All Products
Search
Document Center

Container Service for Kubernetes:Create a dedicated Kubernetes cluster that supports sandboxed containers

Last Updated:Mar 19, 2024

You can call the CreateCluster operation to create a dedicated Kubernetes cluster that supports sandboxed containers.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request syntax

POST /clusters HTTP/1.1
Content-Type:application/json
{
  "addons" : [ {
    "name" : "String",
    "config" : "String",
    "disabled" : Boolean
  } ],
  "cloud_monitor_flags" : Boolean,
  "cluster_type" : "String",
  "container_cidr" : "String",
  "cpu_policy" : "String",
  "deletion_protection" : Boolean,
  "disable_rollback" : Boolean,
  "endpoint_public_access" : Boolean,
  "is_enterprise_security_group" : Boolean,
  "key_pair" : "String",
  "kubernetes_version" : "String",
  "login_password" : "String",
  "master_auto_renew" : Boolean,
  "master_auto_renew_period" : Long,
  "master_count" : Long,
  "master_vswitch_ids" : [ "String" ],
  "master_instance_types" : [ "String" ],
  "master_system_disk_category" : "String",
  "master_system_disk_size" : Long,
  "master_system_disk_snapshot_policy_id" : "String",
  "master_instance_charge_type" : "String",
  "master_period_unit" : "String",
  "master_period" : Long,
  "name" : "String",
  "node_cidr_mask" : "String",
  "node_port_range" : "String",
  "num_of_nodes" : Long,
  "pod_vswitch_ids" : [ "String" ],
  "proxy_mode" : "String",
  "region_id" : "String",
  "runtime" : {
    "name" : "String",
    "version" : "String"
  },
  "service_cidr" : "String",
  "security_group_id" : "String",
  "snat_entry" : Boolean,
  "ssh_flags" : Boolean,
  "tags" : [ {
    "key" : "String",
    "value" : "String"
  } ],
  "taints" : [ {
    "key" : "String",
    "value" : "String",
    "effect" : "String"
  } ],
  "timeout_mins" : Long,
  "user_data" : "String",
  "vpcid" : "String",
  "vswitch_ids" : [ "String" ],
  "worker_auto_renew" : Boolean,
  "worker_auto_renew_period" : Long,
  "worker_data_disks" : [ {
    "category" : "String",
    "size" : Long,
    "encrypted" : "String",
    "auto_snapshot_policy_id" : "String"
  } ],
  "worker_vswitch_ids" : [ "String" ],
  "worker_instance_types" : [ "String" ],
  "worker_system_disk_category" : "String",
  "worker_system_disk_size" : Long,
  "worker_instance_charge_type" : "String",
  "worker_period_unit" : "String",
  "worker_period" : Long,
  "zone_id" : "String"
}

Request parameters

Table 1. Request body parameters

Parameter

Type

Required

Example

Description

addons

Array

Yes

[{"name": "terway-eniip","config": ""}, {"name": "logtail-ds","config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}, {"name":"nginx-ingress-controller","config":"{\"IngressSlbNetworkType\":\"internet\"}"}]

The list of add-ons to be installed.

  • Parameter description:

    • name: required.

    • config: optional. If this parameter is left empty, it indicates that no configurations are required.

    • disabled: optional. specifies whether to disable automatic installation.

  • Network plug-in: required. Supported network plug-ins are Flannel and Terway. Select one of the plug-ins for the cluster.

    • Specify the Flannel plug-in in the following format: [{"name":"flannel","config":""}].

    • Specify the Terway plug-in in the following format: [{"name": "terway-eniip","config": "\"IPVlan\":\"false\""}].

  • Volume plug-in: optional. Supported volume plug-ins is CSI.

    Specify the CSI plug-in in the following format: [{"name":"csi-plugin","config": ""},{"name": "csi-provisioner","config": ""}].

  • Log Service component: optional.

    Important

    If Log Service is disabled, you cannot use the cluster auditing feature.

    • To use an existing Log Service project, specify the component in the following format: [{"name": "logtail-ds","config": "{"IngressDashboardEnabled":"true","sls_project_name":"your_sls_project_name"}"}].

    • To create a Log Service project, specify the component in the following format: [{"name": "logtail-ds","config": "{"IngressDashboardEnabled":"true"}"}].

  • Ingress controller: optional. By default, the nginx-ingress-controller component is installed.

    • To install nginx-ingress-controller and enable Internet access, specify the component in the following format: [{"name":"nginx-ingress-controller","config":"{"IngressSlbNetworkType":"internet"}"}].

    • To disable the automatic installation of nginx-ingress-controller, specify the component in the following format: [{"name": "nginx-ingress-controller","config": "","disabled": true}].

  • Event center: optional. By default, the event center feature is enabled. The event center feature allows you to log Kubernetes events, query events, and raise alerts. Logstores that are associated with the Kubernetes event center are free of charge for the first 90 days. For more information, see Create and use an event center.

    Enable the ack-node-problem-detector component in the following format: [{"name":"ack-node-problem-detector","config":"{\"sls_project_name\":\" your_sls_project_name\"}"}].

cloud_monitor_flags

Boolean

No

true

Specifies whether to install the CloudMonitor agent. Valid values:

  • true: installs the CloudMonitor agent.

  • false: does not install the CloudMonitor agent.

Default value: false.

cluster_type

String

Yes

Kubernetes

The type of cluster. Set the value to Kubernetes if you want to create a dedicated Kubernetes cluster that supports sandboxed containers.

container_cidr

String

No

172.20.0.0/16

The CIDR block of pods. This CIDR block cannot overlap with the CIDR block of the virtual private cloud (VPC) in which the cluster is deployed. If the VPC is automatically created by the system, the CIDR block of pods is set to 172.16.0.0/16 by default. This parameter is required if the cluster uses the Flannel plug-in.

cpu_policy

String

No

none

The CPU policy. The following policies are supported if the Kubernetes version of the cluster is 1.12.6 or later.

  • static: allows pods with specific resource characteristics on the node to be granted with enhanced CPU affinity and exclusivity.

  • none: indicates that the default CPU affinity is used.

Default value: none.

deletion_protection

Boolean

No

true

Specifies whether to enable deletion protection for the cluster. After deletion protection is enabled, the cluster cannot be deleted in the Container Service for Kubernetes (ACK) console or by calling API operations. Valid values:

  • true: enables deletion protection for the cluster.

  • false: disables deletion protection for the cluster.

Default value: false.

disable_rollback

Boolean

No

true

Specifies whether to perform a rollback when the cluster fails to be created. Valid values:

  • true: performs a rollback when the cluster fails to be created.

  • false: does not perform a rollback when the cluster fails to be created.

Default value: false.

endpoint_public_access

Boolean

No

true

Specifies whether to enable Internet access for the API server. Valid values:

  • true: enables Internet access for the API server.

  • false: disables Internet access for the API server. The API server is accessible only within the internal network.

Default value: true.

is_enterprise_security_group

Boolean

No

true

Specifies whether to create an advanced security group. This parameter takes effect only if security_group_id is left empty. You must specify an advanced security group for a cluster that has Terway installed.

  • true: creates an advanced security group.

  • false: does not create an advanced security group.

Default value: false.

key_pair

String

Yes

security-key

The name of the key pair. You must set this parameter or the login_password parameter.

kubernetes_version

String

No

1.16.9-aliyun.1

The Kubernetes version of the cluster. The Kubernetes versions provided by ACK are consistent with the open source Kubernetes versions. We recommend that you select the latest Kubernetes version. If you do not set this parameter, the latest Kubernetes version is used. You can create clusters of the latest two Kubernetes versions in the ACK console. You can create ACK clusters of earlier Kubernetes versions by calling API operations. For more information about the Kubernetes versions supported by ACK, see Overview of Kubernetes versions supported by ACK.

login_password

String

Yes

Hello@1234

The password for Secure Shell (SSH) logon. You must set this parameter or the key_pair parameter. The password must be 8 to 30 characters in length, and must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.

master_auto_renew

Boolean

No

true

Specifies whether to enable auto-renewal for master nodes. This parameter takes effect only if master_instance_charge_type is set to PrePaid. Valid values:

  • true: enables auto-renewal.

  • false: disables auto-renewal.

Default value: true.

master_auto_renew_period

Long

No

1

The cycle of auto-renewal. This parameter takes effect and is required only if the subscription billing method is selected for master nodes.

Valid values: 1, 2, 3, 6, and 12.

Default value: 1.

master_count

Long

No

3

The number of master nodes that you want to create. Valid values: 3 and 5.

Default value: 3

master_instance_charge_type

String

No

PrePaid

The billing method of master nodes. Valid values:

  • PrePaid: subscription

  • PostPaid: pay-as-you-go

The default value is PostPaid.

master_instance_types

Array of String

No

["ecs.n4.xlarge"]

The instance types of master nodes. The number of specified instance types for master nodes must be the same as that specified in master_count. In addition, the instance types of master nodes must be the same as those specified in master_instance_types.

master_period

Long

No

1

The subscription duration of master nodes. This parameter takes effect and is required only if master_instance_charge_type is set to PrePaid.

Valid values: 1, 2, 3, 6, 12, 24, 36, 48, and 60.

Default value: 1.

master_period_unit

String

No

Month

The billing cycle of master nodes. This parameter is required if master_instance_charge_type is set to PrePaid.

Set the value to Month.

master_system_disk_category

String

No

cloud_ssd

The type of system disk that is specified for master nodes. Valid values:

  • cloud_efficiency: ultra disk.

  • cloud_ssd: standard SSD.

Default value: cloud_ssd.

master_system_disk_size

Long

No

120

The size of the system disk that is specified for master nodes. Valid values: 40 to 500. Unit: GiB.

Default value: 120.

master_system_disk_performance_level

String

No

PL1

The performance level (PL) of the system disk that you want to use for master nodes. This parameter takes effect only for enhanced SSDs. You can specify a higher PL if you increase the size of the system disk. For more information, see ESSDs.

master_vswitch_ids

Array of String

No

["vsw-2ze3ds0mdip0hdz8i****"]

The IDs of the vSwitches that are specified for master nodes.

name

String

Yes

cluster-demo

The name of the cluster.

The name must be 1 to 63 characters in length, and can contain digits, letters, and hyphens (-). It cannot start with a hyphen (-).

node_cidr_mask

String

No

25

The maximum number of IP addresses that can be assigned to each node. This number is determined by the specified pod CIDR block. This parameter takes effect only if the cluster uses the Flannel plug-in.

Default value: 25.

node_port_range

String

No

30000~32767

The node port range. Valid values: 30000 to 65535.

num_of_nodes

Long

Yes

3

The number of worker nodes that you want to create. Valid values: 0 to 100.

pod_vswitch_ids

Array of String

No

["vsw-2ze97jwri7cei0mpw****"]

The list of pod vSwitches.

Note

The pod_vswitch_ids parameter is required when the Terway network plug-in is selected for the cluster.

For each vSwitch that is allocated to nodes, you must specify at least one pod vSwitch in the same zone. The pod vSwitches cannot be the same as the node vSwitches.

proxy_mode

String

No

ipvs

The kube-proxy mode. Valid values: iptables and ipvs.

Default value: ipvs.

region_id

String

Yes

cn-beijing

The ID of the region where you want to deploy the cluster.

runtime

runtime

Yes

{"name": "Sandboxed-Container.runv", "version": "2.2.0"}

The container runtime. Valid values: Sandboxed-Container.runv and docker. Default value: docker. You must specify the name and version of the container runtime.

  • name: the name of the container runtime.

  • version: the version of the container runtime.

Important

Set the value to Sandboxed-Container.runv if you want to create a cluster that supports sandboxed containers.

The version of the container runtime. By default, the latest version is used. For more information about the release notes on Sandboxed-Container, see Release notes of Sandboxed-Container.

security_group_id

String

No

sg-bp1bdue0qc1g7k****

The ID of the existing security group that is specified for the cluster. You must set this parameter or the is_enterprise_security_group parameter. Nodes in the cluster are automatically added to the specified security group.

service_cidr

String

Yes

172.21.0.0/20

The CIDR block of Services. This CIDR block cannot overlap with the CIDR block of pods or the CIDR block of the VPC in which the cluster is deployed. If the VPC is automatically created by the system, the CIDR block of Services is set to 172.19.0.0/20 by default.

snat_entry

Boolean

No

true

Specifies whether to configure SNAT rules for the VPC in which your cluster is deployed.

  • If the VPC supports Internet access, set the value to false.

  • If the VPC does not support Internet access, valid values are:

    • true: configures SNAT rules. This enables Internet access for the cluster.

    • false: does not configure SNAT rules. In this case, the cluster cannot access the Internet.

If your applications deployed in the cluster need to access the Internet, we recommend that you set the value to true.

Default value: false.

ssh_flags

Boolean

No

true

Specifies whether to enable SSH logon over the Internet. Valid values:

  • true: enables SSH logon over the Internet.

  • false: disables SSH logon over the Internet.

Default value: false.

tags

Array

No

The labels that you want to add to the cluster.

key

String

No

env

The key of the label.

value

String

No

prod

The value of the label.

taints

Array

No

The taints that you want to add to nodes. Taints are added to nodes to prevent pods from being scheduled to inappropriate nodes. However, toleration rules allow pods to be scheduled to nodes with matching taints. For more information, see taint-and-toleration.

effect

String

No

NoSchedule

The scheduling policy. Valid values:

  • NoSchedule: Pods cannot be scheduled to a node with taints.

  • NoExecute: If a taint is added to a node, all pods that do not tolerate the taint are immediately evicted from the node.

  • PreferNoSchedule: A soft version of NoSchedule. The system attempts not to schedule pods to a node with taints.

key

String

No

disk_type

The key of the taint.

value

String

No

sshd

The value of the taint.

timeout_mins

Long

No

60

The timeout period of cluster creation. Unit: minutes.

Default value: 60.

user_data

String

No

IyEvdXNyL2Jpbi9iYXNoCmVjaG8gIkhlbGxvIEFD****

The user-defined data. For more information, see Instance user data.

vpcid

String

Yes

vpc-2zeik9h3ahvv2zz95****

The ID of the VPC where you want to deploy the cluster.

vswitch_ids

Array of String

Yes

["vsw-2ze48rkq464rsdts1****"]

The IDs of vSwitches.

worker_auto_renew

Boolean

No

true

Specifies whether to enable auto-renewal for worker nodes. This parameter takes effect only if worker_instance_charge_type is set to PrePaid. Valid values:

  • true: enables auto-renewal.

  • false: disables auto-renewal.

Default value: true.

worker_auto_renew_period

Long

No

1

The cycle of auto-renewal. This parameter takes effect and is required only if the subscription billing method is selected for worker nodes. Valid values: 1, 2, 3, 6, and 12.

worker_data_disks

Array

Yes

The configuration of the data disk that is mounted to worker nodes. The configuration includes disk type and disk size.

auto_snapshot_policy_id

String

No

sp-bp14j6w7ss6ozz****

The ID of the automatic snapshot policy.

category

String

No

cloud_ssd

The type of data disk that is mounted to worker nodes. Valid values:

  • cloud_efficiency: ultra disk.

  • cloud_ssd: standard SSD.

  • cloud: basic disk.

Default value: cloud_efficiency.

encrypted

String

No

false

Specifies whether to encrypt a data disk. Valid values:

  • true: encrypts a data disk.

  • false: does not encrypt a data disk.

Default value: false.

size

String

Yes

200

The size of the data disk. Unit: GiB. Valid values:

  • cloud_efficiency: 20 to 32768.

  • cloud_ssd: 20 to 32768.

  • cloud: 5 to 2000.

Note

You must mount at least one data disk to nodes that run sandboxed containers. The data disk must be at least 200 GiB in size.

worker_instance_charge_type

String

Yes

PrePaid

The billing method of worker nodes. Valid values:

  • PrePaid: subscription

  • PostPaid: pay-as-you-go

Default value: PostPaid.

worker_instance_types

Array of String

Yes

["ecs.ebmg5s.24xlarge"]

The instance types of worker nodes.

Important

To create a cluster that supports sandboxed containers, you must select ECS Bare Metal instances.

worker_period

Long

No

1

The subscription duration of worker nodes. This parameter takes effect and is required only if worker_instance_charge_type is set to PrePaid. Valid values: 1, 2, 3, 6, 12, 24, 36, 48, and 60.

Default value: 1.

worker_period_unit

String

No

Month

The billing cycle of worker nodes. This parameter is required if worker_instance_charge_type is set to PrePaid. Set the value to Month. Worker nodes are billed only on a monthly basis.

worker_system_disk_category

String

No

cloud_efficiency

The type of system disk that is specified for the worker nodes. Valid values:

  • cloud_efficiency: ultra disk.

  • cloud_ssd: standard SSD.

Default value: cloud_ssd.

worker_system_disk_size

Long

No

200

The size of the system disk that is specified for worker nodes. Unit: GiB.

Valid values: 40 to 500.

The value of this parameter must be at least 40 and no less than the image size.

Default value: 120.

worker_vswitch_ids

Array of String

No

["vsw-2ze3ds0mdip0hdz8i****"]

The list of vSwitches that are specified for nodes. Each node is allocated a vSwitch.

zone_id

String

No

cn-beijing-b

The ID of the zone to which the cluster belongs.

resource_group_id

String

No

rg-acfm3mkrure****

The ID of the resource group to which the cluster belongs. You can use this parameter to isolate different clusters.

Response syntax

HTTP/1.1 200
Content-Type:application/json
{
  "cluster_id" : "String",
  "request_id" : "String",
  "task_id" : "String"
}

Response parameters

Table 2. Response body parameters

Parameter

Type

Example

Description

cluster_id

String

cb95aa626a47740afbf6aa099b650****

The ID of the ACK cluster.

request_id

String

687C5BAA-D103-4993-884B-C35E4314A1E1

The ID of the request.

task_id

String

T-5a54309c80282e39ea00002f

The ID of the task.

Example 1: Create a dedicated Kubernetes cluster that supports sandboxed containers and uses the Flannel plug-in

Sample requests

POST /clusters
Common request headers
{
  "cluster_type": "Kubernetes",
  "name": "webService",
  "region_id": "cn-hangzhou",
  "disable_rollback": true,
  "timeout_mins": 60,
  "kubernetes_version": "1.18.8-aliyun.1",
  "snat_entry": true,
  "endpoint_public_access": false,
  "cloud_monitor_flags": true,
  "deletion_protection": false,
  "node_cidr_mask": "26",
  "proxy_mode": "ipvs",
  "timezone": "Asia/Shanghai",
  "tags": [],
  "addons": [{
    "name": "flannel"
  }, {
    "name": "arms-prometheus"
  }, {
    "name": "csi-plugin"
  }, {
    "name": "csi-provisioner"
  }, {
    "name": "logtail-ds",
    "config": "{\"IngressDashboardEnabled\":\"true\"}"
  }, {
    "name": "ack-node-problem-detector",
    "config": "{\"sls_project_name\":\"\"}"
  }, {
    "name": "nginx-ingress-controller",
    "config": "{\"IngressSlbNetworkType\":\"internet\"}"
  }],
  "node_port_range": "30000-32767",
  "login_password": "Hello1234!",
  "cpu_policy": "none",
  "master_count": 3,
  "master_vswitch_ids": ["vsw-bp1hl2o4i9z7sbmy*****", "vsw-bp1hl2o4i9z7sbmy*****", "vsw-bp1hl2o4i9z7sbmy*****"],
  "master_instance_types": ["ecs.c6e.large", "ecs.c6e.large", "ecs.c6e.large"],
  "master_system_disk_category": "cloud_essd",
  "master_system_disk_size": 120,
  "runtime": {
    "name": "Sandboxed-Container.runv",
    "version": "2.1.0"
  },
  "worker_instance_types": ["ecs.ebmc5s.24xlarge"],
  "num_of_nodes": 1,
  "worker_system_disk_category": "cloud_essd",
  "worker_system_disk_size": 120,
  "worker_data_disks": [{
    "category": "cloud_efficiency",
    "size": "200",
    "encrypted": "false",
    "auto_snapshot_policy_id": ""
  }],
  "vpcid": "vpc-bp1gxh70jnkl12vq*****",
  "worker_vswitch_ids": ["vsw-bp1hl2o4i9z7sbmy*****"],
  "is_enterprise_security_group": true,
  "container_cidr": "172.23.0.0/16",
  "service_cidr": "172.21.0.0/20"
}

Sample success responses

XML format

<cluster_id>cb95aa626a47740afbf6aa099b650****</cluster_id>
<task_id>T-5a54309c80282e39ea00002f</task_id>
<request_id>687C5BAA-D103-4993-884B-C35E4314A1E1</request_id>

JSON format

{
    "cluster_id": "cb95aa626a47740afbf6aa099b650****",
    "task_id": "T-5a54309c80282e39ea00002f",
    "request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1"
}

Example 2: Create a dedicated Kubernetes cluster that supports sandboxed containers and uses the Terway plug-in

Note

pod_vswitch_ids is required if you create a cluster that uses the Terway plug-in.

Sample requests

POST /clusters HTTP/1.1
Common request headers
{
  "cluster_type":"Kubernetes",
  "name":"webService-terway",
  "region_id":"cn-beijing",
  "disable_rollback":true,
  "timeout_mins":60,
  "kubernetes_version":"1.14.8-aliyun.1",
  "snat_entry":true,
  "endpoint_public_access":true,
  "ssh_flags":true,"cloud_monitor_flags":true,
  "deletion_protection":false,
  "proxy_mode":"ipvs",
  "tags":[],
  "addons":[{"name":"terway-eni"},{"name":"flexvolume"},{"name":"alicloud-disk-controller"},{"name":"logtail-ds","config":"{\"IngressDashboardEnabled\":\"false\"}"},{"name":"ack-node-problem-detector","config":"{\"sls_project_name\":\"\"}"},{"name":"nginx-ingress-controller","config":"{\"IngressSlbNetworkType\":\"internet\"}"}],
  "os_type":"Linux",
  "platform":"CentOS",
  "node_port_range":"30000-32767",
  "pod_vswitch_ids":["vsw-2zete8s4qocqg0mf6****"],
  "key_pair":"sian-sshkey",
  "cpu_policy":"none",
  "master_count":3,
  "master_vswitch_ids":["vsw-2zed90q9inwtuyfzd****","vsw-2zed90q9inwtuyfzd****","vsw-2zed90q9inwtuyfzd****"],
  "master_instance_types":["ecs.i1.4xlarge","ecs.i1.4xlarge","ecs.i1.4xlarge"],
  "master_system_disk_category":"cloud_ssd",
  "master_system_disk_size":120,
  "runtime":{"name":"docker","version":"18.09.2"},
  "worker_instance_types":["ecs.i1.4xlarge"],
  "num_of_nodes":1,
  "worker_system_disk_category":"cloud_efficiency",
  "worker_system_disk_size":120,
  "vpcid":"vpc-2zecuu62b9zw7a7qnn2tv",
  "worker_vswitch_ids":["vsw-2zed90q9inwtuyfzd****"],
  "is_enterprise_security_group":true,
  "service_cidr":"172.21.0.0/20"
}

Sample success responses

XML format

<cluster_id>cb95aa626a47740afbf6aa099b650****</cluster_id>
<task_id>T-5a54309c80282e39ea00002f</task_id>
<request_id>687C5BAA-D103-4993-884B-C35E4314A1E1</request_id>

JSON format

{
    "cluster_id": "cb95aa626a47740afbf6aa099b650****",
    "task_id": "T-5a54309c80282e39ea00002f",
    "request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1"
}

Error codes

For a list of error codes, visit the API Error Center.