. All regions Create a stateless application by using a Deployment

February 2020

Feature Description Region References
Kubernetes 1.16 and Docker 19.03.5 Kubernetes 1.16 and Docker 19.03.5 are supported to provide enhanced cloud-native capabilities. Compared with the earlier version, Kubernetes 1.16 accelerates pod creation and improves affinity, stability, and observability. You can select Docker 19.03.5 when you create a cluster. ACK accelerates container startups and the building of images that are based on Docker 19.03.5. All regions Kubernetes 1.16 release notes
Auto scaling The auto scaling feature is updated to add the following options: the Aliyun Linux2 operating system, custom security groups, and preemptible instances with GPU capabilities. To use AliyunLinux 2 and custom security groups, you must first submit a ticket to enable them for your account. All regions

Submit a ticket.

CentOS 7.7 CentOS 7.7 is supported as the node OS. You can specify the CentOS 7.7 operating system when you create worker nodes. CentOS 7.7 is automatically used when you expand clusters or enable auto scaling for clusters. All regions

Submit a ticket.

Helm 3 Helm 3 is supported. You can install Helm 3 from App Catalog. Compared with Helm 2, Helm 3 improves the security of role assignment, provides full compatibility with Kubernetes role-based access control (RBAC) in multi-tenant scenarios, and supports hooks for more management operations. All regions For more information about how to update from Helm 2, see [Component Upgrades] Upgrade Helm V2 to V3.
New regions ASK is available in the Indonesia (Jakarta) and UK (London) regions. You can create ASK clusters in these regions in the ACK console. Indonesia (Jakarta) and UK (London) Create an ASK cluster
ClusterIP Services in ASK clusters ClusterIP Services are supported in ASK clusters. This provides more options when you deploy containerized applications in ASK clusters. You can create ClusterIP Services in an ASK cluster to enable access to your workloads from within the ASK cluster. All regions Manage Services
CCM ECS instances and elastic container instances can be attached to the backend of SLB instances that are associated with Services by using the CCM. This enables unified scheduling for application pods across worker nodes and virtual nodes. This also improves application resilience. All regions Release notes for the CCM
ACK edge clusters 32-bit and 64-bit ARM nodes are supported in ACK edge clusters. This allows ACK edge clusters to support more heterogeneous infrastructures. You can add Edge Node Service (ENS) nodes or nodes from data centers to ACK edge. All regions Add an edge node

January 2020

Feature Description Region References
Virtual nodes ClusterIP Services can be accessed by pods that are deployed on virtual nodes. This enables Kubernetes to centrally manage virtual nodes and elastic container instances. You can deploy applications on virtual nodes without the inconvenience of resource capacity planning. This meets the requirements of scenarios such as online workload scaling, offline computing, and CI/CD, and also reduces the overall computing costs. To enable this feature, log on to the console, click App Catalog, and then find and install ack-virtual-node. All regions Deploy the virtual node controller and use it to create Elastic Container Instance-based pods
API server Service account token volume projection can be enabled for the API server when you create a cluster. This enables service account authentication on pods. This feature is also required if mutual Transport Layer Security (TLS) authentication is enabled on Istio through Secret Discovery Service (SDS). All regions Create an ACK dedicated cluster
CSI CSI can be selected as the volume plug-in when you create an ACK cluster. The optimized CSI plug-in provides the following features:
  • Object Storage Service (OSS) subdirectories can be mounted to containers.
  • The Memory type emptyDir volumes are supported. The Memory type volume is a RAM-based temporary file system, whose storage space is limited by memory. This type of file system provides good performance and is typically used to provide caching space in containers.
  • Accelerated OSSFS transmission is supported. OSSFS allows you to share data by mounting OSS buckets to local file systems in Linux. To meet the requirements of big data and AI scenarios, ACK improves read speed by adjusting concurrency, block size, and libfuse configurations. For more information, see alibaba-cloud-csi-driver.
All regions Install CSI
Sandboxed containers Disks and NAS file systems can be mounted to sandboxed containers to enhance cloud-native capabilities. This allows ACK to provide the same storage performance as when these storage services are used on virtual machines. ACK also supports RootFS BLKIO Limit and disk I/O throttling on pods, and optimizes its support for multi-tenancy. All regions Mount a NAS file system to a sandboxed container and Mount a disk to a sandboxed container
ACK clusters for confidential computing ACK clusters for confidential computing are released for public preview. This type of cluster is developed on top of Intel Software Guard Extensions (SGX) and is particularly suitable for sensitive data protection and scenarios such as smart contracts in blockchains, user secrets processing, intellectual property protection, genomics computing in bioinformatics, and edge computing. You can create and manually expand ACK clusters for confidential computing. You can also enable auto scaling, and add different types of nodes to the clusters. For more information, see Create an ACK managed cluster for confidential computing and SGX application development guide. ACK also provides open source sgx-device-plugin to help you deploy SGX applications in ACK clusters. For more information, see Kubernetes device plugin for Intel SGX.
Note Intel (R) SGX is a set of CPU instruction codes that are developed by Intel. Intel (R) SGX allows you to run application code and data in a special runtime environment called enclave, which is built on top of hardware silos and memory encryption technologies. Enclaves refer to Trusted Execution Environment (TEE). No application, OS Kernel, BIOS, or hardware other than the CPU can access an enclave without verification. All data in the enclave memory is encrypted. Users encrypt the code and data in an enclave with their private keys obtained from Intel. An enclave can be started only after the signature is verified through Intel Attestation Service (IAS), which is a remote certification service of Intel.
All regions Create an ACK managed cluster for confidential computing
AGS Gene sequencing is supported by calling AGS API operations. ACK has released a set of AGS API operations. You can call these API operations to submit gene sequencing tasks. Results are automatically uploaded to your OSS buckets. This saves you the inconvenience of cluster creation and task deployments. These API operations support different SLA levels and provide computing resources based on different requirements. This allows you to reduce costs and improve efficiency. This feature is in public preview. To use the feature, submit a ticket. All regions Use AGS to process WGS tasks

December 2019

Feature Description Region References
Component management Component management is supported. You can log on to the ACK console. On the Clusters page, find the cluster that you want to manage and choose More > Manage System Components in the Actions column to manage cluster components. You can manage all system components and optional components with operations such as update, uninstall, and reinstall. Custom component configurations will be available soon. All regions Manage system components
App Catalog The ack-node-local-dns plug-in is provided in App Catalog to speed up Domain Name Service (DNS) queries. ack-node-local-dns sends internal DNS queries to CoreDNS and directly forwards external DNS queries to external DNS resolvers. ack-node-local-dns caches all queries and provides DNS caching on each node. This significantly improves the overall DNS query rate of the cluster. All regions App Marketplace
New region ACK managed clusters are available in the China East 1 Finance region. You only need to create worker nodes in an ACK managed cluster. ACK creates and manages master nodes. This type of cluster is easy to use and provides high availability at low costs. This saves you the inconvenience of master node O&M and allows you to focus on business development. China East 1 Finance Create an ACK managed cluster
NPU-accelerated ECS instances Neural processing unit (NPU)-accelerated ECS instances are supported when you create ACK managed clusters or ACK dedicated clusters. The instance type is ecs.ebman1.26xlarge, which is suitable for big data analytics and AI scenarios in video and graphics industries. All regions Create an ACK managed cluster
Terway The user experience of Terway is improved. The new user interface provides information about the number of pods that are supported by each ECS instance type when you create a cluster. When you expand a cluster, the user interface also provides multiple options. This allows you to select vSwitches for nodes and pods. The user interface is optimized to provide easy-to-read, accurate information. All regions Work with Terway

November 2019

Feature Description Region References
Cluster expansion Multiple zones and multiple data disks are supported when you expand an ACK cluster. The user interface for expanding an ACK cluster is updated to provide the same configuration options as those for creating an ACK cluster. You can select multiple zones when you expand an ACK cluster. You can also mount multiple data disks to a node and specify whether to encrypt these disks. All regions Increase the number of nodes in an ACK cluster
Custom node configurations Custom scripts, tags, and Operation Orchestration Service (OOS) are supported for node configurations. You can write custom scripts to configure nodes when you create or expand an ACK cluster. To use this feature, submit a ticket to enable this feature for your account. You can use this feature to specify the node OS. Instead of building custom images, you can directly inject scripts into standard images. Auto scaling allows you to add tags to cluster nodes. This makes it easier for you to identify cluster nodes and allocate the cost of nodes. ACK integrates OOS into the node O&M. You can go to the OOS page from the ACK console and run OOS scripts to maintain nodes on the OOS page. All regions Increase the number of nodes in an ACK cluster
Multiple zones and log auditing supported in ASK clusters Multiple zones and log auditing are supported in ASK clusters. After ASK is updated to V2.0, ASK clusters provide more cloud-native features. Cross-zone ASK clusters and log auditing are supported. You can deploy pods across zones to improve the availability of your business. You can also use log auditing to improve the security of ASK clusters. ASK clusters will be improved to provide the same features as dedicated and ACK managed clusters. All regions Create an ASK cluster
vGPU vGPU resources are provided through the vgn5i instance family to meet the requirements of AI and big data industries. You can select instance types of the vgn5i instance family when you create an ACK cluster. All regions N/A
ENI buffer pools for Terway ENI buffer pools are supported for Terway. Terway is a container network plug-in that is developed on top of Alibaba Cloud ENI. The update enables Terway to create a buffer pool of ENI IP addresses during node initialization. This accelerates pod creation and improves user experience. All regions Work with Terway
CCM External ECS instances can be added to the backend of SLB instances by using the CCM. The CCM is a system component that associates Services with SLB instances. By default, cluster nodes that host Services are mounted to the backend of the related SLB instances. The update allows you to add ECS instances outside an ACK cluster as the backend servers to the related SLB instances. This makes it easier to perform application migration and canary releases. All regions Cloud Controller Manager

October 2019

Feature Description Region References
AliyunLinux2 The AliyunLinux2 operating system is supported. AliyunLinux2 is the latest OS version that is developed by Alibaba Cloud on top of an advanced CentOS kernel version. AliyunLinux2.1903 is fully adapted to ACK. This OS version supports faster startups and optimized performance, and improves the efficiency and reliability of ACK clusters. All regions Create an ACK dedicated cluster
Ingress dashboard The Ingress dashboard is provided. In earlier versions, you must manually configure the Ingress dashboard, which is a time-consuming and error-prone task. A check box is added to the configuration page of the Ingress controller. You need to select the check box to enable the Ingress dashboard feature. This way, the Ingress dashboard is automatically installed after the cluster is created. All regions Create an ACK dedicated cluster
SLB instance specifications Multiple SLB instance specifications are supported when you create a Service. In earlier versions, when you create a LoadBalancer Service, ACK automatically creates shared-performance SLB instances. To meet your requirements in various scenarios, ACK allows you to select SLB instance specifications when you create a LoadBalancer Service. The SLB instances adopt the pay-as-you-go billing method. All regions Manage Services
EIPs for the API server An EIP can be associated to or disassociated from the API server of an ACK cluster. SLB instances provide access to the API server of an ACK cluster. When you create an ACK cluster, ACK allows you to specify an Internet-facing or internal-facing SLB instance to handle traffic to the cluster. However, you may need to change the network type of the SLB instance after the cluster is created. ACK allows you to associate an EIP with or disassociate an EIP from the SLB instance after the cluster is created. This allows you to change the access mode to the API server between Internet access and internal access. All regions Create an ACK dedicated cluster
Auto scaling of ENS nodes for ACK edge clusters The auto scaling of ENS nodes in ACK edge clusters is supported. To support edge computing scenarios, ACK allows you to configure auto scaling of ENS nodes in ACK edge clusters. This feature can be implemented by calling the API. All regions Auto scaling of nodes
New region ASK is available in the China (Zhangjiakou) region. China (Zhangjiakou) Create an ASK cluster

September 2019

Feature Description Region References
New region ACK is available in the China (Chengdu) region. You can create ACK dedicated clusters in the China (Chengdu) region.

To create ACK managed clusters in the China (Chengdu) region, submit a ticket.

China (Chengdu) Create an ACK dedicated cluster
Kubernetes 1.14.6 and new features for cluster updates The canary release of the update from Kubernetes 1.14.6 is implemented in the following regions: China (Shanghai), China (Zhangjiakou), Singapore (Singapore), and Germany (Frankfurt). Updates from Kubernetes 1.14.6 will soon be available in all regions. More features are also provided to simplify the update process. In the ACK console, you can click Upgrade Cluster on the Clusters page to update your cluster.
The new update feature adds the following improvements to secure updates:
  • A comprehensive cluster check is performed before an update.
  • You can manually pause or resume an update.
  • Detailed log of updates is retained.
  • China (Shanghai)
  • China (Zhangjiakou)
  • Singapore (Singapore)
  • Germany (Frankfurt)
Update the Kubernetes version of an ACK cluster
Node maintenance Node maintenance is supported. To maintain nodes in a cluster, you must make sure that workloads are not deployed on the nodes that you want to maintain. ACK supports node maintenance.
You can select one or more nodes that you want to maintain and set them to unschedulable on the Nodes page. You can also drain these nodes.
  • After you set a node to unschedulable, pods cannot be scheduled to the node.
  • If you drain a node, no new pods are scheduled to the nodes and existing pods on the node are migrated to other nodes. However, pods that are managed by DaemonSets are not migrated from the node.

If you have a LoadBalancer Service, you can specify whether to remove nodes that run the pods that are associated with the Service from the backend of the related SLB instance when these nodes are set to unschedulable. This allows you to flexibly manage your workloads during node maintenance.

All regions Set node schedulability
Custom node names Custom node names are supported. To manage a cluster that includes a large number of nodes, you must identify nodes by name. The default node names provided by ACK are not easy to identify. ACK allows you to customize node names when you create a cluster. When you create a cluster in the ACK console, you can select Custom Node Name in the advanced settings of the cluster. You can define a prefix, an IP substring length, and a suffix for a custom node name. The IP substring length specifies the number of digits to be truncated from the end of a node IP address and can be used to uniquely identify a node. All regions Create an ACK dedicated cluster
Advanced security groups Advanced security groups are supported when you create an ACK clusters. Compared with basic security groups, advanced security groups support more ECS instances, more ENIs, and effective management on an infinite number of private IP addresses. Advanced security groups are suitable in scenarios that require high O&M efficiency, high ECS instance specifications, and a large number of compute nodes. To meet the requirements of a large-scale cluster, you can select advanced security groups for Security Group in the advanced settings when you create the cluster. All regions Create an ACK dedicated cluster
Disk encryption and CSI Disk encryption and the CSI component are supported. ACK allows you to encrypt data disks. You can enable disk encryption for the selected data disks when you create a cluster. This feature can automatically encrypt the data that is transmitted from an ECS instance to a data disk and automatically decrypt the data when it is read. This improves data security. In addition, Kubernetes 1.14.6 supports the standard CSI plug-in, which is generally used for volume management. You can select FlexVolume or CSI when you create a cluster. All regions Create an ACK dedicated cluster and CSI overview

August 2019

Feature Description Region References
Kubernetes 1.14.6 Kubernetes 1.14.6 is supported. You can select Kubernetes 1.14.6 when you create a cluster in the ACK console. You cannot update an existing cluster to Kubernetes 1.14.6. All regions N/A
New regions ASK is available in the Singapore (Singapore), China (Hong Kong), and Australia (Sydney) regions. ASK allows you to create containerized applications without managing or maintaining clusters and nodes. You are billed based on the actual amount of resources that are consumed by the elastic container instances that run the applications.

ASK clusters allow you to focus on the design and development of applications, instead of managing the underlying infrastructures.

Singapore (Singapore)

China (Hong Kong)

Australia (Sydney)

Create an ASK cluster
ASK 2.0 ASK 2.0 is released to provide more Kubernetes-native features. ASK 2.0 supports multiple namespaces, CRD objects, RBAC, PVs, and PVCs. ASK 2.0 improves the security and isolation capability of clusters. The average price of ASK clusters is reduced by 46% due to lower costs of elastic container instances. This includes a 30% reduction in CPUs and a 65% reduction in memory. All regions Create an ASK cluster
SCC ACK clusters based on Super Computing Cluster (SCC) resources are supported. SCCs are powered by ECS Bare Metal (EBM) instances and use the high-speed Remote Direct Memory Access (RDMA) technology. SCCs improve network performance. SCCs are used in scenarios such as high-performance computing, AI, machine learning, scientific and engineering computing, data analytics, and audio and video processing. You can create SCC-based ACK clusters. This type of cluster combines high-performance infrastructure resources with lightweight and agile containers. SCC-based ACK clusters are applicable to high network throughput and compute-intensive scenarios. All regions Create an ACK dedicated cluster
Auto scaling and cross-zone scheduling Multiple scaling groups are supported for auto scaling. Cross-zone scheduling policies are supported. The auto scaling feature is optimized. You can configure multiple scaling groups so that resources of different specifications are automatically added when the scaling threshold is reached. This feature meets the requirements of running compute-intensive applications and GPU computing tasks. When you configure auto scaling policies, you can specify different scheduling policies for multiple zones, including priority policies, cost optimization policies, and zone balancing policies. This meets the requirement for resource scheduling when the cluster is deployed across multiple zones. All regions Auto scaling of nodes
Custom cluster domain names Custom cluster domain names are supported. ACK allows you to customize a cluster domain name by specifying the cluster-domain parameter. The cluster-domain parameter specifies the local domain name that is used for service discovery. If you have multiple clusters, we recommend that you customize the local domain names to simplify the management of clusters and services. ACK allows you to customize a cluster domain name when you create a cluster. This simplifies management and improves the O&M efficiency. All regions Create an ACK dedicated cluster
App Hub App Hub is provided in App Catalog. App Hub provides various cloud-native and open source containerized applications. ACK integrates App Hub into App Catalog. To deploy cloud-native applications in your cluster, log on to the ACK console and click the App Hub tab on the App Catalog page to find and install the applications with one click. This saves you the inconvenience of creating clusters and deploying applications by using a CLI. All regions App Marketplace
CCM The CCM is updated. The CCM is the core component in an ACK cluster and is responsible for managing various cloud resources, such as SLB instances and VPCs. The following features are added to the CCM:
  • SLB instances can be created with access control settings. You can specify an IP whitelist for an SLB instance that is created by ACK. This enhances the security of the ACK cluster.
  • You can specify whether to remove unschedulable nodes when you run the kubectl cordon or kubectl drain command. Cordoning and draining nodes are important features in cluster maintenance. However, the community has not reached an agreement on whether to remove a node from the backend of an SLB instance when the node is set to unschedulable for maintenance. The CCM provides an interface that allows you to specify whether to remove such nodes from the backend of the SLB instance. This ensures the flexibility of maintenance.
  • Pods can be mounted to the backend of an SLB instance by using Terway. Terway ENI is the latest network plug-in that is provided by ACK. The core feature of Terway ENI is to mount the ENI IP address of a node to a pod. The CCM allows you to mount pods instead of nodes to the backend of an SLB instance. This prevents traffic forwarding through nodes and improves network performance.
  • Node weights can be set based on the number of pods on each node for Services in Local mode. The CCM can adjust the percentage of traffic that is sent to each node based on the number of pods on each node. This balances workloads among nodes. This feature applies to only Services in Local mode.
All regions Cloud Controller Manager

July 2019

Feature Description Region References
ACK edge clusters ACK edge clusters are released for public preview. You can add edge nodes or ENS nodes to ACK edge clusters. This type of cluster supports edge computing and manages edge nodes and ENS nodes to reduce O&M costs. This type of cluster also supports autonomous edges and networks to meet the requirements in different edge computing scenarios. You can select this type of cluster on the cluster template page. China site -
Multi-cluster management The multi-cluster management feature is released for public preview. You can select Register Kubernetes Cluster on the cluster template page to add Kubernetes clusters from data centers and other public clouds to the ACK console. Then, you can deploy applications to these clusters in the console. You can manage hybrid cloud clusters and clusters that are deployed across multiple clouds. After you add self-managed clusters from data centers to ACK, you can manage these clusters by using the O&M feature that is provided by ACK. China site Create a cluster registration proxy and register an on-premises cluster
New region ACK managed clusters are available on the Alibaba Cloud Japan site.
  • Saves resources.

    You do not need to create master nodes in an ACK managed cluster. If you use another type of cluster, you must create at least three master nodes.

  • Improves O&M efficiency.

    ACK manages master nodes.

  • Ensures security.

    ACK meets various security requirements.

Japan (Tokyo) Create an ACK managed cluster
Support for multiple data disks during cluster creation Multiple data disks can be mounted to nodes when you create an ACK cluster. This saves you the inconvenience of manually adding data disks after the cluster is created. ACK formats and mounts one of the selected data disks to the docker directory. You can determine how to handle the other data disks. All regions Create an ACK dedicated cluster
Existing security groups selectable during cluster creation An existing security group can be selected when you create an ACK cluster. You can specify an existing security group for the VPC of your cluster in the advanced settings. This allows you to use custom inbound and outbound security group rules to improve the security of your cluster. All regions Create an ACK dedicated cluster
Deletion protection Deletion protection is released to ensure the security of your cluster. You are required to enter a Short Message Service (SMS) verification code when you delete a cluster. However, you may mistakenly delete the cluster by calling the API. To ensure the security of clusters, ACK supports deletion protection for clusters. You can enable deletion protection when you create a cluster. This way, you cannot delete the cluster in the console or by calling the API. To delete the cluster, you must first disable deletion protection. You can enable or disable deletion protection on the cluster details page. All regions Create an ACK dedicated cluster
Batch authorization Multiple RAM users can be authorized at the same time. You can also grant the permissions to manage all clusters. This allows you to efficiently authorize RAM users. The authorization procedure is also optimized to improve user experience. All regions Authorization overview
Time zone The time zone of an application can be synchronized to that of the node. You can select Synchronize Timezone from Node to Container when you create an application from an image. This ensures that the application pods and the host node use the same time zone. All regions Create a stateless application by using a Deployment
New region Container Registry Enterprise Edition is available in the UK (London) region. Container Registry Enterprise Edition supports large-scale image distribution with enhanced security. This service is suitable for enterprise users that require high security and large-scale nodes. UK (London) What is Container Registry?
Helm 2 charts supported by Container Registry Enterprise Edition Helm 2 charts are supported by Container Registry Enterprise Edition to make it easier for you to manage cloud-native assets. You can enable the charts component on the Overview page of your Container Registry Enterprise Edition instance. When the component is running, you can start to manage Helm chart repositories. All regions N/A

June 2019

Feature Description Region References
New regions ACK managed clusters are available in the Japan (Tokyo) and UK (London) regions on Alibaba Cloud public cloud.

Japan (Tokyo)

UK (London)

What is Container Service for Kubernetes?
Terway A new version of Terway is released. The exclusive ENI mode and the inclusive ENI mode are supported by this version. The default mode is the inclusive ENI mode.
  • The exclusive ENI mode: In this mode, the number of pods that can be deployed on a node must match the number of ENIs that can be created on the node. This mode improves network performance.
  • The inclusive ENI mode: In this mode, you can deploy multiple pods on a node. The pods share the same ENI.
All regions Work with Terway
Knative Knative is supported. Knative is a Kubernetes-based serverless framework. Knative creates a cloud-native and cross-platform orchestration standard for serverless applications. Knative implements this standard by integrating the creation of containers (or functions), workload management (auto scaling), and event models. ACK supports Knative and allows you to install and update the Build, Serving, and Eventing components. You must deploy Istio before you use Knative. ACK provides instructions to deploy sample applications, and also provides best practices for tracing, monitoring, and logging applications. All regions Overview and Use Knative to deploy serverless applications
Pod search Pods can be searched by node IP address or pod IP address. In the ACK console, choose Applications > Pods and specify a node IP address or a pod IP address to search for a pod. This saves the time to find pods that you want to manage and maintain. All regions N/A

May 2019

Feature Description Region References
New regions ACK managed clusters are available in the Australia (Sydney) region on Alibaba Cloud public cloud and the China East 2 Finance region on Alibaba Finance Cloud.

You can create ACK managed clusters in the Australia (Sydney) region on Alibaba Cloud public cloud and the China East 2 Finance region on Alibaba Finance Cloud.

Australia (Sydney)

China East 2 Finance region

What is Container Service for Kubernetes?
Genomics computing clusters for genomics computing Genomics computing clusters are released. This type of cluster uses high-performance computing (HPC) instances as worker nodes and provides a large-scale workflow engine for batch genomics computing. Genomics computing clusters are suitable for data splitting and mutation detection, and support data analytics for the following formats: BCL, FASTQ, BAM, SAM, and VCF. In the ACK console, choose Clusters > Clusters and click Create Kubernetes Cluster. In the Select Cluster Template dialog box, select Genomics Computing Cluster. All regions N/A
ACK clusters with FPGA-accelerated nodes ACK clusters with FPGA-accelerated nodes are released. This type of cluster uses FPGA F3 instances as worker nodes and is used for H265 video encoding and image conversion from JPEG to HEIF. FPGA-based video encoding reduces the processing time from more than 1 week to 15 minutes. This significantly reduces the bitrate and saves bandwidth costs when transcoding videos of the same quality. In the ACK console, choose Clusters > Clusters and click Create Kubernetes Cluster. In the Select Cluster Template dialog box, select Dedicated FPGA Cluster to create an ACK dedicated cluster with FPGA-accelerated nodes. All regions N/A
CCM The CCM is updated to V1.9.3.110-g4938309-aliyun. This version supports more SLB configuration options. The following features are provided:
  • Allows you to restrict the creation of Internet-facing SLB instances by setting parameters.
  • Allows you to change certificate IDs.
  • Allows you to specify a vSwitch when you attach an internal-facing SLB instance to a Service.
  • Allows you to set SLB instance configurations to redirect traffic from HTTP port 80 to HTTPS port 443.
All regions Cloud Controller Manager
Istio

Istio is updated to V1.1.4. Istio 1.1.4 improves self-recovery capabilities, and supports automatic recovery of the control plane and automatic updates of earlier versions. Istio is also integrated with Time Series Database (TSDB). TSDB is a database service that supports high-speed read and write operations, compressed storage, and real-time computing. To fix the local storage issues in Prometheus, TSDB provides remote storage services with high performance and high reliability at low costs.

Compared with other remote storage solutions provided by the community, TSDB is easier to use and only requires you to change the Prometheus configuration. The solution supports parallel read and write operations and is highly compatible with PromQL. TSDB is a distributed storage system with auto scaling capabilities.

All regions N/A
Container Registry Enterprise Edition Images can be synchronized across all regions worldwide for instances of Container Registry Enterprise Edition. This solves issues in the global delivery of applications and improves the business iteration efficiency for enterprises. Container Registry Enterprise Edition supports large-scale image distribution with enhanced security. It is suitable for enterprises that require high security and a large number of nodes. All regions N/A
Support for multiple zones and five master nodes during cluster creation Multiple zones and five master nodes are supported when you create an ACK dedicated cluster. This allows you to create a cross-zone ACK dedicated cluster with five master nodes to significantly improve the availability of the cluster. All regions N/A

April 2019

Feature Description Region References
Kubernetes 1.12.6 ACK managed clusters or ACK dedicated clusters in all regions can be updated from Kubernetes 1.11.5 to 1.12.6 in the ACK console. All regions N/A
Audit logs Audit logs can be collected from ACK managed clusters. An audit log records operations on the API server and allows cluster administrators to trace the activities of different users. All regions Use cluster auditing
Istio

Istio is updated to V1.1. Istio 1.1 allows you to manage Istio applications in the ACK console. You can create and manage Istio applications and services on a graphical interface. You can create different application versions, implement canary releases, set canary release policies, and also configure fault injection policies.

All regions N/A
GPU-accelerated pods supported by ASK GPU-accelerated pods are supported when you create applications in an ASK cluster. When you create an application from a template, specify the pod type as GPU in the YAML file. All regions N/A
Container Registry Enterprise Edition Container Registry Enterprise Edition is available in the China (Beijing) region. China (Beijing) What is Container Registry?
ACK clusters with FPGA-accelerated nodes ACK clusters with FPGA-accelerated nodes are released. This type of cluster uses FPGA F3 instances as worker nodes and is used for H265 video encoding and image conversion from JPEG to HEIF. FPGA-based video encoding reduces the processing time from more than 1 week to a short period of time. This significantly reduces the bitrate and reduces bandwidth costs when transcoding videos of the same quality. In the ACK console, choose Clusters > Clusters and click Create Kubernetes Cluster. In the Select Cluster Template dialog box, select Dedicated FPGA Cluster to create an ACK dedicated cluster with FPGA-accelerated nodes. All regions N/A

March 2019

Feature Description Region References
New regions ACK managed clusters are available in the China (Zhangjiakou), China (Hohhot), US (Silicon Valley), and Germany (Frankfurt) regions.

China (Zhangjiakou)

China (Hohhot)

Germany (Frankfurt)

US (Silicon Valley)

What is Container Service for Kubernetes?
Container Registry Enterprise Edition Container Registry Enterprise Edition was officially released at the Alibaba Cloud Summit on March 21, 2019. This edition provides higher security and supports large-scale image distribution. Container Registry Enterprise Edition is in public preview in the China (Shanghai) region. To use this edition, submit a ticket. China (Shanghai) What is Container Registry?
Container Registry Shared Edition Container Registry Shared Edition is available in all regions on the International site (alibabacloud.com). All regions What is Container Registry?
Kubernetes 1.12.6 Kubernetes 1.12.6 is supported. You can create a cluster of Kubernetes 1.12 in the console. All regions Create an ACK dedicated cluster
Log Service The Log Service plug-in is supported by ACK managed clusters. You can enable Log Service when you create an ACK managed cluster or an ACK dedicated cluster. After the plug-in is installed, you can use Log Service to manage Kubernetes log. All regions Create an ACK managed cluster
New region ACK managed clusters that run Windows are available. You can create this type of cluster in the ACK console or by calling the API. This way, you can create Windows containers and deploy traditional Windows applications on cloud-native platforms to achieve agility and elasticity. All regions Windows clusters are no longer supported.
IPVS The IP Virtual Server (IPVS) proxy mode is supported. Compared with the traditional iptables mode, the IPVS mode significantly improves the load balancing performance in large-scale clusters. You can use this mode in all clusters and all regions. All regions Create an ACK dedicated cluster
Cluster templates Multiple cluster templates are provided in the console. You can select templates of different cluster types based on your business requirements. Templates of the following cluster types are supported: ACK managed clusters, clusters with EBM instances, GPU-accelerated clusters, and Windows clusters. Cluster templates allow you to create ACK clusters based on your business requirements. All regions N/A
Elastic Container Instance High-specification elastic container instances are provided for genomics computing. The maximum CPU specification is increased from 8 vCPUs to 64 vCPUs. The highest specification of an elastic container instance is 64 vCPUs and 256 GiB memory. The lowest specification of an elastic container instance is 0.25 vCPU and 0.5 GiB memory. You can select a specification based on your business requirements to achieve the highest cost efficiency. All regions Limits

February 2019

Feature Description Region References
New region ACK managed clusters are available in the China (Shenzhen) region. ACK managed clusters provide the following core benefits:
  • Saves resources. You do not need to create master nodes in an ACK managed cluster. Compared with other cluster types, this cluster type saves you the costs of three master nodes.
  • Improves O&M efficiency. ACK manages the master nodes.
  • Ensures security. ACK meets various security requirements.
China (Shenzhen) Create an ACK managed cluster
App Catalog

Knative add-ons are provided in App Catalog. Knative is a scale-to-zero and request-driven computing runtime based on Kubernetes and Istio. Knative supports the deployment of serverless applications and functions.

ACK provides Knative add-ons to help you build the Knative Serving environment in your cluster.

All regions Overview
Cluster inspection Cluster inspection is supported. You can use this feature to perform in-depth checks on cluster resources, components, and configurations. This can identify the causes of errors in your cluster. Chinese mainland Use the global check feature to troubleshoot cluster issues

January 2019

Feature Description Region References
Windows containers

Windows containers are supported. This allows you to deploy and run Windows applications in containers of ACK clusters. This enables Kubernetes-based elastic scheduling and management of Window applications.

You can add Windows nodes to managed and ACK dedicated clusters.

Container Registry Enterprise Edition is in private preview. To use this service, submit a ticket.

All regions Create a Windows node pool
Container Registry Enterprise Edition Container Registry Enterprise Edition is released for internal preview. Container Registry Enterprise Edition provides container image repositories built on top of dedicated resources. This edition provides stable image building, large-scale image distribution, and image hosting with enterprise-class security. It is suitable for enterprises that require high security and a large number of nodes.

Container Registry Enterprise Edition is in private preview. To use this service, submit a ticket.

All regions What is Container Registry?
Intelligent cluster O&M Intelligent cluster O&M is available in the China (Hangzhou) region. Intelligent O&M provides the best practices for cluster management in different scenarios. This allows you to identify the causes of errors in the cluster by performing in-depth checks on cluster resources, components, and configurations. China (Hangzhou) Use the global check feature to troubleshoot cluster issues
ARMS ARMS is supported and integrated into ACK. After you install the ARMS plug-in, you can monitor the application performance in your cluster.

ARMS is a monitoring service for application performance management (APM). To monitor a Java application, you need only to attach an ARMS agent to the startup script of the application. No code change is required. ARMS enables you to locate failed API operations or slow calls, reproduce API parameters, detect memory leaks, and discover system bottlenecks. This significantly improves the efficiency of service diagnostics.

All regions Monitor application performance
Elastic Container Instance Starting January 22, 2019, you are charged for the commercial use of Elastic Container Instance. Elastic container instances are deployed as the underlying infrastructures of ASK cluster. You are charged when you create elastic container instances in ASK clusters. ASK clusters remain free of charge. All regions Billing
New regions ASK clusters are available in the China (Beijing) and China (Shenzhen) regions. ASK clusters provide improved experience with serverless containers.

China (Beijing)

China (Shenzhen)

Create an ASK cluster

December 2018

Feature Description Region References
New region ACK is available in the UK (London) region on both the China site (aliyun.com) and the International site (alibabacloud.com). UK (London) Create an ACK dedicated cluster
New region ACK managed clusters are available in the China (Shanghai), Malaysia (Kuala Lumpur), and India (Mumbai) regions on both the China site (aliyun.com) and the International site (alibabacloud.com).

China (Shanghai)

Malaysia (Kuala Lumpur)

India (Mumbai)

Create an ACK managed cluster
Node removal Nodes can be removed from an ACK cluster. You can also choose whether to release the related ECS instances. All regions Remove a node
DaemonSet DaemonSets are supported. DaemonSet is a daemon process that ensures that each node runs one replica of a pod. All regions N/A
Istio Custom Istio Ingress and Egress gateways are supported by configuring different parameters. All regions ASM
Istio CoreDNS Istio CoreDNS is supported. You can use the CoreDNS plug-in to read Istio service entries and associate the IP addresses of the services to their host addresses. All regions ASM
Existing ECS instances selectable during cluster creation Existing ECS instances can be added as worker nodes when you create an ACK managed cluster. All regions Create an ACK managed cluster

November 2018

Feature Description Region References
New region ACK managed clusters are available in the Indonesia (Jakarta) region on the International site (alibabacloud.com). Indonesia (Jakarta) Create an ACK managed cluster
Terway The Terway plug-in is released. Terway enables direct communication between containers through ENIs and provides higher network performance than Flannel. All regions Work with Terway
Thumbnail images for worker nodes Thumbnail images are used to display the performance metrics of worker nodes, which makes it easy for you to view the status of nodes. All regions N/A
Node adding Multiple existing nodes can be added to a cluster at the same time. All regions N/A
Rolling renewal of cluster certificates Rolling renewal of cluster certificates is supported to prevent certificates from expiring. All regions N/A

October 2018

Feature Description Region References
New region ACK is available in the China South 1 Finance region on Alibaba Finance Cloud. China South 1 Finance Create an ACK dedicated cluster
New regions N/A Regions outside China Create an ACK managed cluster
Deployment Version management and rollback are supported for Deployments. All regions N/A
Istio Istio is deeply integrated into ACK and Istio add-ons are supported. All regions N/A

September 2018

Feature Description Region References
Kubernetes 1.11
  • Kubernetes 1.11 is supported to provide features, such as CRD update, CoreDNS general availability (GA), pod priority settings, and preemptive scheduling.
  • Multiple Kubernetes versions are supported, such as Kubernetes 1.10 and 1.11.
  • Multi-container applications and stateful applications are supported in the console.
All regions Use a StatefulSet to create a stateful application
Container Registry Images can be pulled from the private repositories of Container Registry without a password. All regions
Auto scaling Auto scaling of nodes is supported. ACK provides the auto scaling component for nodes to automatically scale in and out. Regular instances, GPU-accelerated instances, and preemptible instances can be automatically added to or removed from an ACK cluster as required. This feature is applicable to instances that are deployed across multiple zones and diverse instance types, and also supports different scaling modes. All regions Auto scaling of nodes
Preemptible instances are supported. N/A All regions

August 2018

Feature Description Region References
ACK managed clusters ACK managed clusters are released for public preview. All regions Create an ACK managed cluster
Istio Istio add-ons are supported. All regions N/A

July 2018

Feature Description Region References
New regions N/A Australia (Sydney) Create an ACK dedicated cluster
Canary releases and phased releases are supported. N/A All regions N/A

June 2018

Feature Description Region References
New regions N/A

Japan (Tokyo)

China (Hohhot)

Create an ACK dedicated cluster
FPGA and HugePages are supported by Kubernetes 1.10. N/A All regions N/A
Application monitoring and alerting Application monitoring and alerting are supported. All regions N/A
Subscription supported when you create an ACK cluster N/A All regions Create an ACK dedicated cluster
Ingresses and the exec and attach commands supported N/A All regions Features

May 2018

Feature Description Region References
New region ACK is available in the China East 2 Finance region on Alibaba Finance Cloud. Alibaba Finance Cloud provides services in compliance with security regulations. China East 2 Finance region Create an ACK dedicated cluster
ASK released N/A All regions Create an ASK cluster
Blue-green releases, canary releases, and A/B testing supported N/A All regions N/A

April 2018

Description Region References
ACK is available in five regions in Southeast Asia, the Middle East, and India. Kubernetes 1.9 is stably supported.

Malaysia (Kuala Lumpur)

Indonesia (Jakarta)

Singapore (Singapore)

India (Mumbai)

UAE (Dubai)

Create an ACK dedicated cluster
MySQL, RDS, RabbitMQ, and Spark are supported in Service Catalog. All regions This feature is phased out.
Management of applications released by using Helm is supported in App Catalog. All regions Manage releases by using Helm

March 2018

Feature Description Region References
Kubernetes 1.9 Kubernetes 1.9.3 is supported. ACK releases Workloads API. By default, CRD is enabled. GPU scheduling is supported. You can select custom ECS images when you create a cluster. You can also reset images when you add nodes to a cluster. All regions N/A
Helm App Catalog is released to allow you to deploy applications by using Helm. All regions Manage releases by using Helm
ServiceBroker App Catalog is released to support ServiceBroker. All regions This feature is phased out.
CloudMonitor Nodes can be monitored by using CloudMonitor. All regions Monitor basic resources

January 2018

Feature Description Region References
ACK and Container Registry released on the International site (alibabacloud.com) N/A Regions outside China What is Container Service for Kubernetes?
Kubernetes 1.8.4 is supported to provide features such as security enhancement and auto scaling. N/A All regions Auto scaling of nodes
FlexVolume The FlexVolume plug-in is released to support disks, NAS file systems, and OSS buckets. All regions Disk volume overview, NAS volume overview, and OSS volume overview
Network policies and bandwidth throttling Kubernetes network policies and bandwidth throttling are supported. This improves network performance. All regions Use annotations to configure load balancing
EBM instances supported N/A All regions N/A

October 2017

Feature Description Region References
Kubernetes 1.8.1 Kubernetes 1.8.1 is supported. All regions What is Container Service for Kubernetes?
Blockchain solutions released for public preview N/A All regions N/A

August 2017

Feature Description Region References
Kubernetes 1.7.2 N/A All regions Create an ACK dedicated cluster