Simplify Hybrid Cloud Kubernetes Management with Alibaba ACK One

Background

Kubernetes has become a foundational technology for modern application architectures, and many enterprises are adopting multi‑cloud and hybrid‑cloud strategies to increase flexibility and resilience. Managing clusters spread across different providers, on‑premises IDC, and edge locations introduces operational challenges such as disparate consoles, permission models, logging, monitoring, and security tools.

ACK One Overview

ACK One is Alibaba Cloud’s distributed container platform designed for hybrid‑cloud, multi‑cluster, and distributed‑computing scenarios. It allows users to register Kubernetes clusters from any environment—Alibaba Cloud, other public clouds, or self‑built IDC clusters—and manage them through a single ACK console.

Core Registration Features

Consistent Operations Experience : Unified management of permissions, logs, monitoring, events, alerts, cost analysis, and security inspections across all registered clusters.

Micro‑service Governance : Integration with Alibaba Cloud Micro‑service Engine (MSE) and Service Mesh (ASM).

Elastic Scaling : IDC clusters can elastically expand using Alibaba Cloud ECS node pools or Virtual Kubelet ECI instances to handle resource shortages and traffic spikes.

Backup & Disaster Recovery : Integrated backup, restore, and migration solutions for data and applications, enhancing business continuity.

Big‑Data Acceleration : Fluid distributed cache unifies storage access across cloud and on‑premises, improving access efficiency by up to 10× and reducing bandwidth usage by 90%.

Registration Architecture

Each Kubernetes cluster must have an ACK One registration instance. An ack‑connector agent is installed in the cluster, establishing a connection to the registration instance. Operations performed in the ACK console are forwarded via the connector to the cluster’s API server (e.g., status queries, component installations).

Connection Options

Public internet or dedicated intranet line: public connections are simple; intranet lines offer higher security, stability, and lower latency at higher cost.

TLS‑encrypted links: each connector‑registration pair uses independent TLS certificates.

SLB access control: the registration service is exposed via an SLB endpoint; public SLB IPs can be restricted so only authorized K8s clusters may connect.

RBAC for connector permissions: the connector uses a ServiceAccount; users can define RBAC rules in the target cluster to limit API actions.

Open‑source connector: source code is available at

https://github.com/AliyunContainerService/alibabacloud-ack-connector

.

Unified Observability

ACK integrates with Alibaba Cloud ARMS monitoring and SLS logging services, providing rich observability features such as log aggregation, event centers, alert configurations, Prometheus metrics, and APM for Java applications. By registering non‑ACK clusters, users can leverage these capabilities without deploying separate monitoring stacks, reducing operational overhead.

Observability Views in the Console

Prometheus dashboards for control‑plane and data‑plane metrics.

Centralized log collection and query interface.

Event center that records cluster state changes, pod/config anomalies, and provides storage, search, analysis, visualization, and alerting.

Cost analysis panels that break down node, namespace, and application costs, helping identify abnormal spend.

Use Cases and Adoption

ACK One has been applied in industries such as internet services, telecommunications, autonomous driving, biomedicine, smart manufacturing, genomics, logistics, and automotive manufacturing, enabling unified management of both Alibaba Cloud ACK clusters and external or IDC‑based Kubernetes clusters.

References

Registration overview: https://help.aliyun.com/document_detail/155208.html

Create registration and install connector: https://help.aliyun.com/document_detail/121053.html

Integrate Log Service: https://help.aliyun.com/document_detail/150036.html

Integrate Event Center: https://help.aliyun.com/document_detail/155182.html

Integrate Alert Configuration: https://help.aliyun.com/document_detail/217918.html

Integrate ARMS monitoring: https://help.aliyun.com/document_detail/150035.html

Integrate Alibaba Cloud Prometheus: https://help.aliyun.com/document_detail/155202.html

Cluster cost insight: https://help.aliyun.com/document_detail/345689.html