You can call the CreateCluster operation to create a Container Service for Kubernetes (ACK) managed cluster that contains a specified number of nodes.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request syntax

POST /clusters HTTP/1.1 
Content-Type:application/json
{
  "name" : "String",
  "region_id" : "String",
  "cluster_type" : "String",
  "cluster_spec" : "String",
  "kubernetes_version" : "String",
  "runtime" : {
    "name" : "String",
    "version" : "String"
  },
  "vpcid" : "String",
  "pod_vswitch_ids" : [ "String" ],
  "container_cidr" : "String",
  "service_cidr" : "String",
  "security_group_id" : "String",
  "is_enterprise_security_group" : Boolean,
  "snat_entry" : Boolean,
  "endpoint_public_access" : Boolean,
  "timezone" : "String",
  "node_cidr_mask" : "String",
  "user_data" : "String",
  "cluster_domain" : "String",
  "node_name_mode" : "String",
  "custom_san" : "String",
  "encryption_provider_key" : "String",
  "service_account_issuer" : "String",
  "api_audiences" : "String",
  "image_id" : "String",
  "rds_instances" : [ "String" ],
  "tags" : [ {
    "key" : "String",
    "value" : "String"
  } ],
  "addons" : [ {
    "name" : "String",
    "config" : "String",
    "disabled" : Boolean
  } ],
  "taints" : [ {
    "key" : "String",
    "value" : "String",
    "effect" : "String"
  } ],
  "cloud_monitor_flags" : Boolean,
  "platform" : "String",
  "os_type" : "String",
  "soc_enabled" : Boolean,
  "cis_enabled" : Boolean,
  "cpu_policy" : "String",
  "proxy_mode" : "String",
  "key_pair" : "String",
  "login_password" : "String",
  "num_of_nodes" : Long,
  "vswitch_ids" : [ "String" ],
  "worker_instance_types" : [ "String" ],
  "worker_system_disk_category" : "String",
  "worker_system_disk_size" : Long,
  "worker_data_disks" : [ {
    "category" : "String",
    "size" : Long,
    "encrypted" : "String",
    "auto_snapshot_policy_id" : "String"
  } ],
  "worker_instance_charge_type" : "String",
  "worker_period_unit" : "String",
  "worker_period" : Long,
  "worker_auto_renew" : Boolean,
  "worker_auto_renew_period" : Long,
  "instances" : [ "String" ],
  "format_disk" : Boolean,
  "keep_instance_name" : Boolean,
  "controlplane_log_ttl" : "String",
  "controlplane_log_project" : "String",
  "controlplane_log_components" : [ "String" ],
  "deletion_protection" : Boolean,
  "disable_rollback" : Boolean,
  "timeout_mins" : Long
}

Request parameters

Table 1. Request body parameters
Parameter Type Required Example Description
cluster_type String Yes ManagedKubernetes The type of the cluster. Set the value to ManagedKubernetes to create an ACK standard cluster.
key_pair String Yes secrity-key The name of the key pair. You must set this parameter or the login_password parameter.
login_password String Yes Hello@1234 The password for SSH logon. You must set this parameter or the key_pair parameter. The password must be 8 to 30 characters in length, and must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
name String Yes cluster-demo

The name of the cluster.

The name must be 1 to 63 characters in length, and can contain digits, letters, and hyphens (-). It cannot start with a hyphen (-).

num_of_nodes Long Yes 3 The number of worker nodes. Valid values: 0 to 100.
region_id String Yes cn-beijing The ID of the region in which you want to deploy the cluster.
snat_entry Boolean No true

Specifies whether to configure SNAT rules for the virtual private cloud (VPC) in which your cluster is deployed.

  • If the VPC can access the Internet, set the value to false.
  • If the VPC cannot access the Internet, the following values are valid:
    • true: configures SNAT rules. This enables the cluster to access the Internet from the VPC
    • false: does not configure SNAT rules. In this case, the cluster cannot access the Internet from the VPC

If your applications require access to the Internet, we recommend that you set the value to true.

Default value: false

vswitch_ids Array of String Yes ["vsw-2ze48rkq464rsdts1****"] The IDs of vSwitches. You can specify one to three vSwitches.
worker_system_disk_category String Yes cloud_efficiency

The type of system disk that you want to use for the worker nodes. Valid values:

  • cloud_efficiency: ultra disk
  • cloud_ssd: standard SSD

Default value: cloud_ssd

worker_system_disk_size Long Yes 120

The size of the system disk that you want to use for worker nodes. Unit: GiB.

Valid values: 40 to 500.

The value of this parameter must be equal to or larger than the larger value between 40 and the size of the OS image.

Default value: 120.

addons Array of addon No [{"name": "terway-eniip","config": ""}, {"name": "logtail-ds","config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}, {"name":"nginx-ingress-controller","config":"{\"IngressSlbNetworkType\":\"internet\"}"}]

The components that you want to install in the cluster. Parameter description:

  • name: required. This parameter specifies the name of the component.
  • config: optional. If this parameter is left empty, no configurations are required.
  • disabled: optional. This parameter specifies whether to disable automatic installation.

Network plug-in: required. Supported network plug-ins are Flannel and Terway. Select one of the plug-ins for the cluster.

  • Specify the Flannel plug-in in the following format: [{"name":"flannel","config":""}].
  • Specify the Terway plug-in in the following format: [{"name": "terway-eniip","config": ""}].

Volume plug-in: required. Supported volume plug-ins are CSI and FlexVolume.

  • Specify the CSI plug-in in the following format: [{"name":"csi-plugin","config": ""},{"name": "csi-provisioner","config": ""}].
  • Specify the FlexVolume plug-in in the following format: [{"name": "flexvolume","config": ""}].

Log Service component: optional.

Note If Log Service is disabled, you cannot use the cluster auditing feature.
  • To use an existing Log Service project, specify the component in the following format: [{"name": "logtail-ds","config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}].
  • To create a Log Service project, specify the component in the following format: [{"name": "logtail-ds","config": "{\"IngressDashboardEnabled\":\"true\"}"}].

Ingress controller: optional. By default, the nginx-ingress-controller component is installed in ACK dedicated clusters.

  • To install nginx-ingress-controller and enable Internet access, specify the component in the following format: [{"name":"nginx-ingress-controller","config":"{\"IngressSlbNetworkType\":\"internet\"}"}].
  • If you do not want to install nginx-ingress-controller, specify the component in the following format: [{"name": "nginx-ingress-controller","config": "","disabled": true}].

Event center: optional. By default, the event center feature is enabled. You can use Kubernetes event centers to store and query events, and configure alerts. You can use the Logstores that are associated with Kubernetes event centers for free within 90 days. For more information, see Create and use an event center.

To enable the Kubernetes event center, specify the component in the following format: [{"name":"ack-node-problem-detector","config":"{\"sls_project_name\":\"

your_sls_project_name\"}"}].

cluster_spec String No ack.pro.small
The type of the ACK managed cluster. Valid values:
  • ack.pro.small: ACK Pro cluster
  • ack.standard: ACK standard cluster

Default value: ack.standard. If you leave this parameter empty, an ACK standard cluster is created.

For more information, see Introduction to professional managed Kubernetes clusters.

encryption_provider_key String No 0fe64791-55eb-4fc7-84c5-c6c7cdca****

The ID of a key that is managed by Key Management Service (KMS). The key is used to encrypt Secrets in ACK cluster. For more information, see What is Key Management Service?.

Note This feature supports only ACK Pro clusters.
container_cidr String Yes 172.20.0.0/16

The CIDR block of pods. This CIDR block cannot overlap with the CIDR block of the VPC in which you want to deploy the cluster. If the VPC is automatically created by the system, the default CIDR block of pods is 172.16.0.0/16.

Note This parameter is required if the cluster uses Flannel as the network plug-in.
cloud_monitor_flags Boolean No true

Specifies whether to install the CloudMonitor agent. Valid values:

  • true: installs the CloudMonitor agent
  • false: does not install the CloudMonitor agent

Default value: false

disable_rollback Boolean No true

Specifies whether to perform a rollback when the cluster fails to be created. Valid values:

  • true: performs a rollback when the cluster fails to be created
  • false: does not perform a rollback when the cluster fails to be created

Default value: false

endpoint_public_access Boolean No true Specifies whether to enable Internet access for the cluster. You can use an elastic IP address (EIP) to expose the API server. This way, you can access the cluster over the Internet. Valid values:
  • true: enables Internet access.
  • false: disables Internet access. If you set this parameter to false, the API server cannot be accessed over the Internet.

Default value: true

proxy_mode String No ipvs

The kube-proxy mode. Valid values: iptables and ipvs. Default value: ipvs.

security_group_id String No sg-bp1bdue0qc1g7k1e**

The ID of the existing security group that is specified for the cluster. You must set this parameter or the is_enterprise_security_group parameter. Nodes in the cluster are automatically added to the specified security group.

is_enterprise_security_group Boolean No true

Specifies whether to create an advanced security group. This parameter takes effect only if security_group_id is left empty.

Note You must specify an advanced security group for a cluster that use Terway as the network plug-in.
  • true: creates an advanced security group
  • false: does not create an advanced security group

Default value: false

service_cidr String Yes 172.21.0.0/20

The CIDR block of Services. This CIDR block cannot overlap with the CIDR block of pods or the CIDR block of the VPC in which the cluster is deployed. If the VPC is automatically created by the system, the default CIDR block of Services is 172.19.0.0/20.

tags Array of tag No [{"key": "env", "value": "prod"}]
The labels that you want to add to the cluster. A label contains the following information:
  • key: the key of the label
  • value: the value of the label
timezone String No Asia/Shanghai

The time zone of the cluster. For more information, see Time zones.

taints Array of taint No [{"key": "env", "value": "private", "effect": "NoSchedule"}]

The taints that you want to add to nodes. Taints are added to nodes to prevent pods from being scheduled to inappropriate nodes. However, toleration rules allow pods to be scheduled to nodes with matching taints. For more information, see taint-and-toleration.

cluster_domain String No cluster.local

The domain name of the cluster.

The domain name can contain one or more parts that are separated by periods (.). Each part cannot exceed 63 characters in length, and can contain lowercase letters, digits, and hyphens (-). Each part must start and end with a lowercase letter or digit.

custom_san String No cs.aliyun.com

Specifies custom subject alternative names (SANs) for the API server certificate to accept requests from specified IP addresses or domain names. Multiple IP addresses and domain names are separated by commas (,).

service_account_issuer String No kubernetes.default.svc

A service account is used to provide an identity for pods when they communicate with the API server. service-account-issuer is the issuer of the service account token, which corresponds to the iss field in the token payload.

For more information about service accounts, see Enable service account token volume projection.

api_audiences String No kubernetes.default.svc

A service account is used to provide an identity for pods when they communicate with the API server. api-audiences are valid identifiers of tokens. Audiences are used to validate tokens at the API server side. Separate multiple audiences with commas (,).

For more information about service accounts, see Enable service account token volume projection.

node_name_mode String No aliyun.com00055test

Specifies a custom node name.

A custom node name consists of a prefix, an IP substring, and a suffix.

  • The prefix and suffix can contain multiple parts that are separated by periods (.). Each part can contain lowercase letters, digits, and hyphens (-). Each part must start and end with a lowercase letter or digit.
  • The IP substring length specifies the number of digits to be truncated from the end of the node IP address. The IP substring length ranges from 5 to 12.

For example, if the node IP address is 192.168.0.55, the prefix is aliyun.com, the length of the IP address substring is 5, and the suffix is test, the custom node name will be aliyun.com00055test.

rds_instances Array of String No rm-2zev748xi27xc****

The names of the ApsaraDB RDS instances.

image_id String No m-bp16z7xko3vvv8gt****

Specifies a custom image for nodes. By default, the image provided by ACK is used. You can select a custom image to replace the default image. For more information, see Use a custom image to create an ACK cluster.

pod_vswitch_ids Array of String Yes vsw-2ze97jwri7cei0mpw****

Specifies the pod vSwitches. You must set this parameter if the cluster has Terway installed because each pod in the cluster uses a separate IP address.

instances Array of String No i-2ze4zxnm36vq00xn****

The names of the existing Elastic Compute Service (ECS) instances that you want to use to deploy worker nodes.

format_disk Boolean No false

Specifies whether to mount a data disk to a node that is created based on an existing ECS instance. Valid values:

  • true: stores the data of containers and images on a data disk. The original data on the disk will be overwritten. Back up data before you mount the disk.
  • false: does not store the data of containers and images on a data disk.

Default value: false.

How to mount a data disk:

  • If an ECS instance has data disks mounted and the file system of the last data disk is not initialized, the system automatically formats the data disk to ext4. Then, the system mounts the data disk to /var/lib/docker and /var/lib/kubelet.
  • If no data disk is attached to the ECS instances, the system does not purchase a new data disk.
keep_instance_name Boolean No true

Specifies whether to retain the names of existing ECS instances that are used in the cluster.

  • true: retains the names
  • false: does not retain the names. The new names are assigned by the system

Default value: true

timeout_mins Long No 60

Specifies the timeout period of cluster creation. Unit: minutes.

Default value: 60

vpcid String Yes vpc-2zeik9h3ahvv2zz95****

The ID of the VPC in which you want to deploy the cluster.

worker_auto_renew Boolean No true

Specifies whether to enable auto-renewal for worker nodes. This parameter takes effect only if worker_instance_charge_type is set to PrePaid. Valid values:

  • true: enables auto-renewal
  • false: disables auto-renewal

Default value: true

worker_auto_renew_period Long No 1

The auto-renewal period for worker nodes after the subscriptions of worker nodes expire. This parameter takes effect and is required only if the subscription billing method is selected for worker nodes.

Valid values: 1, 2, 3, 6, and 12

worker_data_disks Array No [{"category": "cloud_ssd", "size": "40", "auto_snapshot_policy_id": "sp-bp14j6w7ss6ozzbp**"}] The configurations of the data disks that are mounted to worker nodes. The configurations include the disk type and disk size.
category category Yes cloud_essd

The type of data disk.

size String Yes 120

The size of the data disk. Valid values: 40 to 32767.

worker_data_disk_category String No The type of the data disk. Valid values:
  • cloud_efficiency: ultra disk
  • cloud_ssd: standard SSD
  • cloud: basic disk
Default value: cloud_efficiency
Note This parameter is obsolete and replaced by the category field in the worker_data_disks parameter.
worker_data_disk_size Long No The size of the data disk. Unit: GiB.
Note This parameter is obsolete and replaced by the size field in the worker_data_disks parameter.
worker_instance_charge_type String No PrePaid

The billing method of worker nodes. Valid values:

  • PrePaid: subscription
  • PostPaid: pay-as-you-go

Default value: PostPaid

worker_period Long No 1

The subscription duration of worker nodes. This parameter takes effect and is required only if worker_instance_charge_type is set to PrePaid.

Valid values: 1, 2, 3, 6, 12, 24, 36, 48, and 60

Default value: 1

worker_period_unit String No Month

The billing cycle of worker nodes. This parameter is required if worker_instance_charge_type is set to PrePaid.

Set the value to Month. Worker nodes are billed only on a monthly basis.

worker_instance_types Array of String Yes ["ecs.n4.xlarge"]

The ECS instance types of worker nodes. You must specify at least one instance type. For more information, see Instance family.

Note The instance types are listed in descending order of priority. If worker nodes fail to be created based on the instance type of the highest priority, the system attempts to create worker nodes by using the instance type of the next highest priority.
cpu_policy String No none

The CPU management policy. The following policies are supported if the Kubernetes version of the cluster is 1.12.6 or later.

  • static: This policy allows pods with specific resource characteristics on the node to be granted with enhanced CPU affinity and exclusivity.
  • none: This policy indicates that the default CPU affinity is used.

Default value: none

runtime runtime No {"name": "docker", "version": "19.03.5"} The container runtime of the cluster. The following runtimes are supported: containerd, Docker, and Sandboxed-Container. The default runtime is Docker. You must specify the name and version of the container runtime:
  • name: the name of the container runtime
  • version: the version of the container runtime

For more information about how to select a proper container runtime, see Comparison of Docker, containerd, and Sandboxed-Container.

platform String No CentOS

The OS distribution that you want to use. Valid values:

  • CentOS
  • AliyunLinux
  • QbootAliyunLinux
  • Qboot
  • Windows
  • WindowsCore

Default value: CentOS

user_data String No IyEvdXNyL2Jpbi9iYXNoCmVjaG8gIkhlbGxvIEFD****

The user-defined data. For more information, see Overview of ECS instance user data.

os_type String No Linux

The type of the node OS. Valid values:

  • Windows
  • Linux

Default value: Linux

soc_enabled Boolean No false

Valid values:

  • true: enables reinforcement based on classified protection
  • false: disables reinforcement based on classified protection

Default value: false

cis_enabled Boolean No false

Specifies whether to enable Center for Internet Security (CIS) reinforcement. For more information, see CIS reinforcement.

Valid values:

  • true: enables CIS reinforcement
  • true: enables CIS reinforcement

Default value: false

node_cidr_mask String No 25

The maximum number of IP addresses that can be assigned to each node. This number is determined by the specified pod CIDR block. This parameter takes effect only if the cluster uses Flannel as the network plug-in.

Default value: 25

kubernetes_version String No 1.16.9-aliyun.1

The Kubernetes version of the cluster. The Kubernetes versions supported by ACK are the same as the Kubernetes versions supported by open source Kubernetes. We recommend that you specify the latest Kubernetes version. If you do not set this parameter, the latest Kubernetes version is used. You can create clusters of the latest two Kubernetes versions in the ACK console. You can create clusters of earlier Kubernetes versions by calling API operations. For more information about the Kubernetes versions that are supported by ACK, see Overview of Kubernetes versions supported by ACK.

controlplane_log_ttl String No 30

The interval at which the logs of control plane components are collected.

controlplane_log_project String No k8s-log-xxx

The Log Service project that is used to store the logs of control plane components. You can use an existing project or create one. If you choose to create a Log Service project, the created project is named in the k8s-log-{ClusterID} format.

controlplane_log_components Array of String No ["apiserver","kcm","scheduler"]

The list of control plane components for which you want to enable log collection.

By default, the logs of kube-apiserver, kube-controller-manager, and kube-scheduler are collected.

deletion_protection Boolean No true

Specifies whether to enable deletion protection for the cluster. After deletion protection is enabled, the cluster cannot be deleted in the ACK console or by calling API operations. Valid values:

  • true: enables deletion protection for the cluster
  • false: disables deletion protection for the cluster

Default value: false

disable_rollback Boolean No true

Specifies whether to perform a rollback when the cluster fails to be created. Valid values:

  • true: performs a rollback when the cluster fails to be created
  • false: does not perform a rollback when the cluster fails to be created

Default value: true

timeout_mins Long No 60

Specifies the timeout period of cluster creation. Unit: minutes.

Default value: 60

image_type String No CentOS

The type of OS distribution that you want to use. To specify the node OS, we recommend that you use this parameter. Valid values:

  • CentOS
  • AliyunLinux
  • AliyunLinux Qboot
  • AliyunLinuxUEFI
  • AliyunLinux3
  • Windows
  • WindowsCore
  • AliyunLinux3Arm64
  • ContainerOS

Default value: CentOS

load_balancer_spec String No slb.s2.small

The specification of the Server Load Balancer (SLB) instance. Valid values:

  • slb.s1.small
  • slb.s2.small
  • slb.s2.medium
  • slb.s3.small
  • slb.s3.medium
  • slb.s3.large

Default value: slb.s2.small

enable_rrsa Boolean No true

Specifies whether to enable the RAM Roles for Service Accounts (RRSA) feature.

resource_group_id String No rg-acfm3mkrure**** The ID of the resource group to which the cluster belongs. You can use this parameter to isolate different clusters.

Response syntax

HTTP/1.1 200
Content-Type:application/json
{
  "cluster_id" : "String",
  "request_id" : "String",
  "task_id" : "String"
}

Response parameters

Table 2. Response body parameters
Parameter Type Example Description
cluster_id String cb95aa626a47740afbf6aa099b650****

The ID of the cluster.

request_id String 687C5BAA-D103-4993-884B-C35E4314A1E1

The ID of the request.

task_id String T-5a54309c80282e39ea00002f

The ID of the task.

Examples

Sample requests

POST /clusters 
<Common request headers>
{
    "name":"managed Kubernetes cluster",                      // The name of the cluster. #required
    "cluster_type":"ManagedKubernetes",     // The type of cluster. #required
    "disable_rollback":true,                // Specifies whether to perform a rollback when the cluster fails to be created. 
    "timeout_mins":60,                      // The timeout period of cluster creation. 
    "kubernetes_version":"1.18.8-aliyun.1", // The Kubernetes version of the cluster. Only the latest two versions are available. 
    "region_id":"cn-zhangjiakou",  // The ID of the region in which you want to deploy the cluster. #required 
    "snat_entry":true,             // Specifies whether to configure SNAT rules for the VPC in which you want to deploy the cluster to enable Internet access for the cluster. 
    "cloud_monitor_flags":true,    // Specifies whether to install the CloudMonitor agent on ECS instances. 
    "endpoint_public_access":true, // Specifies whether to enable Internet access for the cluster.  
    "controlplane_log_ttl" : "30s",
    "controlplane_log_project" : "k8s-log-xxx",
    "controlplane_log_components" : ["apiserver","kcm","scheduler"],
    "deletion_protection":true,    // Specifies whether to enable deletion protection for the cluster. 
    "node_cidr_mask":"26",         // The maximum number of IP addresses that can be assigned to each node. This number is determined by the subnet mask of the specified CIDR block. 
    "proxy_mode":"ipvs",           // The kube-proxy mode. Valid values: iptables and ipvs. 
    "tags":[                       // The labels that you want to add to the cluster. The labels are applied to the ACK cluster, ECS instances, and nodes in the cluster. 
        {
            "key":"tag-k",
            "value":"tag-v"
        }
    ],
    "timezone":"Asia/Shanghai",   // The time zone of the cluster.
    "addons":[                    // The configurations of the components that you want to install in the cluster.
        {
            "name":"flannel"      // To install the Terway plug-in, replace the value with {"name":"terway-eni"}. 
        },
        {
            "name":"csi-plugin"
        },
        {
            "name":"csi-provisioner"
        },
        {
            "name":"logtail-ds",
            "config":"{\"IngressDashboardEnabled\":\"true\"}"
        },
        {
            "name":"ack-node-problem-detector",
            "config":"{\"sls_project_name\":\"\"}"
        },
        {
            "name":"nginx-ingress-controller",                      // The name of the component.
            "config":"{\"IngressSlbNetworkType\":\"internet\"}",    // The configuration of the component.
            "disabled": true                                        // Specifies whether to disable automatic installation. 
        },
        {
            "name":"arms-prometheus"
        }
    ],
    "cluster_spec":"ack.pro.small",       // The type of ACK managed cluster. A value of ack.pro.small indicates ACK Pro cluster. A value of ack.standard indicates ACK standard cluster. 
    "encryption_provider_key":"8734596c-c0d6-4a63-a76e-fe72c7b0****", // The ID of the key that is managed by KMS. The key is used to encrypt Secrets in your cluster. 
    "os_type":"Linux",        // The type of OS. Valid values: Linux and Windows. 
    "platform":"AliyunLinux", // The OS platform. Valid values: CentOS, AliyunLinux, Windows, and WindowsCore. 
    "user_data":"IyEvdXNyL2Jpbi9iYXNoCmVjaG8gIkhlbGxvIEFDSyEi", // The user-defined data. 
    "runtime":{             // The configuration of the container runtime.
        "name":"docker",    // The name of the container runtime.
        "version":"19.03.5" // The version of the container runtime.
    },
    "worker_instance_types":[  // The ECS instance types of worker nodes. #required
        "ecs.t6-c1m4.large"
    ],
    "num_of_nodes":3,                              // The number of worker nodes. #required
    "worker_system_disk_category":"cloud_essd",    // The type of system disk that you want to use for worker nodes. #required
    "worker_system_disk_size":120,                 // The size of the system disk that you want to specify for worker nodes. #required
    "worker_data_disks":[                          // The configurations of data disks that are mounted to worker nodes.
        {
            "category":"cloud_efficiency",        // The type of data disk. 
            "size":"40",                          // The size of the data disk. Valid values: 40 to 32768. 
            "encrypted":"true",                   // Specifies whether to enable disk encryption. 
            "auto_snapshot_policy_id":"sp-8vbajx6y2hk21hco****", // The ID of the policy that is used to back up the data disk. 
        }
    ],
    "worker_instance_charge_type":"PrePaid",      // The billing method of worker nodes. Valid values: PostPaid and PrePaid. 
    "worker_period_unit":"Month",                 // The billing cycle of worker nodes. Set the value to Month. 
    "worker_period":1,                            // The subscription duration of worker nodes. Default value: 1. 
    "worker_auto_renew":true,                     // Specifies whether to enable auto-renewal for worker nodes. 
    "worker_auto_renew_period":1,                 // The auto-renewal period for worker nodes after the subscriptions of worker nodes expire. 
    "vpcid":"vpc-8vbh3b9a2f38urhls****",          // The ID of the VPC in which you want to deploy the cluster.  #required
    "container_cidr":"172.20.0.0/16",             // The CIDR block of pods. #required. This parameter is optional the cluster uses Terway as the network plug-in. 
    "service_cidr":"172.21.0.0/20",               // The CIDR block of Services.  #required
    "vswitch_ids":[                               // The IDs of vSwitches that you want to use for the cluster.  #required
        "vsw-8vbmoffowsztjaawj****"
    ],
    "login_password":"Hello1234",                 // The password that you want to use to log on to nodes in the cluster as the root user. You must set the login_password or key_pair parameter.  #required
    "key_pair": "sin-name",                       // The key pair that you want to log on to nodes in the cluster as the root user. You must set the login_password or key_pair parameter.  #required
    "cpu_policy":"none",                 // The CPU management policy that you want to for nodes in the cluster. Valid values: static and none. 
    "taints":[                           // The taints that you want to add to nodes. 
        {
            "key":"1",                   // The key of the taint. 
            "value":"1",                 // The value of the taint. 
            "effect":"NoSchedule"        // The effect of the taint. 
        }
    ],
    "cluster_domain":"cluster.local",    // The domain name of the cluster. Default value: cluster.local. 
    "custom_san":"cs.aliyuncs.com",      // The custom SANs for the API server certificate. 
    "service_account_issuer":"kubernetes.default.svc", // Service account token volume projection. service_account_issuer is the issuer of the service account token, which corresponds to the iss field in the token payload. 
    "api_audiences":"kubernetes.default.svc",          // Service account token volume projection. api-audiences are valid identifiers of tokens. Audiences are used to validate tokens at the API server side. 
    "node_name_mode":"customized,aliyun.com,5,k8s",    // Specifies whether to use custom node names. 
    "security_group_id":"sg-8vb7grbyvlb10j0i****",     // The existing security group that you want to use for the cluster. You must set the security_group_id or is_enterprise_security_group parameter. 
    "is_enterprise_security_group":true,               // Specifies whether to create an advanced security group. You must set the security_group_id or is_enterprise_security_group parameter. 
    "rds_instances": ["rm-xx","rm-xx"],                // The ApsaraDB RDS whitelist. 
    "image_id":"CentOS-xxx",                           // The custom OS image for nodes. 
    "pod_vswitch_ids":[                                // The pod vSwitches. You must specify pod vSwitches if the cluster uses Terway as the network plug-in because each pod uses a separate IP address.                      
        "vsw-8vbo5fwyqiw0bbtlq****"
    ],
    "instances": [                // The list of the existing ECS instances on which you want to deploy worker nodes. 
        "i-dewgagxdfa****",
        "i-3kjaf9q43l****"
    ],
    "format_disk": false,        // Specifies whether to mount data disks to worker nodes. A data disk is formatted after it is mounted to worker nodes. Back up data before you mount a disk. 
    "keep_instance_name": true   // Specifies whether to retain the names of ECS instances. Default value: true. 
}

Sample responses

XML format
<cluster_id>cb95aa626a47740afbf6aa099b65****</cluster_id>
<task_id>687C5BAA-D103-4993-884B-C35E4314A1E1</task_id>
<request_id>T-5a54309c80282e39ea00002f</request_id>

JSON format

{
    "cluster_id": "cb95aa626a47740afbf6aa099b65****",
    "request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1",
    "task_id": "T-5a54309c80282e39ea00002f"
}

Error codes

For a list of error codes, visit the API Error Center.