Container Service for Kubernetes (ACK) is one of the first services to pass the Certified Kubernetes Conformance Program. ACK provides high-performance management services for containerized applications. You can manage enterprise-level containerized applications throughout the application lifecycle. This service allows you to run containerized applications in the cloud in an efficient manner.

Cluster types

ACK provides the following three cluster types: dedicated Kubernetes cluster, managed Kubernetes cluster, and serverless Kubernetes cluster.

Item Dedicated Kubernetes cluster Managed Kubernetes cluster Serverless Kubernetes
Feature You must create master nodes and worker nodes. You need only to create worker nodes. ACK creates and manages master nodes. You do not need to create master nodes or worker nodes.
Dedicated Kubernetes clusters allow you to manage the cluster infrastructure in a finer-grained manner. You must design, maintain, and upgrade the clusters on your own. Managed Kubernetes clusters are easy to use, cost-effective, and highly available. You do not need to manage master nodes. Serverless Kubernetes clusters allow you to start applications directly. You do not need to manage nodes.
Billing method Cluster management is free of charge. However, you are charged for master nodes, worker nodes, and infrastructure resources.
  • Standard managed clusters: Cluster management is free of charge. However, you are charged for worker nodes and infrastructure resources.
  • Professional managed clusters: Cluster management is charged based on the number of clusters.
You are charged based on the amount of resources consumed by pods and the resource usage duration. The duration is measured in seconds.
Scenarios Applies to all scenarios. Applies to all scenarios. Applies to batch tasks, urgent application scale-out, and continuous integration and continuous delivery (CI/CD) testing.
User profile Dedicated Kubernetes cluster 2 3
Cluster creation procedure Dedicated Kubernetes cluster Managed Kubernetes cluster ASK

Features

  • Cluster management
  • Node pool management

    You can manage the lifecycle of node pools. You can configure different specifications for node pools in a cluster, such as vSwitches, runtimes, operating systems, and security groups. For more information, see Node pool overview.

  • Application management
    • Application creation: You can create multiple types of application from images and templates. You can configure environment variables, application health checks, data disks, and logging.
    • Application lifecycle management: You can view, update, and delete applications, roll back application versions, view application events, perform rolling updates of applications, use new application versions to replace earlier application versions, and use triggers to redeploy applications.
    • Application pod scheduling: You can schedule application pods based on the following three policies: pod affinity, node affinity, and pod anti-affinity.
    • Application pod scaling: You can scale the number of application pods manually or by using the Horizontal Pod Autoscaler (HPA).
    • Application release: Phased release and blue-green release are supported.
    • App Catalog: You can use App Catalog to simplify the integration of Alibaba Cloud services.
    • Application Center: After an application is deployed, the application center displays the topology of the application on one page. You can also manage and roll back the application version in scenarios such as continuous deployment.
    • Application backup and recovery: You can back up Kubernetes applications and restore applications from backup data. For more information, see Back up and restore applications.
  • Storage methods
    • Storage plug-ins: FlexVolume and CSI are supported. For more information, see CSI overview and FlexVolume overview.
    • Volumes and persistent volume claims (PVCs):
      • You can create Block Storage volumes, Apsara File Storage NAS (NAS) volumes, Object Storage Service (OSS) volumes, and Cloud Paralleled File System (CPFS) volumes.
      • You can bind a volume to a PVC.
      • You can dynamically create and migrate volumes.
      • You can view and update volumes and PVCs by running scripts.
  • Network
    • You can set up container networks based on the Flannel or Terway plug-in. For more information, see Overview.
    • You can specify CIDR blocks for Services and pods.
    • You can use the NetworkPolicy feature. For more information, see Use network policies.
    • You can use Ingresses to route requests.
    • You can use DNS-based service discovery. For more information, see Overview.
  • O&M and security
    • Observability
      • Monitoring: You can monitor clusters, nodes, applications, and pods. You can use the Prometheus plug-in.
      • Logging: You can view cluster logs, pod logs, and application logs.
      • Alerting: You can configure alerts to manage exceptions in the cluster based on various metrics for different scenarios. For more information, see Alert management.
    • Cost analysis: provides visualized analysis on resource usage and cost distribution to help improve resource utilization.
    • Runtime Security: allows you to manage security policies of the container runtime, configure routine inspections of application security, and configure security monitoring and alerting on the runtime. This enhances the overall security capabilities of containers.
    • Sandboxed-Container: allows you to run an application in a sandboxed and lightweight virtual machine. This virtual machine has a dedicated kernel, isolates applications from each other, and provides enhanced security. Sandboxed-Container is suitable in scenarios such as untrusted application isolation, fault isolation, performance isolation, and load isolation among multiple users.
    • TEE-based confidential computing: provides a cloud-native and all-in-one solution for developing, managing, and delivering trusted, confidential computing applications based on Intel Software Guard Extensions (SGX). This solution ensures data security, integrity, and confidentiality. Confidential computing allows you to isolate sensitive data and code by using a trusted execution environment.

Architecture

The following figure shows the architecture of the Alibaba Cloud Container Service product portfolio.

Architecture
  • Alibaba Cloud Container Registry provides managed security services and lifecycle management of cloud-native assets. The service distributes images to clusters in different scenarios and is seamlessly integrated with ACK to provide an all-in-one solution for cloud-native application management.
  • Alibaba Cloud Service Mesh (ASM) is a managed service mesh platform that allows you to manage the traffic of an application that uses the microservices architecture in a unified manner. ASM is compatible with the open source Istio service mesh platform and allows you to manage the traffic of multiple Kubernetes clusters. ASM provides a unified way to manage the communications among containerized applications and applications on virtual machines.
  • Alibaba Cloud Serverless Kubernetes (ASK) provides serverless Kubernetes clusters based on elastic computing. You can create containerized applications without managing or maintaining clusters.
  • Alibaba Cloud Genomics Service (AGS) is a genome sequencing and secondary analysis service based on big data. It serves biotechnology industry users. AGS is an efficient, elastic, and reliable service that requires low costs.
  • ACK@Edge is a Kubernetes cluster based on the standard Kubernetes runtime environment. It integrates the cloud, edge, and terminals to deliver, maintain, and manage applications. The service also enhances node autonomy in edge clusters.

Use ACK

Click the following button to start using ACK.

Use ACK

References

Kubernetes official website