This topic describes the historical release notes for Container Service for Kubernetes (ACK) features that were released in 2022.
Supported versions and operating systems
Kubernetes versions supported by ACK: 1.24, 1.22, and 1.20.
Operating systems supported by ACK: CentOS 7.9, Alibaba Cloud Linux 3.2104, Alibaba Cloud Linux 2.1903, Windows Server 2019, and Windows Server Core 1909.
December 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Custom parameters for kube-scheduler | kube-scheduler, the default scheduler for ACK Pro clusters, now supports custom parameters and bin packing. Manage kube-scheduler from the Add-ons page in the ACK console. | All regions | None |
| Cluster registration with onectl in ACK One | onectl is a command-line tool for registering clusters with Alibaba Cloud. It installs and configures components in a few steps, simplifying cluster registration. | All regions | Use onectl to manage registered clusters |
| Cloud-native AI suite billing starts | Starting 00:00:00 on January 5, 2023, ACK charges for the cloud-native AI suite. | All regions | Billing of the cloud-native AI suite |
| Multi-Instance GPU (MIG) limits for NVIDIA A100 instances | New GPU-accelerated Elastic Compute Service (ECS) instances of the ecs.ebmgn7 and ecs.ebmgn7e families retain their MIG configuration by default. When ACK adds a GPU-accelerated node, it automatically prechecks the node and deletes the retained MIG configuration using an NVIDIA tool. However, the precheck operation may fail. If ACK fails to delete the MIG configuration, the node cannot be added. | All regions | GPU-accelerated ECS instance types supported by ACK |
November 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Kubernetes 1.24.6 update | Update your ACK clusters to Kubernetes 1.24.6. | All regions | Kubernetes 1.24 release notes and Update an ACK cluster |
| Node pool updates | Update the kubelet, container runtime, and OS image on nodes in a node pool. In the ACK console, click the cluster name, go to Node Pools, and then choose More > Upgrade for the target node pool. | All regions | None |
| Automatic instant access snapshot before ESSD deletion | Before an Enhanced SSD (ESSD) volume is deleted, ACK automatically creates an instant access (IA) snapshot and retains it for a set period. Use the snapshot to restore data if needed. | All regions | Best practices for data security of disk volumes |
| Multi-cluster alert management in ACK One | Create and modify alert rules on a master instance of ACK One. The master instance distributes rules to associated clusters, including clusters added after the rules are created. | All regions | Multi-cluster alert management |
| Per-cluster alert configuration overrides in ACK One | Override the alert rules distributed from a master instance to let individual associated clusters use different alert configurations. | All regions | Override alerting configurations for multi-cluster management |
October 2022
| Feature | Description | Region | References |
|---|---|---|---|
| ARM-based ECS instances in node pools | Manage the full lifecycle of ARM-based ECS instances in node pools — add, update, and remove them. Use Container Registry to deploy multi-architecture images across x86-based and ARM-based nodes in a unified workflow. | All regions | Configure an ARM-based node pool |
| Microservices Engine (MSE) cloud-native gateways at cluster creation | Install the MSE Ingress controller when creating an ACK cluster. MSE cloud-native gateways combine network gateway and microservices gateway capabilities to provide traffic governance for both single-cluster and multi-cluster Ingress resources. | All regions |
September 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Resource profiling | Get resource request and limit recommendations for containers based on historical usage data. Resource profiling works with Kubernetes-native workloads and reduces manual configuration effort. | All regions | Resource profiling |
| Managed node pools | Automate operations and maintenance (O&M) tasks on specific nodes — including Common Vulnerabilities and Exposures (CVE) patching and anomaly remediation — without manual intervention. | All regions | Overview of managed node pools |
| Network Load Balancer (NLB) for LoadBalancer Services | Configure NLB instances for LoadBalancer Services using annotations. NLB is a Layer 4 load balancer built for high-throughput, auto-scaling workloads. | All regions | Configure NLB instances by using annotations |
| OSS bucket lifecycle management with CNFS | Use Container Network File System (CNFS) to manage the lifecycle of Object Storage Service (OSS) buckets independently. | All regions | Manage the lifecycle of OSS buckets |
| Fluid data acceleration for ACK Serverless | Deploy all Fluid components — including Fluid controllers and the cache runtime engine — directly in an ACK Serverless cluster. ACK Serverless bills on a pay-as-you-go basis by Elastic Container Instance (ECI) uptime. | All regions | Accelerate Jobs |
| GitOps for multi-cluster application deployment in ACK One | Enable GitOps on a master instance of ACK One to manage Application and Helm template versions stored in Git repositories. GitOps supports continuous deployment across multiple clusters from a single orchestration template and is fully compatible with open source Argo CD. | All regions | Work with GitOps |
Commercial availability and promotional offer for the Cloud-native AI Suite | The Cloud-native AI Suite for Container Service for Kubernetes (ACK) will become a paid service starting 00:00:00 on October 10, 2022. A limited-time 50% discount is available until 24:00:00 on March 31, 2023. | All regions |
August 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Kubernetes 1.24 support | Create ACK clusters running Kubernetes 1.24. | All regions | Kubernetes 1.24 release notes |
| Advanced Horizontal Pod Autoscaler (AHPA) predictive scaling with GPU metrics | AHPA now supports predictive scaling based on GPU metrics, scaling resources ahead of demand for applications with periodic workload patterns. | All regions | AHPA overview |
| CoreDNS logs and dashboard in Log Center | View and analyze CoreDNS logs in the ACK console. Go to Operations > Log Center and open the Network Component Logs tab. | All regions | Collect and analyze CoreDNS logs |
| I/O monitoring for OSS volumes mounted to pods | Use volume dashboards to identify I/O issues — such as excessive bandwidth usage from frequent data, metadata, or file access — and locate the affected pods. | All regions | Use volume dashboards to identify the issues caused by I/O operations on clients |
| Automatic snapshot before ESSD expansion | ACK automatically creates a snapshot before expanding an ESSD volume. If the expansion succeeds, the snapshot is deleted. If it fails, the snapshot is retained for 24 hours for data recovery. | All regions | Expand a disk volume without service interruptions |
| ACK Edge enhanced node pools generally available | Enhanced edge node pools connect edge nodes to the cloud over virtual private clouds (VPCs) using a Software Defined Network (SDN)-based architecture. Compared with Internet-based connections, this improves network quality. Compared with Express Connect circuits, it reduces overall costs. | All regions | Create an edge node pool |
| Multi-cluster Services (MCS) in ACK One | Access Services across Kubernetes clusters without creating additional load balancers, using the MCS feature in ACK One's multi-cluster management. | All regions | Use MCS in the ACK One console |
July 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Cluster Tasks tab in the ACK console | View tasks run by a cluster — including operations on the cluster itself, node pools, and components — from the Cluster Tasks tab on the cluster details page. Use this data for cluster auditing. | All regions | None |
| SLO-aware workload scheduling | The ack-slo-manager component (now ack-koordinator) supports service level objective (SLO)-aware scheduling, allowing different workload types to run on the same node to improve resource utilization while maintaining application performance. | All regions | ack-koordinator (FKA ack-slo-manager) |
| GPU monitoring 2.0 | GPU monitoring 2.0 provides high-performance GPU resource monitoring in Kubernetes environments, built on Exporter, Prometheus, Grafana, and NVIDIA Data Center GPU Manager (DCGM). | All regions | Enable GPU monitoring for a cluster |
| Snapshots for disk-backed Persistent Volumes and Persistent Volume Claims | Create snapshots for both mounted and unmounted disks using Container Storage Interface (CSI). | All regions | None |
| Data access acceleration in the cloud-native AI suite | The cloud-native AI suite integrates with Fluid and serverless platforms to accelerate data access based on Elastic Container Instance. | All regions | Overview of data access in serverless cloud computing |
| Kubeflow Pipelines in the cloud-native AI suite | Build, deploy, and manage portable, scalable machine learning workflows using Kubeflow Pipelines, now included in the cloud-native AI suite. | All regions | Use Kubeflow Pipelines to create workflows |
| ACK Edge lightweight mode (invitational preview) | The ACK Edge lightweight mode reduces edge component resource usage and uses Message Queue Telemetry Transport (MQTT) to minimize communication overhead under poor network conditions. It is designed for edge devices with limited compute resources and supports software-over-the-air (SOTA) application updates. | All regions | None |
| Horizontal Pod Autoscaling (HPA) for application distribution in ACK One | Control the number of pod replicas in associated clusters using HPA when distributing applications in ACK One. Do not apply HPA directly on distributed applications in associated clusters, as this causes an inconsistency error in the master instance. | All regions | HPA |
| Control plane and audit log collection for ACK One master instances | Collect control plane component logs (kube-apiserver, kube-controller-manager) and audit logs from ACK One master instances. ACK automatically creates a Simple Log Service project for centralized log storage and analysis. | All regions | Collect the control plane component logs and audit logs of master instances |
June 2022
| Feature | Description | Region | References |
|---|---|---|---|
| CVE patching for node pools | Fix high-risk Common Vulnerabilities and Exposures (CVE) vulnerabilities in node pools in a few clicks using the integrated Security Center. | All regions | CVE Patching |
| Kubernetes 1.22 support | Create clusters running Kubernetes 1.22, or update existing clusters to 1.22. | All regions | Kubernetes 1.22 release notes |
| Deferred login type for node pool creation | Set Logon Type to Later when creating a node pool, then configure a key pair or reset the password after the node pool is created. | All regions | Create an instance by using the wizard |
| Bring Your Own Key (BYOK) for disk encryption | Use BYOK to encrypt both system disks and data disks with your own keys. | All regions | Encrypt data stored on ECS resources |
| Web Application Firewall (WAF) for Application Load Balancer (ALB) Ingresses | Enable WAF on an ALB Ingress to filter inbound traffic before it reaches ALB listeners. WAF protects against data breaches, HTTP flood attacks, webshells, and web page tampering, and provides virtual patches. | All regions | |
Support for dynamic and static CPFS 2.0 volumes | The storage plug-in now supports dynamic and static CPFS 2.0 volumes and allows you to mount volumes that use the cpfs-nfs protocol. | All regions | |
| CNFS client caching | Accelerate read and write speeds using the CNFS client caching feature, which supports both local cache and distributed cache. | All regions | Enable the distributed caching feature of the CNFS client |
| Static provisioning for alinas volumes and Transport Layer Security (TLS) support | Mount statically provisioned alinas volumes and encrypt data transmission with TLS. | All regions | csi-plugin and csi-provisioner |
| OSS volumes mountable with JindoFuse | Mount statically provisioned OSS volumes using JindoFuse. | All regions | csi-plugin and csi-provisioner |
| ACK Edge: Kubernetes 1.18 to 1.20 update | Update ACK Edge clusters from Kubernetes 1.18 to 1.20. | All regions | Release notes for ACK Edge of Kubernetes 1.20 |
Mount ENS disks by using PVs and PVCs in ACK@Edge clusters | ACK@Edge clusters now support mounting Edge Node Service (ENS) disks by using native PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs). This enhances the persistent storage capabilities of edge applications. | All regions | |
| Elastic IP address (EIP) for ACK One master instance API server | Expose a master instance's API server over the Internet by assigning an EIP when enabling multi-cluster management. | All regions | Enable multi-cluster management |
| Service mesh for ACK One master instances | Enable service mesh on a master instance in ACK One for unified application distribution and traffic management across multiple clusters. | All regions | Use ASM to enable multi-cluster traffic management |
| Advanced settings for ACK One master instances | Enable or disable service mesh and view Server Load Balancer (SLB) instance details from the advanced settings of a master instance. | All regions | Manage ASM |
May 2022
| Feature | Description | Region | References |
|---|---|---|---|
| ECS instance health checks in cluster diagnostics | Diagnose the system status, network status, and disk status of ECS instances in a cluster using the cluster diagnostics feature. | All regions |
|
ACK now supports CPFS 2.0 volumes | Cloud Parallel File System (CPFS) is a fully managed, scalable parallel file system from Alibaba Cloud that is designed for high-performance computing (HPC) scenarios. | All regions | |
| DADI-based caching for the CNFS acceleration client | The CNFS acceleration client now supports Data Accelerator for Disaggregated Infrastructure (DADI), which provides container image acceleration, high-performance caching, and peer-to-peer (P2P) transmission. | All regions | None |
| Advanced security groups for ACK Serverless clusters | Select an advanced security group when creating an ACK Serverless cluster. Pods in the cluster are added to the selected security group. Advanced security groups support more instances, Elastic Network Interfaces (ENIs), and private IP addresses than basic security groups, and apply more granular access control. | All regions | Create an ACK Serverless cluster and Overview |
| Custom cluster domain names for ACK Serverless clusters | Specify a custom cluster domain name when creating an ACK Serverless cluster. The default domain name is cluster.local. | All regions | Create an ACK Serverless cluster |
| Cluster diagnostics and inspection for ACK Serverless | Run cluster diagnostics to check pod and network health, and use the cluster inspection feature to periodically scan for risks such as quota shortfalls and key resource usage in ACK Serverless clusters. | All regions | Work with the cluster inspection feature and Work with cluster diagnostics |
| GPU sharing and computing power allocation for ACK Pro and dedicated clusters | ACK Pro and dedicated clusters support GPU sharing, GPU memory isolation, GPU computing power isolation, and computing power allocation policies. | All regions | Use cGPU to configure a computing power allocation policy for GPU sharing (ACK Pro) and Configure a computing power allocation policy for GPU sharing (dedicated clusters) |
| Automatic training job cleanup in the cloud-native AI suite | Set a retention limit for training jobs in the cluster. When cron jobs create more jobs than the limit, the oldest jobs are automatically deleted. | All regions | Submit TensorFlow training jobs and cron jobs |
| NGINX Ingress controller for ACK Edge via App Catalog | Deploy the NGINX Ingress controller from App Catalog to edge node pools and cloud node pools, providing load balancing for services in edge cells under closed-loop access control. | All regions | Install the NGINX Ingress controller |
| Multiple master instances in the ACK One console | Create and manage multiple master instances, and manage their associated clusters and namespaces, subject to the quota limit of your Alibaba Cloud account. | All regions | None |
| CloudShell for cluster management in the ACK One console | Use CloudShell in the ACK One console to manage master instances, register external clusters, and associate clusters with master instances. | All regions | None |
| Multi-cluster monitoring in the ACK One console | Application Real-Time Monitoring Service (ARMS) provides a virtual aggregate Prometheus instance that covers all Prometheus instances across your ACK clusters and registered clusters under your Alibaba Cloud account, enabling unified metric queries and alerting. | Chinese mainland | |
| Application distribution with impersonation in ACK One | Distribute applications using impersonation to audit each associated cluster independently and improve cluster security. | All regions | How application distribution works |
| Application and resource topology in AMC | View the topology and status of applications and their associated resources across clusters using AMC. | All regions | Use AMC to display the topology and status of applications and the relevant resources in associated clusters |
April 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Auto scaling for node pools | Enable or disable auto scaling from the node pool Edit page. Before enabling, click Configure Auto Scaling on the node pool details page and set the minimum and maximum instance counts. | All regions | Auto scaling of nodes |
| RAM Roles for Service Accounts (RRSA) | Use RRSA to enforce fine-grained access control at the pod level — different pods can call different API operations within the same cluster. RRSA requires Kubernetes 1.22 or later and is supported on ACK Basic, ACK Pro, ACK Serverless Basic, and ACK Serverless Pro clusters. | All regions | Configure RRSA for service accounts to isolate permissions among pods |
| Online disk volume expansion | Expand a disk volume and its file system without interrupting running pods, using the Container Storage Interface (CSI) plug-in. Requires Kubernetes 1.16 or later. | All regions | Expand a disk volume without service interruptions |
| Security and configuration inspection results on the cluster overview page | View security inspection and configuration inspection results directly on the cluster overview page to quickly identify and address potential risks. | All regions | Work with cluster check |
| Alibaba Cloud Linux 3 images for custom node deployments | Use Alibaba Cloud Linux 3 images as custom OS images when creating node pools. | All regions | Overview |
| policy-template-controller | policy-template-controller is a Kubernetes controller for managing pod security policies based on policy templates. It supports per-cluster policies and individual policy instances. | All regions | Configure and enforce ACK pod security policies |
| Untrusted image detection with policy governance | The policy governance feature integrates with the proactive defense feature of Security Center to detect untrusted image deployments. Configure policies to block, allow, or alert on deployments of images that do not meet your security requirements. | All regions | Proactive Defense for Containers |
| GPU sharing and computing power allocation for ACK dedicated clusters | ACK dedicated clusters support GPU sharing, GPU memory isolation, GPU computing power isolation, and computing power allocation policies. | All regions | Configure a computing power allocation policy for GPU sharing |
| CVE-2021-25745 mitigation | The spec.rules[].http.paths[].path field in Ingress configurations can be exploited to obtain NGINX Ingress controller credentials and gain access to all Secrets in the cluster. Enable the provided policy governance policy to automatically detect and block requests that match this vulnerability pattern. | All regions | Vulnerability CVE-2021-25745 and Configure and enforce ACK pod security policies |
| CVE-2021-25746 mitigation | The metadata.annotations parameter in Ingress configurations can be exploited to obtain NGINX Ingress controller credentials and gain access to all Secrets in the cluster. Enable the provided policy governance policy to automatically detect and block requests that match this vulnerability pattern. | All regions | Vulnerability CVE-2021-25746 and Configure and enforce ACK pod security policies |
March 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Advanced Horizontal Pod Autoscaler (AHPA) for ACK and ACK Serverless (invitational preview) | AHPA performs predictive scaling based on periodic workload patterns, provisioning resources before demand spikes occur. | Invitational preview | AHPA overview |
| ack-net-exporter in App Catalog | ack-net-exporter is a network monitoring tool built on extended Berkeley Packet Filter (eBPF) and Linux procfs. It monitors conntrack, ipvlan, and softnet metrics in cloud-native environments and integrates with Application Real-Time Monitoring Service (ARMS) for visualized dashboards. | All regions | App Marketplace |
| Cluster inspection | Enable cluster inspection at cluster creation to periodically scan for potential risks — including cloud resource quota shortfalls and key resource usage — in your Kubernetes clusters. | All regions | Work with the cluster inspection feature |
| Application log collection for ACK Serverless | Collect application logs from ACK Serverless clusters using the log collection component, which is installed as a managed component with no manual pod deployment required. | All regions | Use a Simple Log Service CRD to collect application logs |
| Image caches for ACK Serverless | Create image caches using the ImageCache CustomResourceDefinition (CRD) to accelerate pod creation in ACK Serverless clusters. | All regions | Use image caches to accelerate the creation of pods |
February 2022
| Feature | Description | Region | References |
|---|---|---|---|
| RHEL 7.9 support for worker nodes | Select RHEL 7.9 as a custom OS image for worker nodes when creating clusters. | All regions | Create a Kubernetes cluster by using a custom image |
| Multiple security groups for Terway clusters | Associate up to five security groups with a single Elastic Network Interface (ENI) created by Terway to apply flexible access control at the pod level. | All regions | Associate multiple security groups with an ENI |
| Custom CoreDNS configurations | Customize CoreDNS settings from the Add-ons page in the ACK console. Custom configurations persist across CoreDNS version updates. Requires CoreDNS version later than 1.8.4.2. | All regions | Manage components |
| ExternalDNS in App Catalog | Configure external DNS servers for Ingresses and Services in ACK clusters using ExternalDNS. It retrieves Service and Ingress information from the Kubernetes API server and creates DNS records, similar to kube-dns. | All regions | Use ExternalDNS to configure external DNS servers |
| gRPC support for ALB Ingresses | Enable gRPC on an ALB Ingress by adding the annotation alb.ingress.kubernetes.io/backend-protocol: "grpc". | All regions | Configure the HTTPS or gRPC protocol |
| ALB Ingresses for ACK Serverless Knative | Deploy Application Load Balancer (ALB) Ingresses in ACK Serverless Knative for HTTP, HTTPS, and Quick UDP Internet Connection (QUIC) workloads. ALB scales to handle large volumes of Layer 7 traffic. | All regions | Use ALB Ingresses in Knative |
| ACK console optimizations | The ACK console includes several usability improvements: select multiple namespaces in a single authorization grant; filter the node list to show only unschedulable nodes; and add variables to templates in the template editor. | All regions | Grant RBAC permissions to RAM users or RAM roles, Manage node labels, and Manage orchestration templates |
January 2022
| Feature | Description | Region | References |
|---|---|---|---|
| Preemptible instance supplementation in node pools | The cost optimization scaling policy now supports preemptible instance supplementation. When a preemptible instance is 5 minutes from reclamation, the scaling group automatically attempts to add a replacement instance. | All regions | Create a node pool |
| Custom images for node pool creation | Use custom images — based on Alibaba Cloud Linux 2.1903 or CentOS 7.9 — to deploy worker node operating systems when creating node pools. No allowlist approval is required. | All regions | Create a node pool |
| New region: China North 2 Finance | ACK managed and dedicated clusters are now available in the China North 2 Finance region. | China North 2 Finance (Preview) | Supported regions |
| KMS keys with automatic rotation for Secret encryption | Use Key Management Service (KMS) keys with automatic rotation enabled to encrypt Secrets in ACK Pro clusters. During key rotation, the previous key version continues to encrypt existing Secrets. | All regions | Use KMS to encrypt Kubernetes Secrets |
| Priority-based resource scheduling | Use a ResourcePolicy to define node scheduling priorities in descending order for pod placement. When scaling out, pods are scheduled to nodes in priority order; when scaling in, pods are removed in reverse order. | All regions | Configure priority-based resource scheduling |
该文章对您有帮助吗?