You can call the CreateCluster operation to create a Container Service for Kubernetes (ACK) dedicated cluster. For more information about how to create worker nodes, see Create a node pool.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request syntax

POST /clusters HTTP/1.1 
Content-Type:application/json
{
  "name" : "String",
  "region_id" : "String",
  "cluster_type" : "String",
  "kubernetes_version" : "String",
  "runtime" : {
    "name" : "String",
    "version" : "String",
   },
  "resource_group_id" : "String",
  "vpcid" : "String",
  "pod_vswitch_ids" : [ "String" ],
  "container_cidr" : "String",
  "service_cidr" : "String",
  "node_cidr_mask" : "String",
  "security_group_id" : "String",
  "is_enterprise_security_group" : Boolean,
  "snat_entry" : Boolean,
  "endpoint_public_access" : Boolean,
  "load_balancer_spec" : "String",
  "ssh_flags" : Boolean,
  "timezone" : "String",
  "proxy_mode" : "String",
  "enable_rrsa" : Boolean,
  "tags" : [ {
    "key" : "String",
    "value" : "String"
  } ],
  "cluster_domain" : "String",
  "custom_san" : "String",
  "service_account_issuer" : "String",
  "api_audiences" : "String",
  "disable_rollback" : Boolean,
  "timeout_mins" : Long,
  "deletion_protection" : Boolean,  
  "node_name_mode" : "String",
  "keep_instance_name" : Boolean,
  "rds_instances" : [ "String" ],
  "master_count" : Long,
  "image_type" : "String",
  "image_id" : "String",
  "os_type" : "String",
  "master_vswitch_ids" : [ "String" ],
  "master_instance_types" : [ "String" ],
  "master_system_disk_category" : "String",
  "master_system_disk_size" : Long,
  "master_system_disk_performance_level" : "String",
  "master_system_disk_snapshot_policy_id" : "String", 
  "master_instance_charge_type" : "String",
  "master_period_unit" : "String",
  "master_period" : Long,
  "master_auto_renew" : Boolean,
  "master_auto_renew_period" : Long,
  "key_pair" : "String",
  "login_password" : "String",
  "addons" : [ {
    "name" : "String",
    "config" : "String",
    "disabled" : Boolean
  } ],
  "cloud_monitor_flags" : Boolean
}

Request parameters

Request body parameters for basic configurations

Table 1. Request body parameters
Category Parameter Type Required Example Description
Basic configurations name String Yes cluster-demo

The name of the cluster.

The name must be 1 to 63 characters in length, and can contain digits, letters, hyphens (-), and underscores (_). It cannot start with an underscore (_).

region_id String Yes cn-beijing

The ID of the region in which you want to deploy the cluster.

cluster_type String Yes Kubernetes

The type of cluster. Valid values:

  • Kubernetes: ACK dedicated cluster
  • ManagedKubernetes: ACK standard cluster or ACK edge cluster
  • Ask: serverless Kubernetes (ASK) cluster
  • ExternalKubernetes: external cluster that is registered to ACK
kubernetes_version String No 1.16.9-aliyun.1

The Kubernetes version of the cluster. The Kubernetes versions supported by ACK are the same as the Kubernetes versions supported by open source Kubernetes. We recommend that you specify the latest Kubernetes version. If you do not set this parameter, the latest Kubernetes version is used.

You can create clusters of the latest two Kubernetes versions in the ACK console. If you want to create clusters of earlier Kubernetes versions, use the API. For more information about the Kubernetes versions supported by ACK, see Overview of Kubernetes versions supported by ACK.

runtime runtime No {"name": "docker", "version": "19.03.5"} The container runtime of the cluster. The following runtimes are supported: containerd, Docker, and Sandboxed-Container. The default runtime is Docker. You must specify the name and version of the container runtime:
  • name: the name of the container runtime.
  • version: the version of the container runtime.

For more information about how to select a proper container runtime, see Comparison of Docker, containerd, and Sandboxed-Container.

resource_group_id String No rg-acfm3mkrure****

The ID of the resource group to which the cluster belongs. You can use resource groups to isolate clusters.

Network parameters vpcid String Yes vpc-2zeik9h3ahvv2zz95****

The virtual private cloud (VPC) in which you want to deploy the cluster. You must specify a VPC when you create the cluster.

pod_vswitch_ids Array of String No ["vsw-2ze97jwri7cei0mpw****"]

The list of pod vSwitches. For each vSwitch that is allocated to nodes, you must specify at least one pod vSwitch in the same zone. The pod vSwitches cannot be the same as the node vSwitches. We recommend that you set the subnet mask length of the CIDR block to a value no greater than 19 for the pod vSwitches.

Notice The pod_vswitch_ids parameter is required if the cluster uses Terway as the network plug-in.
container_cidr String Yes 172.20.0.0/16

The CIDR block of pods. This CIDR block cannot overlap with the CIDR block of the VPC in which you want to deploy the cluster. If the VPC is automatically created by the system, the default CIDR block of pods is 172.16.0.0/16.

Notice
  • This parameter is required if the cluster uses Flannel as the network plug-in.
  • This parameter is optional if the cluster uses Terway as the network plug-in.
service_cidr String Yes 172.21.0.0/20

The CIDR block of Services. Valid values: 10.0.0.0/16-24, 172.16-31.0.0/16-24, and 192.168.0.0/16-24.

The CIDR block of Services cannot overlap with the CIDR block of the VPC (10.1.0.0/21) or the CIDR blocks of existing clusters in the VPC. You cannot modify the CIDR block of Services after the cluster is created.

By default, the CIDR block of Services is set to 172.19.0.0/20.

node_cidr_mask String No 25

The maximum number of IP addresses that can be assigned to nodes. This number is determined by the node CIDR block. This parameter takes effect only if the cluster uses Flannel as the network plug-in.

Default value: 26.

security_group_id String No sg-bp1bdue0qc1g7k****

The ID of the existing security group that is specified for the cluster. You must set this parameter or the is_enterprise_security_group parameter. Nodes in the cluster are automatically added to the specified security group.

is_enterprise_security_group Boolean No true

Specifies whether to create an advanced security group. This parameter takes effect only if you leave the security_group_id parameter empty.

Note To use a basic security group, make sure that the sum of the number of nodes in the cluster and the number of pods that use Terway does not exceed 2,000. Therefore, we recommend that you specify an advanced security group for a cluster that uses Terway as the network plug-in.
  • true: creates an advanced security group.
  • false: does not create an advanced security group.

Default value: true.

snat_entry Boolean No true

Specifies whether to configure SNAT rules for the VPC where your cluster is deployed. Valid values:

  • true: automatically creates a NAT gateway and configures SNAT rules. Set this parameter to true if nodes and applications in the cluster need to access the Internet.
  • false: does not create a NAT gateway or configure SNAT rules. In this case, nodes and applications in the cluster cannot access the Internet.
Note If this feature is disabled when you create the cluster, you can manually enable this feature after you create the cluster. For more information, see Enable an existing ACK cluster to access the Internet by using SNAT.

Default value: true

endpoint_public_access Boolean No true

Specifies whether to enable Internet access for the cluster. You can use an elastic IP address (EIP) to expose the API server. This way, you can access the cluster over the Internet. Valid values:

  • true: enables Internet access.
  • false: disables Internet access. If you set this parameter to false, the API server cannot be accessed over the Internet.

Default value: true.

load_balancer_spec String No slb.s2.small

The specification of the Server Load Balancer (SLB) instance. Valid values:

  • slb.s1.small
  • slb.s2.small
  • slb.s2.medium
  • slb.s3.small
  • slb.s3.medium
  • slb.s3.large

Default value: slb.s2.small

Advanced settings ssh_flags Boolean No true

Specifies whether to enable SSH logon over the Internet. If this parameter is set to true, you can log on to master nodes in an ACK dedicated cluster over the Internet. This parameter does not take effect in ACK managed clusters. Valid values:

  • true: enables SSH logon over the Internet.
  • false: disables SSH logon over the Internet.

Default value: false.

timezone String No Asia/Shanghai

The time zone of the cluster. For more information, see Time zones.

proxy_mode String No ipvs

The kube-proxy mode. Valid values:

  • iptables is a kube-proxy mode. It uses iptables rules to conduct Service discovery and load balancing. The performance of this mode is limited by the size of the cluster. This mode is suitable for clusters that run a small number of Services.
  • IPVS is a high-performance kube-proxy mode. It uses Linux IP Virtual Server (IPVS) to conduct Service discovery and load balancing. This mode is suitable for clusters that run a large number of Services. We recommend that you use this mode in scenarios where high-performance load balancing is required.

Default value: ipvs.

enable_rrsa Boolean No true Specifies whether to enable the RAM Roles for Service Accounts (RRSA) feature.
tags Array of tag No
  • Each label is a case-sensitive key-value pair. You can add up to 20 labels.
  • When you add a label, you must specify a unique key but you can leave the value empty. A key cannot exceed 64 characters in length and a value cannot exceed 128 characters in length. Keys and values cannot start with aliyun, acs:, https://, or http://. For more information, see Labels and selectors.
cluster_domain String No cluster.local

The domain name of the cluster.

The domain name can contain one or more parts that are separated by periods (.). Each part cannot exceed 63 characters in length, and can contain lowercase letters, digits, and hyphens (-). Each part must start and end with a lowercase letter or digit.

custom_san String No cs.aliyun.com

Specifies custom subject alternative names (SANs) for the API server certificate to accept requests from specified IP addresses or domain names. Multiple IP addresses and domain names are separated by commas (,).

service_account_issuer String No kubernetes.default.svc

A service account is used to provide an identity for pods when they communicate with the API server. service-account-issuer is the issuer of the service account token, which corresponds to the iss field in the token payload.

For more information about service accounts, see Enable service account token volume projection.

api_audiences String No kubernetes.default.svc

A service account is used to provide an identity for pods when they communicate with the API server. api-audiences are valid identifiers of tokens. Audiences are used to validate tokens at the API server side. Separate multiple audiences with commas (,).

For more information about service accounts, see Enable service account token volume projection.

disable_rollback Boolean No true

Specifies whether to perform a rollback if the cluster fails to be created. Valid values:

  • true: performs a rollback if the system fails to create the cluster.
  • false: does not perform a rollback if the system fails to create the cluster

Default value: true.

timeout_mins Long No 60

Specifies the timeout period of cluster creation. Unit: minutes.

Default value: 60

deletion_protection Boolean No true

Specifies whether to enable deletion protection for the cluster. If deletion protection is enabled, the cluster cannot be deleted in the ACK console or by calling API operations. Valid values:

  • true: enables deletion protection for the cluster. This way, the cluster cannot be deleted in the ACK console or by calling API operations.
  • false: disables deletion protection for the cluster. This way, the cluster can be deleted in the ACK console or by calling API operations.

Default value: false.

node_name_mode String No aliyun.com00055test

Specifies a custom node name.

A custom node name consists of a prefix, a node IP address, and a suffix.

  • The custom node name must be 2 to 64 characters in length.
  • The prefix and suffix can contain letters, digits, hyphens (-), and periods (.). The custom node name must start with a letter and cannot end with a hyphen (-) or period (.). The custom node name cannot contain consecutive hyphens (-) or periods (.).
  • The prefix is required due to Elastic Compute Service (ECS) limits and the suffix is optional.

For example, if the node IP address is 192.168.0.55, the prefix is aliyun.com, and the suffix is test, the custom node name is aliyun.com192.168.0.55test.

keep_instance_name Boolean No true

Specifies whether to retain the names of existing ECS instances that are used in the cluster. Valid values:

  • true: retains the names.
  • false: does not retain the names. The new names are assigned by the system.

Default value: true.

rds_instances Array of String No ["rm-2zev748xi27xc****"]

The names of the ApsaraDB RDS instances.

Master node configurations master_count Long No 3

The number of master nodes that you want to create. Valid values: 3 and 5.

Default value: 3.

image_type String No CentOS

The type of OS distribution that you want to use. Valid values:

  • CentOS
  • AliyunLinux
  • AliyunLinux Qboot
  • AliyunLinuxUEFI
  • AliyunLinux3
  • Windows
  • WindowsCore
  • AliyunLinux3Arm64
  • ContainerOS

Default value: CentOS

image_id String No m-bp16z7xko3vvv8gt****

Specifies a custom image for nodes. By default, the image provided by ACK is used. You can select a custom image to replace the default image. For more information, see Use a custom image to create an ACK cluster.

os_type String No Linux

The type of node OS. Valid values:

  • Windows
  • Linux

Default value: Linux

master_vswitch_ids Array of String No ["vsw-2ze3ds0mdip0hdz8i****"]

The IDs of vSwitches.

master_instance_types Array of String No ["ecs.n4.xlarge"]

The ECS instance types of master nodes. For more information about ECS instance types, see Instance family.

master_system_disk_category Long Yes cloud_ssd

The type of system disk that you want to use for the master nodes. Valid values:

  • cloud_efficiency: ultra disk.
  • cloud_ssd: standard SSD
  • cloud_essd: enhanced SSD

Default value: cloud_ssd. The default value may vary in different zones.

master_system_disk_size Long Yes 120

The size of the system disk that you want to use for master nodes. Valid values: 40 to 500. Unit: GiB.

Default value: 120.

master_system_disk_performance_level String No PL1

The performance level (PL) of the system disk that you want to use for master nodes. This parameter takes effect only for enhanced SSDs. You can specify a higher PL if you increase the size of the system disk. For more information, see ESSDs.

master_system_disk_snapshot_policy_id String No sp-2zej1nogjvovnz4z****

The ID of the automatic snapshot policy that you want to use for the system disks of master nodes.

master_instance_charge_type String No PrePaid

The billing method of master nodes. Valid values:

  • PrePaid: subscription
  • PostPaid: pay-as-you-go

Default value: PostPaid

master_period_unit String No Month

The billing cycle of master nodes. This parameter is required if master_instance_charge_type is set to PrePaid.

Set the value to Month. Master nodes are billed only on a monthly basis.

master_period Long No 1

The subscription duration of master nodes. This parameter takes effect and is required only if master_instance_charge_type is set to PrePaid.

Valid values: 1, 2, 3, 6, 12, 24, 36, 48, and 60.

Default value: 1.

master_auto_renew Boolean No true

Specifies whether to enable auto-renewal. This parameter takes effect only if master_instance_charge_type is set to PrePaid. Valid values:

  • true: enables auto-renewal
  • false: disables auto-renewal

Default value: true.

master_auto_renew_period Long No 1

The auto-renewal period for master nodes after the subscriptions of master nodes expire. Unit: months. This parameter takes effect and is required only if the subscription billing method is selected for master nodes.

Valid values: 1, 2, 3, 6, and 12.

Default value: 1.

key_pair String Yes secrity-key

The name of the key pair that is used to log on to master nodes. You must set key_pair or login_password.

login_password String Yes Hello@1234

The password that is used to log on to master nodes over SSH. You must set this parameter or the key_pair parameter. The password must be 8 to 30 characters in length, and must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.

Component configurations addons Array of addon No

The components that you want to install in the cluster. When you create a cluster, you can set the addons parameter to install specific components.

Network plug-in: required. The Flannel and Terway plug-ins are supported. Select one of the plug-ins for the cluster.

  • Specify the Flannel plug-in in the following format: [{"name":"flannel","config":""}].
  • Specify the Terway plug-in in the following format: [{"name": "terway-eniip","config": ""}].

Volume plug-in: required. The Container Storage Interface (CSI) and FlexVolume plug-ins are supported.

  • Specify the CSI plug-in in the following format: [{"name":"csi-plugin","config": ""},{"name": "csi-provisioner","config": ""}].
  • Specify the FlexVolume plug-in in the following format: [{"name": "flexvolume","config": ""}].

Log Service component: optional. We recommend that you enable Log Service. If Log Service is disabled, you cannot use the cluster auditing feature.

  • To use an existing Log Service project, specify the component in the following format: [{"name": "logtail-ds","config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}].
  • To create a Log Service project, specify the component in the following format: [{"name": "logtail-ds","config": "{\"IngressDashboardEnabled\":\"true\"}"}].

Ingress controller: optional. By default, the nginx-ingress-controller component is installed in ACK dedicated clusters.

  • To install nginx-ingress-controller and enable Internet access, specify the Ingress controller in the following format: [{"name":"nginx-ingress-controller","config":"{\"IngressSlbNetworkType\":\"internet\"}"}].
  • If you do not want to install nginx-ingress-controller, specify the component in the following format: [{"name": "nginx-ingress-controller","config": "","disabled": true}].

Event center: optional. By default, the event center feature is enabled.

You can use Kubernetes event centers to store and query events, and configure alerting based on events. You can use the Logstores that are associated with Kubernetes event centers for free within 90 days. For more information, see Create and use an event center.

To enable the Kubernetes event center, specify the component in the following format: [{"name":"ack-node-problem-detector","config":"{\"sls_project_name\":\"your_sls_project_name\"}"}].

cloud_monitor_flags Boolean No true

Specifies whether to install the CloudMonitor agent. Valid values:

  • true: installs the CloudMonitor agent.
  • false: does not install the CloudMonitor agent.

Default value: false.

Response syntax

HTTP/1.1 200
Content-Type:application/json
{
  "cluster_id" : "String",
  "request_id" : "String",
  "task_id" : "String"
}

Response parameters

Table 2. Response body parameters
Parameter Type Example Description
cluster_id String cb95aa626a47740afbf6aa099b650****

The ID of the cluster that you want to manage.

request_id String 687C5BAA-D103-4993-884B-C35E4314A1E1

The ID of the request.

task_id String T-5a54309c80282e39ea00002f

The ID of the task.

Examples

Sample requests

POST /clusters
{
    "name":"ACK dedicated cluster",
    "region_id":"cn-zhangjiakou",
    "cluster_type":"Kubernetes",
    "kubernetes_version":"1.18.8-aliyun.1",
    "runtime":{
        "name":"docker",
        "version":"19.03.5"
    },
    "resource_group_id":"rg-acfm3mkrure****",
    "vpcid":"vpc-8vbh3b9a2f38urhls****",
    "pod_vswitch_ids":[                                 
        "vsw-8vbo5fwyqiw0bbtlq0mc9"
    ],
    "container_cidr":"172.20.0.0/16",
    "service_cidr":"172.21.0.0/20",
    "node_cidr_mask":"26",
    "security_group_id":"sg-8vb7grbyvlb10j0i****",
    "is_enterprise_security_group":true,
    "snat_entry":true,
    "endpoint_public_access":true,
    "load_balancer_spec":"slb.s2.small",
    "ssh_flags":true,               // Specifies whether master nodes in the cluster can be accessed by using SSH. 
    "timezone":"Asia/Shanghai",
    "proxy_mode":"ipvs",   
    "enable_rrsa":true, 
    "tags":[
        {
            "key":"tag-k",
            "value":"tag-v"
        }
    ],
    "cluster_domain":"cluster.local",
    "custom_san":"cs.aliyuncs.com",
    "service_account_issuer":"kubernetes.default.svc",
    "api_audiences":"kubernetes.default.svc",
    "disable_rollback":true,
    "timeout_mins":60,
    "deletion_protection":true,
    "node_name_mode":"customized,aliyun,5,test",
    "keep_instance_name": true 
    "rds_instances": ["rm-xx","rm-xx"],      
    "master_count":3,                 // The number of master nodes. Valid values: 3 and 5.
    "image_type":"CentOS", 
    "image_id":"m-bp16z7xko3vvv8gt****", 
    "os_type":"Linux",
    "master_vswitch_ids":[            // The IDs of the vSwitches that you want to use for master nodes. 
        "vsw-8vbmoffowsztjaawjtyzo",
        "vsw-8vbmoffowsztjaawjtyzo",
        "vsw-8vbmoffowsztjaawjtyzo"
    ],
    "master_instance_types":[         // The ECS instance types of master nodes. 
        "ecs.c6.large",
        "ecs.c6.large",
        "ecs.c6.large"
    ],
    "master_system_disk_category":"cloud_essd",   // The type of system disk that you want to use for master nodes. 
    "master_system_disk_size":120,                // The size of the system disk that you want to use for master nodes. Valid values: 40 to 500. 
    "master_system_disk_performance_level":"PL1",
    "master_system_disk_snapshot_policy_id":"sp-2zej1nogjvovnz4z****",
    "master_instance_charge_type":"PrePaid", // The billing method of master nodes. 
    "master_period_unit":"Month",            // The billing cycle of master nodes. 
    "master_period":1,                       // The subscription duration of master nodes. 
    "master_auto_renew":true,                // Specifies whether to enable auto-renewal for master nodes. 
    "master_auto_renew_period":1,            // The auto-renewal period for master nodes after the subscriptions of master nodes expire. 
    "key_pair": "sin-name",
    "login_password":"Hello1234",
    "addons":[
        {
            "name":"flannel"
        },
        {
            "name":"arms-prometheus"
        },
        {
            "name":"csi-plugin"
        },
        {
            "name":"csi-provisioner"
        },
        {
            "name":"logtail-ds",
            "config":"{"IngressDashboardEnabled":"true"}"
        },
        {
            "name":"ack-node-problem-detector",
            "config":"{"sls_project_name":""}"
        },
        {
            "name":"nginx-ingress-controller",
            "config":"{"IngressSlbNetworkType":"internet"}"
        }
    ],
    "cloud_monitor_flags":true
}

Sample success responses

XML format

<cluster_id>cb95aa626a47740afbf6aa099b650****</cluster_id>
<task_id>T-5a54309c80282e39ea00002f</task_id>
<request_id>687C5BAA-D103-4993-884B-C35E4314A1E1</request_id>

JSON format

{
    "cluster_id": "cb95aa626a47740afbf6aa099b650****",
    "task_id": "T-5a54309c80282e39ea00002f",
    "request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1"
}

Error codes

For a list of error codes, visit the API Error Center.