This product(
CS/2015-12-15) OpenAPI adopts ROA Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
API catalog
| API | Title | Description |
|---|---|---|
| OpenAckService | OpenAckService | When you use Container Service for Kubernetes (ACK) for the first time, you must activate ACK by using an Alibaba Cloud account or RAM user with the required permissions and complete ACK authorization. |
Cluster
| API | Title | Description |
|---|---|---|
| CreateCluster | CreateCluster | Creates a Container Service for Kubernetes (ACK) cluster. For example, you can create an ACK managed cluster, ACK Serverless cluster, ACK Edge cluster, or registered cluster. When you create an ACK cluster, you need to configure the cluster information, components, and cloud resources used by ACK. |
| DeleteCluster | DeleteCluster | You can call the DeleteCluster operation to delete a cluster and specify whether to delete or retain the relevant cluster resources. Before you delete a cluster, you must manually delete workloads in the cluster, such as Deployments, StatefulSets, Jobs, and CronJobs. Otherwise, you may fail to delete the cluster. |
| DescribeClustersV1 | DescribeClustersV1 | Queries the details about Container Service for Kubernetes (ACK) clusters of specified types or specifications within an account. |
| DescribeClustersForRegion | DescribeClustersForRegion | Queries all clusters in a specified region. |
| DescribeClusterDetail | DescribeClusterDetail | You can call the DescribeClusterDetail operation to query the details of a Container Service for Kubernetes (ACK) cluster by cluster ID. |
| DescribeClusterResources | DescribeClusterResources | You can call the DescribeClusterResources operation to query all resources in a cluster by cluster ID. |
| DescribeKubernetesVersionMetadata | DescribeKubernetesVersionMetadata | Queries the detailed information about Kubernetes versions, including the version number, release date, expiration date, compatible OSs, and runtime. |
| DescribeUserClusterNamespaces | DescribeUserClusterNamespaces | You can use Kubernetes namespaces to limit users from accessing resources in a Container Service for Kubernetes (ACK) cluster. Users that are granted Role-Based Access Control (RBAC) permissions only on one namespace cannot access resources in other namespaces. Queries the RBAC permissions that are granted to the current Resource Access Management (RAM) user or RAM role on an ACK cluster. |
| DescribeClusterLogs | DescribeClusterLogs | Queries the cluster log to help analyze cluster issues and locate the cause. |
| RunClusterCheck | RunClusterCheck | Container Intelligence Service (CIS) provides a variety of cluster check capabilities to allow you to perform cluster update check, cluster migration check, component installation check, component update check, and node pool check. A precheck is automatically triggered before an update, migration, or installation is performed. You can perform changes only if the cluster passes the precheck. You can also manually call the RunClusterCheck operation to initiate cluster checks. We recommend that you periodically check and maintain your cluster to mitigate potential risks. |
| ListClusterChecks | ListClusterChecks | You can call the ListClusterChecks operation to query all the cluster check results of a cluster. |
| GetClusterCheck | GetClusterCheck | Queries a cluster check task by cluster ID and task ID. You can view the status, check items, creation time, and end time of the task. Container Intelligence Service (CIS) provides a variety of Kubernetes cluster check features, including cluster update check, cluster migration check, component installation check, component update check, and node pool check. |
| CreateClusterDiagnosis | CreateClusterDiagnosis | Starts a cluster diagnostic. |
| GetClusterDiagnosisResult | GetClusterDiagnosisResult | Queries cluster diagnostic results. |
| GetClusterDiagnosisCheckItems | GetClusterDiagnosisCheckItems | Queries cluster diagnostic items. |
| ModifyCluster | ModifyCluster | You can call the ModifyCluster operation to modify the cluster configurations by cluster ID. |
| MigrateCluster | MigrateCluster | Container Service for Kubernetes (ACK) Pro clusters are developed based on ACK Basic clusters. ACK Pro clusters provide all benefits of ACK managed clusters, such as fully-managed control planes and control plane high availability. In addition, ACK Pro clusters provide you with enhanced reliability, security, and schedulability. ACK Pro clusters are covered by the SLA that supports compensation clauses. ACK Pro clusters are suitable for large-scale businesses that require high stability and security in production environments. We recommend that you migrate from ACK Basic clusters to ACK Pro clusters. |
| DescribeClusterUserKubeconfig | DescribeClusterUserKubeconfig | Kubeconfig files store identity and authentication information that is used by clients to access Container Service for Kubernetes (ACK) clusters. To use a kubectl client to manage an ACK cluster, you need to use the corresponding kubeconfig file to connect to the ACK cluster. We recommend that you keep kubeconfig files confidential and revoke kubeconfig files that are not in use. This helps prevent data leaks caused by the disclosure of kubeconfig files. |
| DescribeSubaccountK8sClusterUserConfig | DescribeSubaccountK8sClusterUserConfig | Queries or issues the kubeconfig credentials of a Resource Access Management (RAM) user or RAM role of the account. If you are the permission manager of a Container Service for Kubernetes (ACK) cluster, you can issue the kubeconfig credentials to a specific RAM user or RAM role of the account by using the Alibaba Cloud account. The kubeconfig credentials, which are used to connect to the ACK cluster, contain the identity information about the RAM user or RAM role. |
| ListUserKubeConfigStates | ListUserKubeConfigStates | You can call the ListUserKubeConfigStates operation to query the status of the kubeconfig files of all clusters managed by the current user. |
| ListClusterKubeconfigStates | ListClusterKubeconfigStates | Queries the kubeconfig files that are issued to users for the current cluster and the status of the kubeconfig files. |
| RevokeK8sClusterKubeConfig | RevokeK8sClusterKubeConfig | You can call the RevokeK8sClusterKubeConfig operation to revoke the kubeconfig file of a cluster that belongs to the current Alibaba Cloud account or RAM user. After the kubeconfig file is revoked, the cluster generates a new kubeconfig file, and the original kubeconfig file becomes invalid. |
| CleanClusterUserPermissions | CleanClusterUserPermissions | Deletes kubeconfig files that may pose potential risks from a user and revokes Role-Based Access Control (RBAC) permissions on a cluster. |
| CleanUserPermissions | CleanUserPermissions | You can call the CleanUserPermissions operation to delete the kubeconfig files of the specified users and revoke the relevant Role-Based Access Control (RBAC) permissions. This API operation is suitable for scenarios where employees have resigned or the accounts of employees are locked. |
| UpdateK8sClusterUserConfigExpire | UpdateK8sClusterUserConfigExpire | Sets the validity period of a kubeconfig file used by a Resource Access Management (RAM) user or RAM role to connect to a Container Service for Kubernetes (ACK) cluster. The validity period ranges from 1 to 876,000 hours. You can call this API operation when you customize configurations by using an Alibaba Cloud account. The default validity period of a kubeconfig file is three years. |
| ScanClusterVuls | ScanClusterVuls | Scans for vulnerabilities in a Container Service for Kubernetes (ACK) cluster, including workload vulnerabilities, third-party software vulnerabilities, CVE vulnerabilities, WebCMS vulnerabilities, and Windows vulnerabilities. We recommend that you scan your cluster on a regular basis to ensure cluster security. |
| DescribeClusterVuls | DescribeClusterVuls | Queries the security vulnerability details of a cluster by cluster ID. The details include vulnerability name, vulnerability type, and vulnerability severity. We recommend that you scan your cluster on a regular basis to ensure cluster security. |
Node
| API | Title | Description |
|---|---|---|
| DescribeClusterNodes | DescribeClusterNodes | null |
| DeleteClusterNodes | DeleteClusterNodes | Removes nodes from a Container Service for Kubernetes (ACK) cluster. When you remove nodes, you can specify whether to release the Elastic Compute Service (ECS) instances and drain the nodes. When you remove nodes, pods on the nodes are migrated. This may adversely affect your businesses. We recommend that you back up data and perform this operation during off-peak hours. |
| AttachInstances | AttachInstances | Adds existing Elastic Compute Service (ECS) instances to a Container Service for Kubernetes (ACK) cluster. When you need to add an ECS instance as a worker node to an ACK cluster or re-add a worker node to the cluster, you can call this operation. |
Add-ons
| API | Title | Description |
|---|---|---|
| InstallClusterAddons | InstallClusterAddons | Installs a component by specifying the name and version of the component. To enhance Kubernetes capabilities, you can install a variety of components in Container Service for Kubernetes (ACK) clusters, such as fully-managed core components and application, logging and monitoring, network, storage, and security group components. |
| UnInstallClusterAddons | UnInstallClusterAddons | Uninstalls components that you no longer need from a cluster. You must specify the name of the components and specify whether to release associated Alibaba Cloud resources from the cluster. |
| DescribeAddons | (Deprecated)DescribeAddons | You can call the DescribeAddons operation to query the details about all components that are supported by Container Service for Kubernetes (ACK). |
| DescribeClusterAddonsVersion | (Deprecated)DescribeClusterAddonsVersion | You can call the DescribeClusterAddonsVersion operation to query the details about all components in a cluster by cluster ID. |
| DescribeClusterAddonInstance | DescribeClusterAddonInstance | You can call the DescribeClusterAddonInstance operation to query the information about a cluster component, including the version, status, and configuration of the component. |
| ListAddons | ListAddons | Queries the available components based on specific conditions such as the region, cluster type, cluster subtype defined by cluster profile, and cluster version and queries the detailed information about a component. The information includes whether the component is managed, the supported custom parameter schema, and compatible operating system architecture. |
| ListClusterAddonInstances | ListClusterAddonInstances | Queries the component instances that are running in the specified cluster and the information about the component instances. The information includes the component version and status. |
| GetClusterAddonInstance | GetClusterAddonInstance | You can call the GetClusterAddonInstance operation to query the information of a component instance in a cluster, including the version, configurations, and log status of the component instance. |
| DescribeAddon | DescribeAddon | Queries the information about a component based on specific conditions such as the region, cluster type, cluster subtype defined by cluster profile, cluster version, and component name. The information includes whether the component is managed, the component type, supported custom parameter schema, compatible operating system architecture, and earliest supported cluster version. |
| ModifyClusterAddon | ModifyClusterAddon | Modifies the configuration of a cluster component. This operation may affect your businesses. We recommend that you assess the impact, back up data, and perform the operation during off-peak hours. |
| DescribeClusterAddonMetadata | (Deprecated)DescribeClusterAddonMetadata | You can call the DescribeClusterAddonMetadata operation to query the metadata of a component version. The metadata includes the component version and available parameters. |
| UpgradeClusterAddons | UpgradeClusterAddons | Updates cluster components to use new features and patch vulnerabilities. You must update cluster components one after one and update a component only after the previous one is successfully updated. Before you update a component, we recommend that you read the update notes for each component. Cluster component updates may affect your businesses. Assess the impact, back up data, and perform the update during off-peak hours. |
| DescribeClusterAddonsUpgradeStatus | (Deprecated)DescribeClusterAddonsUpgradeStatus | You can call the DescribeClusterAddonsUpgradeStatus operation to query the update progress of a component by component name. |
Upgrade
| API | Title | Description |
|---|---|---|
| UpgradeCluster | UpgradeCluster | You can call the UpgradeCluster operation to upgrade a cluster by cluster ID. |
| GetUpgradeStatus | (Deprecated)GetUpgradeStatus | You can call the GetUpgradeStatus operation to query the update progress of a cluster by cluster ID. |
| PauseClusterUpgrade | (Deprecated)PauseClusterUpgrade | You can call the PauseClusterUpgrade operation to pause the update of a Container Service for Kubernetes (ACK) cluster. |
| CancelClusterUpgrade | (Deprecated)CancelClusterUpgrade | You can call the CancelClusterUpgrade operation to cancel the update of a cluster. |
| ResumeUpgradeCluster | (Deprecated)ResumeUpgradeCluster | You can call the ResumeUpgradeCluster operation to resume the update of a cluster by cluster ID. |
Permissions
| API | Title | Description |
|---|---|---|
| DescribeUserPermission | DescribeUserPermission | In an Container Service for Kubernetes (ACK) cluster, you can create and specify different Resource Access Management (RAM) users or roles to have different access permissions. This ensures access control and resource isolation. You can call the DescribeUserPermission operation to query the permissions that are granted to a RAM user or RAM role on ACK clusters, including the resources that are allowed to access, the scope of the permissions, the predefined role, and the permission source. |
| GrantPermissions | GrantPermissions | Updates the role-based access control (RBAC) permissions of a Resource Access Management (RAM) user or RAM role. By default, you do not have the RBAC permissions on a Container Service for Kubernetes (ACK) cluster if you are not the cluster owner or you are not using an Alibaba Cloud account. You can call this operation to specify the resources that can be accessed, permission scope, and predefined roles. This helps you better manage the access control on resources in ACK clusters. |
| UpdateUserPermissions | UpdateUserPermissions | Updates the role-based access control (RBAC) permissions of a Resource Access Management (RAM) user or RAM role. By default, you do not have the RBAC permissions on a Container Service for Kubernetes (ACK) cluster if you are not the cluster owner or you are not using an Alibaba Cloud account. You can call this operation to specify the resources that can be accessed, permission scope, and predefined roles. This helps you better manage the access control on resources in ACK clusters. |
| CheckServiceRole | CheckServiceRole | Checks whether the specified service roles are granted to Container Service for Kubernetes (ACK) within the current Alibaba Cloud account. ACK can access other cloud services, such as Elastic Compute Service (ECS), Object Storage Service (OSS), File Storage NAS (NAS), and Server Load Balancer (SLB), only after ACK is assigned the required service roles. |
Template
| API | Title | Description |
|---|---|---|
| CreateTemplate | CreateTemplate | Creates an orchestration template. An orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can use orchestration templates to manage resources in Kubernetes clusters and automate resource deployment, such as pods, Services, Deployments, ConfigMaps, and persistent volumes (PVs). |
| DescribeTemplateAttribute | DescribeTemplateAttribute | An orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can call the DescribeTemplates API operation to query orchestration templates and their detailed information, including access permissions, YAML content, and labels. |
| DescribeTemplates | DescribeTemplates | An orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can call the DescribeTemplates API operation to query orchestration templates and their detailed information, including access permissions, YAML content, and labels. |
| UpdateTemplate | UpdateTemplate | Updates the configurations of an orchestration template. An orchestration template defines and describes a group of Container Service for Kubernetes (ACK) resources. An orchestration template describes the configurations of an application or how an application runs in a declarative manner. |
| DeleteTemplate | DeleteTemplate | Deletes the orchestration templates that you no longer need. |
Trigger
| API | Title | Description |
|---|---|---|
| CreateTrigger | CreateTrigger | Creates a trigger for an application to redeploy the application pods when specific conditions are met. |
| DeleteTrigger | DeleteTrigger | Deletes an application trigger. |
| DescribeTrigger | DescribeTrigger | Queries triggers that match specific conditions. |
Labels
| API | Title | Description |
|---|---|---|
| ListTagResources | ListTagResources | Queries resource labels and the detailed information, such as the key-value pairs of the labels and the clusters to which the labels are added. You can use labels to classify and manage Container Service for Kubernetes (ACK) clusters in order to meet monitoring, cost analysis, and tenant isolation requirements. |
| TagResources | TagResources | You can add labels in key-value pairs to clusters. This allows cluster developers or O\\\&M engineers to classify and manage clusters in a more flexible manner. This also meets the requirements for monitoring, cost analysis, and tenant isolation. You can call the TagResources operation to add labels to a cluster. |
| UntagResources | UntagResources | If you no longer need the labels (key-value pairs) of a cluster, you can call the UntagResources operation to delete the labels. |
| ModifyClusterTags | ModifyClusterTags | You can add labels in key-value pairs to clusters. This allows cluster developers or O\\\&M engineers to classify and manage clusters in a more flexible manner. This also meets the requirements for monitoring, cost analysis, and tenant isolation. You can call the ModifyClusterTags operation to modify the labels of a cluster. |
Alarm
| API | Title | Description |
|---|---|---|
| StartAlert | StartAlert | Activates the specified alert rule(s). |
| UpdateContactGroupForAlert | UpdateContactGroupForAlert | You can call the UpdateContactGroupForAlert operation to specify a contact group for an alert rule in an ACK cluster. |
| StopAlert | StopAlert | You can call the StopAlert operation to disable an alert rule or an alert rule set in the alert center of Container Service for Kubernetes (ACK). |
| DeleteAlertContact | DeleteAlertContact | Deletes one or more ACK alert contacts. |
| DeleteAlertContactGroup | DeleteAlertContactGroup | Deletes an ACK alert contact group. |
Logs
| API | Title | Description |
|---|---|---|
| UpdateControlPlaneLog | UpdateControlPlaneLog | Modifies the log configurations of control plane components. The configurations include the log retention period and components whose logs that you want to collect. Container Service for Kubernetes (ACK) managed clusters can collect the logs of control plane components and deliver the logs to projects in Simple Log Service. These control plane components include Kube-apiserver, kube-scheduler, Kubernetes controller manager, and cloud controller manager (CCM). |
| CheckControlPlaneLogEnable | CheckControlPlaneLogEnable | Queries the current log configuration of control plane components, including the log retention period and the log collection component. Container Service for Kubernetes (ACK) managed clusters can collect the logs of control plane components and deliver the logs to projects in Simple Log Service. These control plane components include Kube API Server, Kube Scheduler, Kube Controller Manager, and Cloud Controller Manager. |
| GetClusterAuditProject | GetClusterAuditProject | You can call the GetClusterAuditProject operation to check whether the cluster has API Server auditing enabled and the corresponding Simple Log Service project that stores API Server audit logs. |
| UpdateClusterAuditLogConfig | UpdateClusterAuditLogConfig | You can call the UpdateClusterAuditLogConfig operation to enable or disable the audit log feature in a Container Service for Kubernetes (ACK) cluster and update the audit log configuration. This operation also allows you to record requests to the Kubernetes API and the responses, which can be used to trace cluster operation history and troubleshoot cluster issues. |
Event
| API | Title | Description |
|---|---|---|
| DescribeEventsForRegion | DescribeEventsForRegion | Queries all events in a specified region. |
| DescribeEvents | DescribeEvents | Queries the detailed information about a type of events, including the severity level, status, and time. Events are generated when clusters are created, modified, and updated, node pools are created and scaled out, and components are installed. |
| DescribeClusterEvents | DescribeClusterEvents | Queries events and event details in a Container Service for Kubernetes (ACK) cluster, including the severity level, status, and start time of each event. Events are generated when clusters created, modified, and updated, node pools are created and scaled out, and components are installed. |
Task
| API | Title | Description |
|---|---|---|
| DescribeTaskInfo | DescribeTaskInfo | Queries detailed information about a task, such as the task type, status, and progress. |
| PauseTask | PauseTask | Pauses an on-going task. |
| ResumeTask | ResumeTask | Resumes a task. |
| CancelTask | CancelTask | Cancels the execution of a cluster task. |
| DescribeClusterTasks | DescribeClusterTasks | Queries tasks in a Container Service for Kubernetes (ACK) cluster. |
Policies
| API | Title | Description |
|---|---|---|
| DeletePolicyInstance | DeletePolicyInstance | Deletes policy instances in a Container Service for Kubernetes (ACK) cluster. |
| ModifyPolicyInstance | ModifyPolicyInstance | Updates a policy in a specific Container Service for Kubernetes (ACK) cluster. You can modify the action of the policy such as alerting or denying and namespaces to which the policy applies. |
| DescribePolicies | DescribePolicies | Queries a list of security policies. Container Service for Kubernetes (ACK) clusters offer a variety of built-in container security policies, such as Compliance, Infra, K8s-general, and pod security policy (PSP). You can use these policies to ensure the security of containers running in a production environment. |
| DescribePolicyDetails | DescribePolicyDetails | Queries the detailed information about a policy. The information includes the content, action, and severity level of the policy. Container Service for Kubernetes (ACK) provides the following types of predefined security policies: Compliance, Infra, K8s-general, and pod security policy (PSP). These policies ensure that containers are running in the production environment in a secure manner. |
| DescribePolicyGovernanceInCluster | DescribePolicyGovernanceInCluster | Container Service for Kubernetes (ACK) clusters offer a variety of built-in container security policies, such as Compliance, Infra, K8s-general, and pod security policy (PSP). You can use these policies to ensure the security of containers running in a production environment. You can call the DescribePolicyGovernanceInCluster operation to query the details of policies for an ACK cluster. For example, you can query the number of policies that are enabled per severity level, the audit logs of policies, and the blocking and alerting information. |
| DeployPolicyInstance | DeployPolicyInstance | Deploys a policy in the specified namespaces of a specific Container Service for Kubernetes (ACK) cluster. You can create and deploy a security policy by specifying the policy type, action of the policy such as alerting or denying, and namespaces to which the policy applies. |
Others
| API | Title | Description |
|---|---|---|
| DescribeUserQuota | DescribeUserQuota | Queries quotas related to Container Service for Kubernetes (ACK) clusters, node pools, and nodes. To increase a quota, submit an application in the Quota Center console. |
| ListOperationPlans | ListOperationPlans | Queries the automated maintenance schedules of a cluster. |
| CancelOperationPlan | CancelOperationPlan | You can call the CancelOperationPlan operation to cancel a pending auto O\\\\\\\\\\&M plan. |
| UpdateResourcesDeleteProtection | UpdateResourcesDeleteProtection | Updates the deletion protection status of the specified resources. You can enable or disable deletion protection for namespaces and Services. You can call this operation to enable deletion protection for namespaces or Services that involve businesses-critical and sensitive data to avoid incurring maintenance costs caused by accidental namespace or Service deletion. |
Deprecated
| API | Title | Description |
|---|---|---|
| DescribeExternalAgent | DescribeExternalAgent | Queries the proxy configurations of a registered cluster by cluster ID. |
| CreateKubernetesTrigger | CreateKubernetesTrigger | You can call the CreateKubernetesTrigger operation to create a trigger for an application. |
| ResumeComponentUpgrade | ResumeComponentUpgrade | You can call the ResumeComponentUpgrade operation to resume the update of a component. |
| PauseComponentUpgrade | PauseComponentUpgrade | You can call the PauseComponentUpgrade operation to pause the update of a component. |
| GetKubernetesTrigger | GetKubernetesTrigger | You can call the GetKubernetesTrigger operationto query the triggers of an application by application name. |
| DescribeClusters | DescribeClusters | Queries all the clusters that belong to the current Alibaba Cloud account, including Kubernetes clusters and Swarm clusters. |
| DescribeClusterAddonUpgradeStatus | DescribeClusterAddonUpgradeStatus | You can call the DescribeClusterAddonUpgradeStatus operation to query the update progress of a cluster component. |
| CancelComponentUpgrade | CancelComponentUpgrade | You can call the CancelComponentUpgrade operation to cancel the update of a component. |
| DeleteKubernetesTrigger | DeleteKubernetesTrigger | You can call the DeleteKubernetesTrigger operation to delete an application trigger by trigger ID |