Starting February 17, 2025, Alibaba Cloud Container Service for Kubernetes (ACK) Serverless disables cluster creation for new users who have never created an ACK Serverless cluster. Instead, use serverless container computing capabilities through Container Compute Service (ACS). ACS clusters provide full lifecycle management for enterprise-level Kubernetes containerized applications. For more information, see ACS product overview.
-
New users: The interface for creating an ACK Serverless cluster is unavailable. To use serverless container computing:
-
Create an ACS cluster and use serverless resources within it.
-
Use serverless computing elastically in ACK Managed Cluster Pro Edition.
-
Existing users: Your current ACK Serverless clusters and new cluster creation within default quotas remain unaffected. For more information, see \[Product Changes\] Announcement on deprecation of cluster creation interface for new users of ACK Serverless clusters.
ACK Serverless is a nodeless serverless container service. Deploy and run containerized applications without provisioning or managing Kubernetes nodes — ACK Serverless handles the infrastructure, and you pay only for the CPU and memory resources allocated to your applications on a pay-as-you-go basis.
Pods run on Elastic Container Instance (ECI), where instances on which pods are deployed are isolated from each other by using the lightweight virtual sandbox technology. To control which pods run on ECI and configure their behavior, use ECI Profile — a ConfigMap in the kube-system namespace that lets you define pod selectors, networking, and feature settings.
ACK Serverless comes in two editions:
-
ACK Serverless Basic: Standard serverless clusters for development and general workloads.
-
ACK Serverless Pro: Enhanced reliability and higher service uptime for large-scale production, with seamless migration from Basic clusters. Both editions are covered by a service level agreement (SLA) with compensation clauses.
For details on ACK Serverless Pro, see ACK Serverless Pro cluster overview.
Benefits
| Benefit | Description |
|---|---|
| Out-of-the-box | Create clusters and deploy applications without managing Kubernetes nodes or servers. |
| Ultralarge capacity | Run more than 50,000 pods per cluster without additional configuration. If many pods are associated with a Service, keep the count below 20,000. |
| Second-level scaling | Scale to thousands of pods within seconds to handle traffic spikes. |
| Predictive scaling | ACK Serverless predicts resource demand from historical data and scales proactively during peak hours. |
| Kubernetes-native compatibility | Fully compatible with Kubernetes. Migrate existing Kubernetes applications without changes. |
| Isolation for security | You can deploy pods on Elastic Container Instance (ECI). Instances on which pods are deployed are isolated from each other by using the lightweight virtual sandbox technology. |
| Cost savings | Pods are created on demand. You are charged based on the resources used by your applications. The serverless architecture helps prevent resource waste and reduce O&M costs. |
| Service integration | You can seamlessly integrate containerized applications with the fundamental services of Alibaba Cloud. Containers can communicate with applications deployed on virtual machines. |
| [ACK Serverless Pro clusters](https://www.alibabacloud.com/help/en/document_detail/326290.html#concept-2122705) | Higher reliability, higher service uptime, and support for more pods compared to ACK Serverless Basic clusters. |
Comparison between ACK Serverless and ACK clusters
The following figure compares an ACK cluster (left) with an ACK Serverless cluster (right).
Use cases
| Use case | Description |
|---|---|
| Application hosting | Run applications without managing or maintaining nodes or planning cluster size, which reduces infrastructure costs. |
| Traffic spikes | For workloads with variable traffic — such as online education and e-commerce platforms — scale resources within seconds to handle spikes and release them when demand drops. See Auto scaling overview. |
| Data computing | Run batch jobs such as Spark jobs. Pods start immediately at scale and are released as soon as jobs complete. See Use ACK Serverless to create Spark tasks. |
| CI/CD | Build continuous integration environments using Jenkins or GitLab Runner. Jobs are isolated from each other, with no resource pools to maintain. See Deploy Jenkins in an ACK Serverless cluster and Elastic and cost-effective CI/CD based on ACK Serverless. |
| CronJobs | Run scheduled CronJobs. Billing stops when jobs complete, and no resource pools are required. See Use CronHPA for scheduled horizontal scaling. |
Key features
ECI Profile
Pods in ACK Serverless clusters run on ECI. Configure ECI Profile to control pods and pod-related cluster behavior. ECI Profile is a ConfigMap named eci-profile in the kube-system namespace.
| Parameter | Description |
|---|---|
vpcId |
The ID of the VPC where pods are deployed. |
securityGroupId |
The ID of the security group for the VPC. |
vSwitchIds |
The IDs of the vSwitches in the VPC. Separate multiple IDs with commas. Virtual nodes are generated based on this parameter. |
selectors |
The pod selector. Selects pods by namespace or label, and automatically adds annotations or labels. |
enableClusterIp |
Whether to use the ClusterIP. Default: true. |
enableLogController |
Whether to enable the Alibaba Cloud log controller. Default: false. |
enablePVCController |
Whether to enable the persistent volume claim (PVC) controller. Default: false. |
enablePrivateZone |
Whether to enable PrivateZone for service discovery. Default: false. |
featureGates |
Whether to enable feature gates. |
Pod annotations take precedence over the corresponding ECI Profile settings for the same feature.
For more information, see ECI overview.
Virtual nodes
ACK Serverless clusters expose virtual nodes to maintain compatibility with Kubernetes-native features. Virtual nodes provide ultra-large computing capacity and do not occupy any computing resources. They are generated from the vSwitchIds parameter in the eci-profile ConfigMap.
Pod configurations
Customize pods in ACK Serverless clusters by adding annotations to pod manifests. These annotations apply only to pods scheduled to virtual nodes (pods that run on ECI). They do not apply to pods scheduled to regular nodes.
Add annotations to the metadata field of the pod. For Deployments, add annotations in the spec.template.metadata field.
| Annotation | Example | Description | Reference |
|---|---|---|---|
k8s.aliyun.com/eci-security-group |
sg-bp1dktddjsg5nktv**** |
The ID of the security group. | Assign security groups to an ECI |
k8s.aliyun.com/eci-vswitch |
vsw-bp1xpiowfm5vo8o3c**** |
The IDs of the vSwitches. Specify multiple vSwitches across zones. | Configure multiple zones to create an ECI-based pod |
k8s.aliyun.com/eci-schedule-strategy |
vSwitchOrdered |
The multi-zone scheduling policy. Valid values: vSwitchOrdered (schedule in the order vSwitches are specified) or vSwitchRandom (schedule randomly). |
|
k8s.aliyun.com/eci-ram-role-name |
AliyunECIContainerGroupRole |
The RAM role that ECI assumes to access other Alibaba Cloud services. | Configure RAM roles |
k8s.aliyun.com/eci-use-specs |
2-4Gi,4-8Gi,ecs.c6.xlarge |
The ECI specification. Specify multiple CPU/memory combinations or ECS instance types. | Specify multiple instance specifications to create an ECI |
k8s.aliyun.com/eci-spot-strategy |
SpotAsPriceGo |
The bidding policy for preemptible instances. Valid values: SpotAsPriceGo (market price at purchase time) or SpotWithPriceLimit (specify a maximum price). |
Create a preemptible ECI |
k8s.aliyun.com/eci-spot-price-limit |
0.5 |
The maximum price for a preemptible instance. Valid only when eci-spot-strategy is set to SpotWithPriceLimit. |
|
k8s.aliyun.com/eci-cpu-option-core |
2 |
The number of physical CPU cores. | Specify CPU options |
k8s.aliyun.com/eci-cpu-option-ht |
1 |
The number of threads per core. | |
k8s.aliyun.com/eci-reschedule-enable |
"true" |
Whether to enable rescheduling for ECI. | ECI Pod Annotation |
k8s.aliyun.com/pod-fail-on-create-err |
"true" |
Whether to set the pod status to Failed if the pod fails to be created on ECI. |
ECI Pod Annotation |
k8s.aliyun.com/eci-image-snapshot-id |
imc-2zebxkiifuyzzlhl**** |
The ID of the image cache to use. To use an image cache, specify its ID or enable automatic matching. | Use ImageCache to accelerate the creation of pods |
k8s.aliyun.com/eci-image-cache |
"true" |
Whether to enable automatic image cache matching. | |
k8s.aliyun.com/acr-instance-id |
cri-j36zhodptmyq**** |
The ID of the Container Registry Enterprise Edition instance. To use an instance in a different region, prefix the ID with the region name: cn-beijing:cri-j36zhodptmyq****. |
Pull images from a Container Registry Enterprise Edition instance without using a secret |
k8s.aliyun.com/eci-eip-instanceid |
eip-bp1q5n8cq4p7f6dzu**** |
The ID of the elastic IP address (EIP) to associate with the pod. | Associate an EIP with an ECI |
k8s.aliyun.com/eci-with-eip |
"true" |
Whether to automatically create and associate an EIP with the pod. | |
k8s.aliyun.com/eip-bandwidth |
5 |
The bandwidth for the EIP. | |
k8s.aliyun.com/eip-common-bandwidth-package-id |
cbwp-2zeukbj916scmj51m**** |
The ID of the EIP bandwidth plan. | |
k8s.aliyun.com/eip-isp |
BGP |
The line type for the EIP. Valid for pay-as-you-go EIPs only. Valid values: BGP (BGP Multi-ISP) or BGP_PRO (BGP Multi-ISP Pro). |
|
k8s.aliyun.com/eip-internet-charge-type |
PayByBandwidth |
The metering method for the EIP. Valid values: PayByBandwidth or PayByTraffic. |
|
k8s.aliyun.com/eci-enable-ipv6 |
"true" |
Whether to assign an IPv6 address to the instance. | Assign an IPv6 address to an ECI-based pod |
k8s.aliyun.com/eci-ipv6-bandwidth-enable |
"true" |
Whether to enable Internet access over IPv6. | |
k8s.aliyun.com/eci-ipv6-bandwidth |
100M |
The maximum public bandwidth for the IPv6 address. | |
kubernetes.io/ingress-bandwidth |
40M |
The inbound bandwidth limit. | Limit the inbound and outbound bandwidth of an ECI |
kubernetes.io/egress-bandwidth |
20M |
The outbound bandwidth limit. | |
k8s.aliyun.com/eci-extra-ephemeral-storage |
50Gi |
The ephemeral storage capacity. | Scale up the temporary storage space |
k8s.aliyun.com/eci-eviction-enable |
"true" |
Whether to automatically evict pods that run out of ephemeral storage. | Automatically evict pods whose temporary storage spaces are insufficient |
k8s.aliyun.com/eci-core-pattern |
/pod/data/dump/core |
The directory where core dump files are stored. | Analyze application exceptions with coredumps |
k8s.aliyun.com/eci-ntp-server |
100.100.*.* |
The IP address of the Network Time Protocol (NTP) server. | Configure the NTP service |
k8s.aliyun.com/plain-http-registry |
"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80" |
The address of a self-managed image repository that uses HTTP. Add this annotation to pull images over HTTP and avoid pull failures caused by protocol mismatches. | Pull an image from a self-managed image repository |
k8s.aliyun.com/insecure-registry |
"harbor*.pre.com,192.168.XX.XX:5000,reg*.test.com:80" |
The domain name of a self-managed image repository that uses a self-signed certificate. Add this annotation to skip certificate authentication and avoid pull failures. |
For the full list of ECI pod annotations, see ECI Pod Annotation.
Network management
ECI-based pods use the host network mode by default. Each pod is assigned an elastic network interface (ENI) by the vSwitch, enabling communication with ECS instances and ApsaraDB RDS instances in the same VPC.
| Item | Description |
|---|---|
| Service | ClusterIP and LoadBalancer Services are supported. NodePort Services and Session Affinity are not supported — ACK Serverless clusters do not support node-level features. |
| Ingress | SLB Ingress: Layer 7 traffic forwarding based on Server Load Balancer (SLB) instances, no controller required. See the Ingress demo. NGINX Ingress: Available after deploying nginx-ingress-controller. See the ingress-nginx demo. |
| Service discovery | Enable PrivateZone or CoreDNS when creating the cluster. Alternatively, use ECI Profile to enable PrivateZone or install CoreDNS from the Add-ons page after cluster creation. |
| EIP | Associate elastic IP addresses (EIPs) with ECI-based pods, either by creating a new EIP automatically or by associating an existing one. |
Storage management
Mount Elastic Block Storage (EBS) disks or File Storage NAS (NAS) file systems to pods.
| Item | Description |
|---|---|
| EBS (disks) | FlexVolume (static): Mount a disk by specifying its ID. No FlexVolume installation required. See disk-flexvolume-static.yaml demo. FlexVolume (dynamic): Dynamically provision disks as volumes. See disk-flexvolume-dynamic.yaml demo. PV/PVC (dynamic): Requires installing disk-controller first. See disk-pvc-dynamic.yaml demo. |
| NAS | NFS volumes: Mount NAS file systems using NFS. See nas-nfsvolume.yaml demo. FlexVolume (static): Specify the mount target directly. No FlexVolume installation required. See nas-flexvolume.yaml demo. PV/PVC (static): Requires installing disk-controller first. See nas-pvc.yaml demo. |
Observability
| Item | Description |
|---|---|
| Logging | Modify ECI Profile to enable Simple Log Service to collect pod logs. See Collect application logs by using pod environment variables. |
| Monitoring | Install the arms-prometheus component to enable cluster monitoring. See Enable Managed Service for Prometheus. |
Image management
-
Use image caches to accelerate pod creation and reduce application response time. See Use ImageCache to accelerate the creation of pods.
-
Pull images from Container Registry Enterprise Edition instances without configuring a secret. See Pull images from a Container Registry Enterprise Edition instance without using a secret.
Auto scaling
ACK Serverless clusters are nodeless, so no cluster-autoscaler is needed. Scale applications by configuring Horizontal Pod Autoscaler (HPA) or CronHPA policies. See Auto scaling overview.
Authorization
To grant application pods access to Alibaba Cloud services, configure RAM Roles for Service Accounts (RRSA).
Cluster management
| Item | Description |
|---|---|
| Intelligent O&M | Use the intelligent O&M feature to periodically check cluster health or run prechecks before upgrades or migrations. |
| Updates | Upgrade ACK Serverless clusters without service interruptions. |
| ACK Serverless Pro | ACK Serverless Pro clusters offer higher reliability, higher service uptime, and support for more pods. |
| Migration | Upgrade trial or old ACK Serverless Basic clusters to ACK Serverless Pro clusters without service interruptions for higher service reliability. |
Component management
Deploy, update, or uninstall components from the Manage components page based on your requirements.
Managed components
ACK Serverless clusters manage the following system components so you can focus on application development: kube-scheduler, cloud-controller-manager, kube-controller-manager, and kube-apiserver. These components are deployed and maintained by ACK Serverless and are not deployed on ECI.
Managed components may create objects such as ClusterRoles, ClusterRoleBindings, ServiceAccounts, Services, and ConfigMaps. To maintain cluster stability, do not modify objects created by managed components.
Managed components provide the following benefits:
-
Reduced ECI costs
-
Automated deployment and maintenance
-
High availability architectures
Application management
Install Helm charts from the MarketplaceACK console page in the ACK console and manage them from the Helm page. See Simplify application deployment with Helm.
Billing
Billing varies by cluster type (Basic or Pro). For details, see Billing of ACK Serverless clusters.
Limitations
| Feature | Supported | Alternative or notes |
|---|---|---|
| DaemonSets | No | If your application requires a daemon, run it as a sidecar container in your pods. |
HostPath in pod manifests |
No | — |
HostNetwork in pod manifests |
No | — |
| Privileged containers | No (internal preview) | Privileged containers are not supported. You can use a security context to add capabilities to a pod. To use the privileged container feature, submit a ticket. |
| NodePort Services | No | Use ClusterIP or LoadBalancer Services instead. |
| Session Affinity | No | — |
| China South Finance region | No | — |
| Alibaba Gov Cloud region | No | — |
Contact us
For questions about ACK Serverless clusters, join the DingTalk group 31544226.