Use Alibaba Cloud CLI to manage Distributed Cloud Container Platform for Kubernetes (ACK One) - Container Service for Kubernetes

This topic describes how to use Distributed Cloud Container Platform for Kubernetes to call the DescribeHubClusters operation of the Distributed Cloud Container Platform for Kubernetes (ACK One) API to query the master instances that belong to your Alibaba Cloud account.

Before you start

Alibaba Cloud CLI is a general-purpose command-line tool that is developed based on the OpenAPI Specification. You can use Alibaba Cloud CLI to automate the management and maintenance of resources in Distributed Cloud Container Platform for Kubernetes. For more information, see What is Alibaba Cloud CLI?

Step 1: Install Alibaba Cloud CLI

You must install Alibaba Cloud CLI before you can use it. Alibaba Cloud CLI supports Windows, Linux, and macOS. When you install Alibaba Cloud CLI, select the installation package based on the operating system of your device.

Cloud Shell is pre-installed with Alibaba Cloud CLI. When you start Cloud Shell, it is automatically configured with your identity credentials. You can use Alibaba Cloud CLI in Cloud Shell. For more information, see What is Cloud Shell?

Step 2: Configure Alibaba Cloud CLI

Important

An Alibaba Cloud account has the permissions to manage and access the APIs of all Alibaba Cloud services. Security risks may arise when you use an Alibaba Cloud account to call API operations. We recommend that you create a Resource Access Management (RAM) user and grant the required permissions to the RAM use based on the least privilege principle. Then, you can use the RAM user to call API operations. For more information about the system policies for Distributed Cloud Container Platform for Kubernetes, see AliyunAdcpFullAccess and AliyunAdcpReadOnlyAccess.

Before you use Alibaba Cloud CLI, you must specify your identity credentials and region ID, in Alibaba Cloud CLI. Alibaba Cloud CLI supports various types of identity credentials. For more information, see Credential types. Alibaba Cloud CLI supports credentials of the AccessKey pair type. To create an AccessKey pair, perform the following steps:

Create a RAM user and create an AccessKey pair for the RAM user to configure identity credentials. For more information, see Create a RAM user and Create an AccessKey pair.
Grant the required permissions to the RAM user. In this example, the AliyunContainerRegistryReadOnlyAccess policy is attached to the RAM user to grant the RAM user read-only permissions on Distributed Cloud Container Platform for Kubernetes For more information, see Grant permissions to a RAM user.
Obtain the ID of the region in which you want to configure identity credentials. Alibaba Cloud CLI initiates API calls in the region that you specify. We recommend that you specify the ID of the region where your clusters reside. For more information about the regions in which Distributed Cloud Container Platform for Kubernetes is available, see Endpoints.
Note
When you use Alibaba Cloud CLI, you can use the --region option to specify the region from which you want to initiate a call. If you use the option to specify a region, Alibaba Cloud CLI ignores the region information in the default credentials and environment variables. For more information, see Command line options for API calls.
Use the AccessKey pair of the RAM user to configure identity credentials in a profile named AkProfile. For more information, see Configuration examples.

Step 3: Generate a sample command

Call the DescribeHubClusters operation in OpenAPI Explorer.
On the Parameters tab, configure the request parameters. Then, click the CLI Example tab to view the generated sample command.
Copy the command or run the command in Cloud Shell.
- Click the icon to run the command in Cloud Shell. You can quickly debug the command in the Cloud Shell window.
- Click the icon to copy the sample command to the clipboard. Then, paste the sample command into your on-premises shell to run the sample command.
Note
- When you paste the CLI command into your on-premises shell for debugging, take note of the parameter formats. For more information about the parameter formats required by Alibaba Cloud CLI, see Parameter formats.
- By default, OpenAPI Explorer adds the --region option to the sample command. When you copy the command to your shell, Alibaba Cloud CLI ignores the region information in the default identity credentials and environment variables, and preferentially runs the command in the region specified by the option. You can delete or retain the option based on your business requirements.

Step 4: Call the Distributed Cloud Container Platform for Kubernetes API

Example 1: Query operations of the Distributed Cloud Container Platform for Kubernetes supported by Alibaba Cloud CLI

The following example describes how to use the --help option to query the operations of the Distributed Cloud Container Platform for Kubernetes API supported by Alibaba Cloud CLI. For more information, see List of operations by function.

Run the following command:
```
aliyun adcp --help
```
Expected output:

Example 2: Query a list of master instances that belong to your Alibaba Cloud account

The following example describes how to call the DescribeHubClusters operation of the Distributed Cloud Container Platform for Kubernetes API. You can use this operation to query master instances based on the master instance type and resource ID. For more information, see DescribeHubClusters - Queries master instances.

Run the following command:

aliyun adcp DescribeHubClusters --ResourceGroupId 'rg-aek3dinj3xkf***' --Profile Default

Expected output:

{
  "RequestId": "2D676EFC-8C04-5CCE-A08E-BB97D24B47E8",
  "Clusters": [
    {
      "Endpoints": {
        "IntranetApiServerEndpoint": "https://172.16.6.**:6443\n",
        "PublicApiServerEndpoint": "https://123.57.21.***:6443\n"
      },
      "ClusterInfo": {
        "Profile": "Default",
        "CreationTime": "2021-11-05T10:25:48Z",
        "UpdateTime": "2021-09-02T13:39:50Z",
        "ErrorMessage": "Success",
        "Version": "1.22.3-aliyun.1\n",
        "State": "running",
        "ClusterId": "c2d3e0121ea214b438010502a8019****",
        "Name": "ackone-heyuan",
        "RegionId": "cn-beijing",
        "ClusterSpec": "ack.pro.small",
        "ResourceGroupID": "rg-dt6rk4xm1r6***",
        "Tags": [
          {
            "Key": "headername",
            "Value": "release"
          }
        ]
      },
      "Network": {
        "VpcId": "vpc-2zeusrwi7c2mlww4a****",
        "VSwitches": [
          "[\"vsw-2ze1h7tt2fgr1gxlx****\"]"
        ],
        "SecurityGroupIDs": [
          "[\"sg-2ze1h7tt2fgr****\"]\n"
        ],
        "ClusterDomain": "cluster.local"
      },
      "ApiServer": {
        "EnabledPublic": true,
        "LoadBalancerId": "lb-bp1qyp4l6bscqxw69****",
        "ApiServerEipId": "eip-xxx"
      },
      "MeshConfig": {
        "EnableMesh": false,
        "MeshId": "c2d3e0121ea214b438010502a8019****"
      },
      "LogConfig": {
        "EnableLog": true,
        "LogProject": "audit-log-abc",
        "LogStoreTTL": "7"
      },
      "Conditions": [
        {
          "Type": "DeletionProtection",
          "Status": "True",
          "Reason": "Successful",
          "Message": "Successful!"
        }
      ]
    }
  ]
}

Note

If an error is returned after you call the operation of the Distributed Cloud Container Platform for Kubernetes API, check whether the request parameters and values are valid based on the error code.
You can also perform diagnostics based on the returned request ID or SDK error information on the OpenAPI problem diagnosis page.