Container Service for Kubernetes (ACK) is one of the first services to pass the Certified Kubernetes Conformance Program. ACK provides high-performance management services for containerized applications. You can manage enterprise-level containerized applications throughout the application lifecycle. This service allows you to run containerized applications in the cloud in an efficient manner.
ACK provides the following three cluster types: dedicated Kubernetes cluster, managed Kubernetes cluster, and serverless Kubernetes cluster.
|Item||Dedicated Kubernetes cluster||Managed Kubernetes cluster||Serverless Kubernetes|
|Feature||You must create master nodes and worker nodes.||You need only to create worker nodes. ACK creates and manages master nodes.||You do not need to create master nodes or worker nodes.|
|Dedicated Kubernetes clusters allow you to manage the cluster infrastructure in a finer-grained manner. You must design, maintain, and upgrade the clusters on your own.||Managed Kubernetes clusters are easy to use, cost-effective, and highly available. You do not need to manage master nodes.||Serverless Kubernetes clusters allow you to start applications directly. You do not need to manage nodes.|
|Billing method||Cluster management is free of charge. However, you are charged for master nodes, worker nodes, and infrastructure resources.||
||You are charged based on the amount of resources consumed by pods and the resource usage duration. The duration is measured in seconds.|
|Scenarios||Applies to all scenarios.||Applies to all scenarios.||Applies to batch tasks, urgent application scale-out, and continuous integration and continuous delivery (CI/CD) testing.|
|Cluster creation procedure|
- Cluster management
- Cluster creation: You can create multiple types of cluster based on your requirements, choose multiple types of worker node, and customize the configurations on demand. For more information, see Create a professional managed Kubernetes cluster, Create a managed Kubernetes cluster, and Create a dedicated Kubernetes cluster.
- Cluster upgrade: You can upgrade Kubernetes with a few clicks and manage the upgrade of system components in a unified manner. For more information, see Upgrade the Kubernetes version of an ACK cluster.
- Elastic scaling: You can scale up or scale down resources in the console with a few clicks based on your requirements. You can also use service-level affinity rules and perform horizontal scaling.
- Multi-cluster management: You can manage applications in data centers and clusters in multiple clouds and regions in a unified manner.
- Permission management: You can grant permissions to users in the Resource Access Management (RAM) console or by using role-based access control (RBAC) policies.
- Node pool management
You can manage the lifecycle of node pools. You can configure different specifications for node pools in a cluster, such as vSwitches, runtimes, operating systems, and security groups. For more information, see Node pool overview.
- Application management
- Application creation: You can create multiple types of application from images and templates. You can configure environment variables, application health checks, data disks, and logging.
- Application lifecycle management: You can view, update, and delete applications, roll back application versions, view application events, perform rolling updates of applications, use new application versions to replace earlier application versions, and use triggers to redeploy applications.
- Application pod scheduling: You can schedule application pods based on the following three policies: pod affinity, node affinity, and pod anti-affinity.
- Application pod scaling: You can scale the number of application pods manually or by using the Horizontal Pod Autoscaler (HPA).
- Application release: Phased release and blue-green release are supported.
- App Catalog: You can use App Catalog to simplify the integration of Alibaba Cloud services.
- Application Center: After an application is deployed, the application center displays the topology of the application on one page. You can also manage and roll back the application version in scenarios such as continuous deployment.
- Application backup and recovery: You can back up Kubernetes applications and restore applications from backup data. For more information, see Back up and restore applications.
- Storage methods
- Storage plug-ins: FlexVolume and CSI are supported. For more information, see CSI overview and FlexVolume overview.
- Volumes and persistent volume claims (PVCs):
- You can create Block Storage volumes, Apsara File Storage NAS (NAS) volumes, Object Storage Service (OSS) volumes, and Cloud Paralleled File System (CPFS) volumes.
- You can bind a volume to a PVC.
- You can dynamically create and migrate volumes.
- You can view and update volumes and PVCs by running scripts.
- You can set up container networks based on the Flannel or Terway plug-in. For more information, see Overview.
- You can specify CIDR blocks for Services and pods.
- You can use the NetworkPolicy feature. For more information, see Use network policies.
- You can use Ingresses to route requests.
- You can use DNS-based service discovery. For more information, see Overview.
- O&M and security
- Monitoring: You can monitor clusters, nodes, applications, and pods. You can use the Prometheus plug-in.
- Logging: You can view cluster logs, pod logs, and application logs.
- Alerting: You can configure alerts to manage exceptions in the cluster based on various metrics for different scenarios. For more information, see Alert management.
- Cost analysis: provides visualized analysis on resource usage and cost distribution to help improve resource utilization.
- Runtime Security: allows you to manage security policies of the container runtime, configure routine inspections of application security, and configure security monitoring and alerting on the runtime. This enhances the overall security capabilities of containers.
- Sandboxed-Container: allows you to run an application in a sandboxed and lightweight virtual machine. This virtual machine has a dedicated kernel, isolates applications from each other, and provides enhanced security. Sandboxed-Container is suitable in scenarios such as untrusted application isolation, fault isolation, performance isolation, and load isolation among multiple users.
- TEE-based confidential computing: provides a cloud-native and all-in-one solution for developing, managing, and delivering trusted, confidential computing applications based on Intel Software Guard Extensions (SGX). This solution ensures data security, integrity, and confidentiality. Confidential computing allows you to isolate sensitive data and code by using a trusted execution environment.
The following figure shows the architecture of the Alibaba Cloud Container Service product portfolio.
- Alibaba Cloud Container Registry provides managed security services and lifecycle management of cloud-native assets. The service distributes images to clusters in different scenarios and is seamlessly integrated with ACK to provide an all-in-one solution for cloud-native application management.
- Alibaba Cloud Service Mesh (ASM) is a managed service mesh platform that allows you to manage the traffic of an application that uses the microservices architecture in a unified manner. ASM is compatible with the open source Istio service mesh platform and allows you to manage the traffic of multiple Kubernetes clusters. ASM provides a unified way to manage the communications among containerized applications and applications on virtual machines.
- Alibaba Cloud Serverless Kubernetes (ASK) provides serverless Kubernetes clusters based on elastic computing. You can create containerized applications without managing or maintaining clusters.
- Alibaba Cloud Genomics Service (AGS) is a genome sequencing and secondary analysis service based on big data. It serves biotechnology industry users. AGS is an efficient, elastic, and reliable service that requires low costs.
- ACK@Edge is a Kubernetes cluster based on the standard Kubernetes runtime environment. It integrates the cloud, edge, and terminals to deliver, maintain, and manage applications. The service also enhances node autonomy in edge clusters.
Click the following button to start using ACK.