All Products
Search

This Product

    Elastic Container Instance:CreateVirtualNode

    Document Center

    Elastic Container Instance:CreateVirtualNode

    Last Updated:Oct 31, 2025

    Creates a virtual node to connect a self-managed Kubernetes cluster to ECI and scale out resources.

    Operation description

    • When you call this operation to create a virtual node, the system automatically creates a service-linked role named AliyunServiceRoleForECIVnode. This role allows access to related Alibaba Cloud services, such as ECI, ECS, and VPC. For more information, see Service-linked role for virtual nodes.

    • Virtual nodes are billed based on their quantity. Each virtual node includes a resident node that is equivalent to an ECI instance with 2 vCPUs and 8 GiB of memory. You are charged instance fees for this ECI instance.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    eci:CreateVirtualNode

    create

    *VirtualNode

    acs:eci:{#regionId}:{#accountId}:virtualnode/*
    • eci:tag
    		 None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    RegionId

    string

    Yes

    The region ID.

    cn-hangzhou
    RegionId

    string

    Yes

    The ID of the zone.

    cn-hangzhou
    ZoneId

    string

    No

    The ID of the security group. The virtual node and the ECI instances in the virtual node are added to this security group.

    cn-hangzhou-b
    SecurityGroupId

    string

    Yes

    The ID of the vSwitch used by the virtual node and the ECI instances on the virtual node.
    You can specify 1 to 10 vSwitches that belong to the same VPC.

    sg-2ze81zoc3yl7a3we****
    VSwitchId

    string

    Yes

    The name of the virtual node. The name must be 2 to 128 characters long and can contain lowercase letters, digits, periods (.), and hyphens (-).

    vsw-2ze23nqzig8inprou****
    VirtualNodeName

    string

    No

    The ID of the resource group.

    testNode
    ResourceGroupId

    string

    No

    Ensures the idempotence of the request. The client generates a value for this parameter. You must make sure that the value is unique for each request. The value can contain only ASCII characters and must be no more than 64 characters long. For more information, see How to ensure idempotence.

    rg-uf66jeqopgqa9hdn****
    ClientToken

    string

    No

    Specifies whether to enable internet access. The default is false.
    If set to true, the virtual node is assigned a public IP address.

    123e4567-e89b-12d3-a456-426655440000
    EnablePublicNetwork

    boolean

    No

    The ID of the Elastic IP Address.

    false
    EipInstanceId

    string

    No

    The KubeConfig of the Kubernetes cluster to which the virtual node connects. The value must be Base64-encoded.

    eip-uf66jeqopgqa9hdn****
    KubeConfig

    string

    No

    The custom resources supported by the virtual node. If an ECI pod declares a corresponding custom resource in its request, the pod is scheduled to the virtual node. The format is resource name=resource count. Use a comma to separate multiple resources.

    JTVDbmFwaVZlcnNpb24lM0ElMjB2MSU1Q25jbHVzdGVycyUzQSU1Q24tJTIwY2x1c3RlciUzQSU1Q24uLi******
    CustomResources

    string

    No

    The domain name of the cluster. After configuration, Kubelet configures all containers to search this domain name in addition to the host's search domain.

    example1.com=100,example2.com=200
    ClusterDomain

    string

    No

    The IP addresses of the DNS servers. If dnsPolicy=ClusterFirst is set in an ECI pod, the pod uses these addresses for DNS. You can specify multiple IP addresses. Separate them with commas.

    example.com
    ClusterDNS

    string

    No

    The tags for the virtual node. You can specify a maximum of 20 tags.

    100.1.XX.XX
    Tag

    array<object>

    No

    You can add up to 20 taints to the virtual node.

    object

    No

    The taints to apply to the virtual node.

    Key

    string

    No

    The key of the tag.

    name
    Value

    string

    No

    The value of the tag.

    test
    Taint

    array<object>

    No

    Specifies whether to enable TLS bootstrapping. If this feature is enabled, the KubeConfig certificate is used for TLS bootstrapping. Valid values:

    • true: Enabled

    • false: Disabled

    Default: false.

    object

    No

    The taint of the virtual node.

    Key

    string

    No

    The key of the taint.

    testKey
    Value

    string

    No

    The value of the taint.

    testValue
    Effect

    string

    No

    The effect of the taint. Valid values: - NoSchedule: Pods cannot be scheduled to the tainted node. - NoExecute: Pods cannot be scheduled to the tainted node, and existing pods on the node are evicted. - PreferNoSchedule: Pods are preferentially not scheduled to the tainted node.

    NoSchedule
    TlsBootstrapEnabled

    boolean

    No

    Specifies whether to enable TLS bootstrapping. If this parameter is enabled, use the KubeConfig certificate for TLS bootstrapping. Valid values: - true - false Default value: false.

    false

    Response elements

    Element

    Type

    Description

    Example

    object

    The response.

    RequestId

    string

    The request ID.

    89164E78-FC82-4684-BE97-DCDD85D26546
    VirtualNodeId

    string

    The virtual node ID.

    vnd-2ze960zkdqrldeaw****

    Examples

    Success response

    JSON format

    {
  "RequestId": "89164E78-FC82-4684-BE97-DCDD85D26546",
  "VirtualNodeId": "vnd-2ze960zkdqrldeaw****"
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 Account.Arrearage Your account has an outstanding payment. Your account has an outstanding payment.
    400 DryRunOperation Request validation has been passed with DryRun flag set. Request validation has been passed with DryRun flag set.
    400 InvalidParameter.CPU.Memory The specified cpu and memory are not allowed
    400 InvalidParameter.DuplicatedName The container group include containers with duplicate names.
    400 InvalidParameter.DuplicatedVolumeName The container group includes volumes with duplicate names. The container group includes volumes with duplicate names.
    400 IncorrectStatus %s
    400 ServiceNotEnabled %s The service on which this request depends has not been activated. Please activate and try again.
    400 ImageSnapshot.IncorrectStatus %s The status of the specified snapshot is invalid.
    400 ImageSnapshot.NotSupport %s Image caching based on data disk snapshots is not available for all users. If you want to enable this function, contact us.
    400 DiskVolume.NotSupport The disk volume is not supported. Disk volume does not support your structure. If you want to enable this function, contact us.
    400 RamRole.NotSupport The RAM role is not supported. The RAM role is not supported.
    400 DiskNumber.LimitExceed The maximum number of disks in an instance is exceeded. The maximum number of disks in an instance is exceeded.
    400 InvalidPaymentMethod.InsufficientBalance No payment method is specified for your account. We recommend that you add a payment method or add funds to the prepayment balance. No payment method is specified for your account. We recommend that you add a payment method or add funds to the prepayment balance.
    400 DiskVolume.NotInSameZone The instance to be created and the disk are not in the same zone. The instance to be created and the disk are not in the same zone.
    400 NoPermission You are not authorized to use the "Product on ECI" feature.
    400 HighCpuMemConfigRequired You need to apply to be added to the whitelist of the specified CPU and memory. You need to apply to be added to the whitelist of the specified CPU and memory.
    400 RecommendEmpty.InstanceTypeFamilyNotMatched The recommended instance type is unavailable in the current zone. Try again later.
    400 LocalDiskAmountNotMatch The number of local volumes does not match the instance type.
    400 Payfor.CreditPayInsufficientBalance Your payment credit line is insufficient. Your payment credit line is insufficient.
    400 InvalidOperation.KMS.InstanceTypeNotSupport The specified instance is invalid. Only I/O optimized instances support KMS key. The specified instance is invalid. Only I/O optimized instances support KMS key.
    400 InvalidParameter.Encrypted.KmsNotEnabled KMS must be enabled for encrypted disks.
    400 InvalidParameter.KMS.EncryptedIllegal After configuring the parameter KmsKeyId, you must enable encryption. After configuring the parameter KmsKeyId, you must enable encryption.
    400 Ipv6AddressNotSupportVsw IPv6 is not supported in the specified vSwitch.
    400 EipAddressPoolIpNotEnough The ip address of specified PublicIpAddressPool is not enough.
    400 VnodeDedicatedHostIdAlreadyExist DedicatedHostId:%s of Vnode:%s already exists.
    400 DedicatedHostQuotaExceeded The quota of DedicatedHost is exceeded.
    403 OperationDenied.VswZoneMisMatch The specified VSwitchId is not in the specified Zone.
    403 QuotaExceeded %s quota exceeded.
    403 Zone.NotOnSale The specified zone is not available for purchase.
    403 Forbidden.RiskControl This operation has been identified as an abnormal operation and cannot be processed.
    403 Forbidden.SubUser The specified action is not available for you.
    403 Forbidden.OnlyForInvitedTest Eci create action is only open to invited users during public beta.
    403 OperationDenied.SecurityGroupMisMatch The specified VSwitchId and SecurityGroupId are not in the same VPC.
    403 InvalidVSwitchId.IpNotEnough The specified VSwitch does not have enough IP addresses.
    403 Forbidden.UserBussinessStatus This operation is not allowed, because you have overdue bills. Pay the overdue bill and try again.
    403 Forbidden.UserNotRealNameAuthentication This operation is not allowed, because you have not passed the real-name verification.
    403 InvalidUser.PassRoleForbidden The RAM user is not authorized to assume a RAM role. The RAM user is not authorized to assume a RAM role.
    403 NoPermission The RAM role does not belong to ECS.
    403 OperationDenied.NoStock Sales of this resource are temporarily suspended in the specified zone. We recommend that you use the multi-zone creation function to avoid the risk of insufficient resource. For more information, see https://www.alibabacloud.com/help/document_detail/157290.html
    403 InvalidParameter.KMS.KeyId.Forbidden You are not authorized to access the specified KMSKeyId. You are not authorized to access the specified KMSKeyId.
    403 Forbidden.AccountClosed The operation is forbidden. Your account has been closed.
    403 InvalidOperation.ResourceManagedByCloudProduct The operation is forbidden. The security group has been managed by another cloud product.
    403 Spot.NotMatched %s. We recommend that you use the create multi-zone function to avoid insufficient inventory. For more information, see https://www.alibabacloud.com/help/document_detail/157290.html
    403 SecurityRisk.3DVerification We have detected a security risk with your default credit or debit card. Please proceed with verification via the link in your email.
    403 CreateServiceLinkedRole.Denied Please make sure the account has ram:CreateServiceLinkedRole permission. Please make sure the account has ram:CreateServiceLinkedRole permission.
    404 ImageSnapshot.NotFound The specified snapshot does not exist.
    404 InvalidDiskId.NotFound The specified disk does not exist.
    404 InvalidParameter.KMS.KeyId.NotFound The specified KMSKeyId does not exist. The specified KMSKeyId does not exist.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.