You can call the CreateCluster operation to create a Container Service for Kubernetes (ACK) cluster. ACK clusters include ACK managed clusters, ACK dedicated clusters, ACK Serverless clusters, ACK Edge clusters, ACK clusters that support sandboxed containers, and registered clusters. For more information about how to create different types of ACK clusters, see the following usage notes.
Operation description
This topic describes all parameters for creating an ACK cluster. You can create the following types of ACK clusters.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
cs:CreateCluster | Write |
|
| none |
Request syntax
POST /clusters
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
body | object | No | The request body. | |
name | string | Yes | The cluster name. The name must be 1 to 63 characters in length, and can contain digits, letters, and hyphens (-). The name cannot start with a hyphen (-). | cluster-demo |
region_id | string | Yes | The ID of the region in which you want to deploy the cluster. | cn-beijing |
cluster_type | string | Yes | The cluster type. Valid value: ManagedKubernetes. You can create ACK managed clusters, ACK Serverless clusters, and ACK Edge clusters. | Kubernetes |
cluster_spec | string | No | The type of ACK managed cluster. Valid values:
Default value: For more information, see Overview of ACK Pro clusters. | ack.pro.small |
kubernetes_version | string | No | The Kubernetes version of the cluster. The Kubernetes versions supported by ACK are the same as the Kubernetes versions supported by open source Kubernetes. We recommend that you specify the latest Kubernetes version. If you do not set this parameter, the latest Kubernetes version is used. You can create clusters of the latest two Kubernetes versions in the ACK console. You can create clusters of earlier Kubernetes versions by calling API operations. For more information about the Kubernetes versions supported by ACK, see Release notes on Kubernetes versions. | 1.16.9-aliyun.1 |
runtime | runtime | No | The container runtime. The default container runtime is Docker. containerd and Sandboxed-Container are also supported. For more information about how to select a proper container runtime, see Comparison of Docker, containerd, and Sandboxed-Container. | |
vpcid | string | Yes | The virtual private cloud (VPC) in which you want to deploy the cluster. This parameter is required. | vpc-2zeik9h3ahvv2zz95**** |
pod_vswitch_ids | array | No | The list of pod vSwitches. You need to specify at least one pod vSwitch for each node vSwitch and the pod vSwitches must not be the same as the node vSwitches ( Note
The pod_vswitch_ids parameter is required if the cluster uses Terway as the network plug-in.
| |
string | No | The list of pod vSwitches. You need to specify at least one pod vSwitch for each node vSwitch and the pod vSwitches must not be the same as the node vSwitches ( Note
The pod_vswitch_ids parameter is required if the cluster uses Terway as the network plug-in.
| vsw-2ze97jwri7cei0mpw**** | |
container_cidr | string | No | The CIDR block of pods. You can specify 10.0.0.0/8, 172.16-31.0.0/12-16, 192.168.0.0/16, or their subnets as the CIDR block of pods. The CIDR block of pods cannot overlap with the CIDR block of the VPC in which the cluster is deployed and the CIDR blocks of existing clusters in the VPC. You cannot modify the pod CIDR block after the cluster is created. For more information about subnetting for ACK clusters, see Plan CIDR blocks for an ACK cluster that is deployed in a VPC. Note
This parameter is required if the cluster uses the Flannel plug-in.
| 172.20.0.0/16 |
service_cidr | string | Yes | The CIDR block of Services. Valid values: 10.0.0.0/16-24, 172.16-31.0.0/16-24, and 192.168.0.0/16-24. The CIDR block of Services cannot overlap with the CIDR block of the VPC (10.1.0.0/21) or the CIDR blocks of existing clusters in the VPC. You cannot modify the CIDR block of Services after the cluster is created. By default, the CIDR block of Services is set to 172.19.0.0/20. | 172.21.0.0/20 |
security_group_id | string | No | The ID of an existing security group. You need to choose between this parameter and the | sg-bp1bdue0qc1g7k**** |
is_enterprise_security_group | boolean | No | Specifies whether to create an advanced security group. This parameter takes effect only if Note
To use a basic security group, make sure that the sum of the number of nodes in the cluster and the number of pods that use Terway does not exceed 2,000. Therefore, if the cluster uses Terway, we recommend that you use an advanced security group.
Default value: | true |
snat_entry | boolean | No | Specifies whether to configure SNAT rules for the VPC where your cluster is deployed. Valid values:
Note
If this feature is disabled when you create the cluster, you can also manually enable this feature after you create the cluster. For more information, see Manually create a NAT gateway and configure SNAT rules.
Default value: | true |
endpoint_public_access | boolean | No | Specifies whether to enable Internet access for the cluster. You can use an elastic IP address (EIP) to expose the API server. This way, you can access the cluster over the Internet.
Default value: | true |
ssh_flags | boolean | No | Specifies whether to enable SSH logon over the Internet. If this parameter is set to true, you can log on to master nodes in an ACK dedicated cluster over the Internet. This parameter does not take effect in ACK managed clusters.
Default value: | true |
timezone | string | No | The time zone of the cluster. | Asia/Shanghai |
node_cidr_mask | string | No | The maximum number of IP addresses that can be assigned to nodes. This number is determined by the node CIDR block. This parameter takes effect only if the cluster uses Flannel as the network plug-in. Default value: | 25 |
user_ca | string | No | The custom certificate authority (CA) certificate used by the cluster. | -----BEGIN CERTIFICATE-----**** |
user_data | string | No | The user data of nodes. | IyEvdXNyL2Jpbi9iYXNoCmVjaG8gIkhlbGxvIEFD**** |
cluster_domain | string | No | The domain name of the cluster. The domain name can contain one or more parts that are separated by periods (.). Each part cannot exceed 63 characters in length, and can contain lowercase letters, digits, and hyphens (-). Each part must start and end with a lowercase letter or digit. | cluster.local |
node_name_mode | string | No | The name of the custom node. A custom node name consists of a prefix, an IP substring, and a suffix.
For example, if the node IP address is 192.168.0.55, the prefix is aliyun.com, the length of the IP address substring is 5, and the suffix is test, the node name will be aliyun.com00055test. | aliyun.com00055test |
custom_san | string | No | Specifies custom subject alternative names (SANs) for the API server certificate to accept requests from specified IP addresses or domain names. Multiple IP addresses and domain names are separated by commas (,). | cs.aliyun.com |
encryption_provider_key | string | No | The ID of a key that is managed by Key Management Service (KMS). The key is used to encrypt data disks. For more information, see KMS . Note
This feature supports only ACK Pro clusters.
| 0fe64791-55eb-4fc7-84c5-c6c7cdca**** |
service_account_issuer | string | No | Service accounts provide identities for pods when pods communicate with the For more information about | kubernetes.default.svc |
api_audiences | string | No | Service accounts provide identities for pods when pods communicate with the For more information about | kubernetes.default.svc |
image_id | string | No | Specifies a custom image for nodes. By default, the image provided by ACK is used. You can select a custom image to replace the default image. For more information, see Custom images. | m-bp16z7xko3vvv8gt**** |
rds_instances | array | No | The list of ApsaraDB RDS instances. Select the ApsaraDB RDS instances that you want to add to the whitelist. We recommend that you add the CIDR block of pods and CIDR block of nodes to the ApsaraDB RDS instances in the ApsaraDB RDS console. When you set the ApsaraDB RDS instances, you cannot scale out the number of nodes because the instances are not in the Running state. | |
string | No | The list of ApsaraDB RDS instances. Select the ApsaraDB RDS instances that you want to add to the whitelist. We recommend that you add the CIDR block of pods and CIDR block of nodes to the ApsaraDB RDS instances in the ApsaraDB RDS console. When you set the ApsaraDB RDS instances, you cannot scale out the number of nodes because the instances are not in the Running state. | rm-2zev748xi27xc**** | |
tags | array | No | The labels that you want to add to nodes. You must add tags based on the following rules:
| |
tag | No | The labels that you want to add to nodes. You must add tags based on the following rules:
| ||
addons | array | No | The components that you want to install in the cluster. When you create a cluster, you can set the Network plug-in: required. The Flannel and Terway plug-ins are supported. Select one of the plug-ins for the cluster.
Volume plug-in: required. The
Simple Log Service component: optional. We recommend that you enable Simple Log Service. If Simple Log Service is disabled, you cannot use the cluster auditing feature.
Ingress controller: optional. By default, the
Event center: optional. By default, the event center feature is enabled. You can use Kubernetes event centers to store and query events, and configure alert rules. You can use the Logstores that are associated with Kubernetes event centers for free within 90 days. For more information, see Create and use an event center. Enable the ack-node-problem-detector component in the following format: [{"name":"ack-node-problem-detector","config":"{"sls_project_name":"your_sls_project_name"}"}]. | |
addon | No | The components that you want to install in the cluster. When you create a cluster, you can set the | ||
taints | array | No | The taints of the nodes in the node pool. Taints are added to nodes to prevent pods from being scheduled to inappropriate nodes. However, tolerations allow pods to be scheduled to nodes with matching taints. For more information, see Taints and Tolerations. | |
taint | No | The taints of the nodes in the node pool. Taints are added to nodes to prevent pods from being scheduled to inappropriate nodes. However, tolerations allow pods to be scheduled to nodes with matching taints. For more information, see Taints and Tolerations. | ||
cloud_monitor_flags | boolean | No | Specifies whether to install the CloudMonitor agent. Valid values:
Default value: | true |
platform | string | No | The release version of the operating system. Valid values:
Default value: | CentOS |
os_type | string | No | The type of OS. Valid values:
Default value: | Linux |
soc_enabled | boolean | No | Reinforcement based on classified protection. For more information, see ACK reinforcement based on classified protection. Valid values:
Default value: | false |
cis_enabled | boolean | No | Specifies whether to enable Center for Internet Security (CIS) reinforcement. For more information, see CIS reinforcement. Valid values:
Default value: | false |
cpu_policy | string | No | The CPU management policy of the nodes in a node pool. The following policies are supported if the Kubernetes version of the cluster is 1.12.6 or later.
Default value: | none |
proxy_mode | string | No | The kube-proxy mode. Valid values:
Default value: | ipvs |
node_port_range | string | No | The node port range. Valid values: 30000 to 65535. Default value: | 30000~32767 |
key_pair | string | No | The name of the key pair. You must set this parameter or the | secrity-key |
login_password | string | No | The password for SSH logon. You must set this parameter or the | Hello@1234 |
master_count | long | No | The number of master nodes. Valid values: Default value: | 3 |
master_vswitch_ids | array | No | The IDs of the vSwitches that are specified for master nodes. You can specify up to three vSwitches. We recommend that you specify three vSwitches in different zones to ensure high availability. The number of vSwitches must be the same as that specified in | |
string | No | The IDs of the vSwitches that are specified for master nodes. You can specify up to three vSwitches. We recommend that you specify three vSwitches in different zones to ensure high availability. The number of vSwitches must be the same as that specified in | vsw-2ze3ds0mdip0hdz8i**** | |
master_instance_types | array | No | The Elastic Compute Service (ECS) instance types of master nodes. For more information, see Overview of instance families. | |
string | No | The instance types of master nodes. The number of specified instance types for master nodes must be the same as that specified in | ecs.n4.xlarge | |
master_system_disk_category | string | No | The type of system disk that you want to use for master nodes. Valid values:
Default value: | cloud_ssd |
master_system_disk_size | long | No | The size of the system disk that you want to use for master nodes. Valid values: 40 to 500. Unit: GiB. Default value: | 120 |
master_system_disk_performance_level | string | No | The performance level (PL) of the system disk that you want to use for master nodes. This parameter takes effect only for enhanced SSDs. For more information about the relationship between disk PLs and disk sizes, see ESSDs . | PL1 |
master_system_disk_snapshot_policy_id | string | No | The ID of the automatic snapshot policy that you want to use for the system disks of master nodes. | sp-2zej1nogjvovnz4z**** |
master_instance_charge_type | string | No | The billing method of master nodes. Valid values:
Default value: | PrePaid |
master_period_unit | string | No | The billing cycle of master nodes. This parameter is required if master_instance_charge_type is set to Set the value to | Month |
master_period | long | No | The subscription duration of master nodes. This parameter takes effect and is required only if Valid values: 1, 2, 3, 6, 12, 24, 36, 48, and 60. Default value: 1. | 1 |
master_auto_renew | boolean | No | Specifies whether to enable auto-renewal for master nodes. This parameter takes effect only if
Default value: | true |
master_auto_renew_period | long | No | The auto-renewal period for master nodes after the subscriptions of master nodes expire. This parameter takes effect and is required only if the subscription billing method is selected for master nodes. Valid values: 1, 2, 3, 6, and 12. Default value: 1. | 1 |
num_of_nodes | long | No | The number of worker nodes. Valid values: 0 to 100. | 3 |
vswitch_ids | array | Yes | The vSwitches that are specified for nodes in the cluster. This parameter is required when you create a managed Kubernetes cluster that does not contain nodes. | |
string | No | The vSwitches that are specified for nodes in the cluster. This parameter is required when you create a managed Kubernetes cluster that does not contain nodes. | vsw-2ze3ds0mdip0hdz8i**** | |
worker_vswitch_ids | array | No | The list of vSwitches that are specified for nodes. Each node is allocated a vSwitch. The | |
string | No | The list of vSwitches that are specified for worker nodes. You can specify 1 to 20 vSwitches. We recommend that you select vSwitches in different zones to ensure high availability. The | vsw-2ze3ds0mdip0hdz8i**** | |
worker_instance_types | array | No | The instance configurations of worker nodes. | |
string | No | The ECS instance types of worker nodes. You must specify at least one instance type. For more information, see Overview of instance families. Note
The instance types are listed in descending order of priority. If the system fails to create worker nodes with the instance type of the highest priority, the system attempts to create worker nodes with the instance type of the lower priority.
| ecs.n4.large | |
worker_system_disk_category | string | No | The category of the system disk that you attach to the worker node. For more information, see Elastic Block Storage devices. Valid values:
Default value: | cloud_efficiency |
worker_system_disk_size | long | No | The size of the system disk that you want to use for worker nodes. Unit: GiB. Valid values: 40 to 500. The value of this parameter must be at least 40 and no less than the image size. Default value: | 120 |
worker_system_disk_snapshot_policy_id | string | No | The ID of the automatic snapshot policy that you want to use for the system disks of worker nodes. | sp-2zej1nogjvovnz4z**** |
worker_system_disk_performance_level | string | No | If the system disk is an ESSD, you can set the PL of the ESSD. For more information, see ESSDs . Valid values:
| PL1 |
worker_data_disks | object [] | No | The configuration of the data disk that is mounted to worker nodes. The configuration includes disk type and disk size. | |
category | string | Yes | The data disk type. | cloud_essd |
encrypted | string | No | Specifies whether to encrypt a data disk. Valid values:
Default value: | true |
size | string | Yes | The size of the data disk. Valid values: 40 to 32767. | 120 |
performance_level | string | No | The performance level (PL) of a data disk. This parameter takes effect only on ESSDs. You can specify a higher PL if you increase the size of a data disk. For more information, see ESSDs . | PL1 |
worker_instance_charge_type | string | No | The billing method of worker nodes. Valid values:
Default value: PostPaid. | PrePaid |
worker_period_unit | string | No | The billing cycle of worker nodes. This parameter is required if worker_instance_charge_type is set to Set the value to | Month |
worker_period | long | No | The subscription duration of worker nodes. This parameter takes effect and is required only if Valid values: 1, 2, 3, 6, 12, 24, 36, 48, and 60. Default value: 1. | 1 |
worker_auto_renew | boolean | No | Specifies whether to enable auto-renewal for worker nodes. This parameter takes effect only if
Default value: | true |
worker_auto_renew_period | long | No | The auto-renewal period for worker nodes after the subscriptions of worker nodes expire. This parameter takes effect and is required only if the subscription billing method is selected for worker nodes. Valid values: 1, 2, 3, 6, and 12. | 1 |
instances | array | No | The list of existing ECS instances that are specified as worker nodes for the cluster. Note
This parameter is required when you create worker nodes on existing ECS instances.
| |
string | No | The list of existing ECS instances that are specified as worker nodes for the cluster. Note
This parameter is required when you create worker nodes on existing ECS instances.
| i-2ze4zxnm36vq00xn**** | |
format_disk | boolean | No | Specifies whether to mount a data disk to a node that is created based on an existing ECS instance. Valid values:
Default value: How to mount a data disk:
| false |
keep_instance_name | boolean | No | Specifies whether to retain the names of existing ECS instances that are used in the cluster. Valid values:
Default value: | true |
service_discovery_types | array | No | The type of service discovery that is implemented in the
By default, this parameter is not specified. | |
string | No | The type of service discovery that is implemented in the
By default, this parameter is not specified. | PrivateZone | |
nat_gateway | boolean | No | Specifies whether to create a NAT gateway and configure Source Network Address Translation (SNAT) rules when the system creates the ACK Serverless cluster. Valid values:
Default value: | true |
zone_id | string | No | The ID of the zone in which the cluster is deployed. This parameter takes effect in only ACK Serverless clusters. When you create an ACK Serverless cluster, you must configure | cn-beiji**** |
profile | string | No | The identifier that indicates whether the cluster is an ACK Edge cluster. To create an ACK Edge cluster, you must set this parameter to
| Default |
logging_type | string | No | Specifies whether to enable Simple Log Service for the cluster. Set the value to | SLS |
controlplane_log_ttl | string | No | The retention period of control plane logs in days. | 30 |
controlplane_log_project | string | No | The Simple Log Service project that is used to store the logs of control plane components. You can use an existing project or create one. If you choose to create a Simple Log Service project, the created project is named in the | k8s-log-xxx |
controlplane_log_components | array | No | The list of control plane components for which you want to enable log collection. By default, the logs of kube-apiserver, kube-controller-manager, and kube-scheduler are collected. | |
string | No | The list of control plane components for which you want to enable log collection. By default, the logs of kube-apiserver, kube-controller-manager, and kube-scheduler are collected. | ["apiserver","kcm","scheduler"] | |
deletion_protection | boolean | No | Specifies whether to enable deletion protection for the cluster. If deletion protection is enabled, the cluster cannot be deleted in the ACK console or by calling API operations. Valid values:
Default value: | true |
disable_rollback | boolean | No | Specifies whether to perform a rollback if the cluster fails to be created. Valid values:
Default value: | true |
timeout_mins | long | No | Specifies the timeout period of cluster creation. Unit: minutes. Default value: | 60 |
image_type | string | No | The type of OS distribution that you want to use. To specify the node OS, we recommend that you use this parameter. Valid values:
Default value: | AliyunLinux |
load_balancer_spec | string | No | The specification of the Server Load Balancer (SLB) instance. Valid values:
Default value: | slb.s2.small |
enable_rrsa | boolean | No | Specifies whether to enable the RAM Roles for Service Accounts (RRSA) feature. | true |
resource_group_id | string | No | The ID of the resource group to which the cluster belongs. You can use resource groups to isolate clusters. | rg-acfm3mkrure**** |
charge_type | string | No | The billing method of the cluster. | 1 |
period_unit | string | No | The unit of the subscription duration. | Month |
period | long | No | The subscription duration. | FY2023 |
ip_stack | string | No | The cluster IP stack. | Optional value: IPv4 (Single stack) or IPv6 (Dual Stack) Default value: IPV4 |
nodepools | array | No | The list of node pools. | |
nodepool | No | The node pool configurations. | ||
access_control_list | array | No | The network access control list (ACL) of the SLB instance associated with the API server if the cluster is a registered cluster. | |
string | No | The network access control list (ACL) of the SLB instance associated with the API server if the cluster is a registered cluster. | 192.168.1.0/24 |
Response parameters
Examples
Sample success responses
JSON
format
{
"cluster_id": "cb95aa626a47740afbf6aa099b650****",
"request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1",
"task_id": "T-5a54309c80282e39ea00002f"
}
Examples
Sample success responses
JSON
format
{
"cluster_id": "cb95aa626a47740afbf6aa099b650****",
"task_id": "T-5a54309c80282e39ea00002f",
"request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1"
}
XML
format
<cluster_id>cb95aa626a47740afbf6aa099b650****</cluster_id>
<task_id>T-5a54309c80282e39ea00002f</task_id>
<request_id>687C5BAA-D103-4993-884B-C35E4314A1E1</request_id>
Error codes
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||
---|---|---|---|---|
2023-08-21 | The internal configuration of the API is changed, but the call is not affected | see changesets | ||
| ||||
2023-08-08 | The internal configuration of the API is changed, but the call is not affected | see changesets | ||
| ||||
2022-09-23 | The internal configuration of the API is changed, but the call is not affected | see changesets | ||
| ||||
2022-08-02 | The internal configuration of the API is changed, but the call is not affected | see changesets | ||
| ||||
2021-11-24 | The internal configuration of the API is changed, but the call is not affected | see changesets | ||
|