ALIYUN::CS::ManagedKubernetesCluster is used to create an ACK managed cluster.

Syntax

{
  "Type": "ALIYUN::CS::ManagedKubernetesCluster",
  "Properties": {
    "CloudMonitorFlags": Boolean,
    "ProxyMode": String,
    "WorkerDataDisk": Boolean,
    "SnatEntry": Boolean,
    "VSwitchIds": List,
    "WorkerPeriod": Number,
    "WorkerPeriodUnit": String,
    "WorkerSystemDiskCategory": String,
    "VpcId": String,
    "Tags": List,
    "WorkerSystemDiskSize": Number,
    "WorkerInstanceTypes": List,
    "WorkerDataDisks": List,
    "LoginPassword": String,
    "ContainerCidr": String,
    "NumOfNodes": Number,
    "Name": String,
    "Taint": List,
    "KeyPair": String,
    "WorkerAutoRenewPeriod": Number,
    "WorkerInstanceChargeType": String,
    "WorkerAutoRenew": Boolean,
    "Addons": List,
    "DisableRollback": Boolean,
    "ServiceCidr": String,
    "KubernetesVersion": String,
    "SecurityGroupId": String,
    "EndpointPublicAccess": Boolean,
    "ClusterSpec": String,
    "TimeoutMins": Number,
    "PodVswitchIds": List,
    "EncryptionProviderKey": String,
    "Runtime": Map
  }
}

Properties

Property Type Required Editable Description Constraint
CloudMonitorFlags Boolean No No Specifies whether to install CloudMonitor agents. Default value: false. Valid values:
  • true
  • false
Runtime Map No No The container runtime. The Runtime parameter consists of the following fields:
  • name: the name of the container runtime.
  • version: the version of the container runtime.

Sample value:

{"name": "docker", "version": "19.03.5"}
For more information about how to select a container runtime, see Comparison of Docker, containerd, and Sandboxed-Container.

For more information about Runtime, see Runtime property.

ProxyMode String No No The kube-proxy mode. Default value: iptables. Valid values:
  • iptables
  • ipvs
WorkerInstanceChargeType String No No The billing method of worker nodes. Default value: PostPaid. Valid values:
  • PrePaid: the subscription billing method
  • PostPaid: the pay-as-you-go billing method
SnatEntry Boolean No No Specifies whether to configure SNAT rules for the virtual private cloud (VPC) in which you want to deploy the cluster.
  • Set the value to false if the VPC can access the Internet.
  • Valid values if the VPC cannot access the Internet:
    • true: configures SNAT rules. The VPC can access the Internet.
    • false: does not configure SNAT rules for the VPC. The VPC cannot access the Internet.
WorkerPeriod Number No No The subscription duration. This parameter takes effect and is required when the WorkerInstanceChargeType parameter is set to PrePaid.
  • Valid values if the WorkerPeriodUnit parameter is set to Week: 1, 2, 3, and 4
  • Valid values if the WorkerPeriodUnit parameter is set to Month: 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 24, 36, 48, and 60
WorkerPeriodUnit String No No The unit of the subscription duration. You must specify this parameter only when the WorkerInstanceChargeType parameter is set to PrePaid. Default value: Month. Valid values:
  • Week
  • Month
WorkerSystemDiskCategory String No No The system disk type of worker nodes. Default value: cloud_efficiency. Valid values:
  • cloud_efficiency: the ultra disk
  • cloud_ssd: the standard SSD
  • cloud_essd: the enhanced SSD (ESSD)
VpcId String Yes No The ID of the VPC. If you do not specify this parameter, the system creates a VPC whose CIDR block is 192.168.0.0/16.

You must specify the VpcId and VSwitchIds parameters or leave both parameters empty.

Tags List No No The tags of the cluster. You can specify up to 20 tags.

For more information, see Tags property.

WorkerInstanceTypes List Yes No The Elastic Compute Service (ECS) instance types of worker nodes. For more information, see Instance family.
WorkerDataDisks List No No The configurations for the data disks that you attach to worker nodes. The configurations include disk types and disk sizes. This parameter only takes effect when data disks are attached to worker nodes.

For more information, see WorkerDataDisks property.

LoginPassword String No No The password for SSH logon. The password must be 8 to 30 characters in length, and must contain letters, digits, and special characters. Special characters include ( ) ' ~ ! @ # $ % ^ & ∗ - + = | { } [ ] : ; < > , . ? / -

You must specify only one of the LoginPassword and KeyPair parameters.

ContainerCidr String No No The CIDR block of the container. The CIDR block of the container cannot overlap with the CIDR block of the VPC. If you use the VPC that is created by the system, the CIDR block 172.16.0.0/16 is used.
NumOfNodes Number No No The number of worker nodes. Valid values: 0 to 300.

Default value: 3.

Name String Yes No The name of the cluster. The name must be 1 to 63 characters in length, and can contain letters, digits, and hyphens (-).
WorkerSystemDiskSize Number No No The system disk size of worker nodes. Default value: 120.

Unit: GiB.

Taint List No No The taints that you want to add to nodes to ensure appropriate scheduling of pods. If you apply tolerations to pods, the pods can be scheduled to nodes that have matching taints.
WorkerAutoRenewPeriod Number No No The auto-renewal cycle of worker nodes.

This parameter takes effect and is required when the WorkerInstanceChargeType parameter is set to PrePaid and the WorkerAutoRenew parameter is set to true.

  • Valid values if the WorkerPeriodUnit parameter is set to Week: 1, 2, and 3
  • Valid values if the WorkerPeriodUnit parameter is set to Month: 1, 2, 3, 6, and 12
WorkerDataDisk Boolean No No Specifies whether to attach a data disk to worker nodes. Default value: false. Valid values:
  • true
  • false
WorkerAutoRenew Boolean No No Specifies whether to enable auto-renewal for worker nodes. Default value: false. Valid values:
  • true
  • false
Addons List No No The components that you want to use for the cluster.
  • For network component types, you can use Flannel or Terway when you create the cluster.

    • Set the value in the [{"Name":"flannel","Config":""}] format if you use the Flannel component.
    • Set the value in the [{"Name": "terway-eniip","Config": ""}] format if you use the Terway component.
  • For storage component types, you can use Container Storage Interface (CSI) or FlexVolume.

    • Set the value in the [{"Name":"csi-plugin","Config": ""},{"Name": "csi-provisioner","Config": ""}] format if you use the CSI component.
    • Set the value in the [{"Name": "flexvolume","Config": ""}] format if you use the FlexVolume component.
  • (Optional) For Log Service component types, you can use an existing Log Service project or create a project.
    Note If you do not activate Log Service, you cannot use the cluster auditing feature.
    • Set the value in the [{"Name": "logtail-ds","Config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}] format if you use an existing project.
    • Set the value in the [{"Name": "logtail-ds","Config": "{\"IngressDashboardEnabled\":\"true\"}"}] format if you create a project.
  • (Optional) For Ingress component types, nginx-ingress-controller is installed in the cluster by default.

    • Set the value in the [{"Name":"nginx-ingress-controller","Config":"{\"IngressSlbNetworkType\":\"internet\"}"}] format if you install nginx-ingress-controller and enable Internet access.
    • Set the value in the [{"Name": "nginx-ingress-controller","Config": "","Disabled": true}] format if you do not install nginx-ingress-controller.
  • (Optional) For event center component types, the event center is installed in the cluster by default.

    You can use Kubernetes event centers to store and query events, and configure alerts. You can use the Logstores that are associated with Kubernetes event centers for free within 90 days. For more information, see Create and use a Kubernetes event center.

    Set the value in the [{"Name":"ack-node-problem-detector","Config":"{\"sls_project_name\":\"your_sls_project_name\"}"}] format if you use the event center component.

For more information about Addons, see Addons property.
DisableRollback Boolean No No Specifies whether to roll back the cluster when the cluster fails to be created. Default value: true. Valid values:
  • true: does not roll back the cluster.
  • false: rolls back the cluster.
    Note If you set this parameter to false, the resources that are generated when you create the cluster are released. We recommend that you set this parameter to true.
ServiceCidr String No No The CIDR block of the Container Service for Kubernetes (ACK) service. The CIDR block of the service cannot overlap with the CIDR block of the VPC or container. If you use the VPC that is created by the system, the CIDR block 172.19.0.0/20 is used.
KubernetesVersion String No No The Kubernetes version of the cluster. The Kubernetes versions supported by ACK are the same as the Kubernetes versions supported by open source Kubernetes. We recommend that you use the latest version. You can create clusters of the latest two versions. For more information about Kubernetes versions that are supported by ACK, see Overview of Kubernetes versions supported by ACK.
SecurityGroupId String No No The ID of the security group to which the ECS instances in the cluster belong. None.
KeyPair String No No The name of the AccessKey pair. You must specify only one of the LoginPassword and KeyPair parameters.
EndpointPublicAccess Boolean No No Specifies whether to allow the cluster to access the API server over the Internet. Default value: false. Valid values:
  • true: allows the cluster to access the API server over the Internet.
  • false: does not allow the cluster to access the API server over the Internet. The cluster can access the API server only over the VPC.
ClusterSpec String No No The type of the ACK managed cluster. Default value: ack.standard. Valid values:
  • ack.pro.small: the ACK Pro cluster
  • ack.standard: the ACK standard cluster
TimeoutMins Number No No The timeout period during which you can create the cluster. Default value: 60.

Unit: minutes.

PodVswitchIds List No No The IDs of pod vSwitches. For each vSwitch that you allocate to a node, you must specify at least one pod vSwitch in the same zone as the node vSwitch. The pod vSwitch cannot overlap with the node vSwitch.

We recommend that you set the mask length of CIDR blocks to values that are no greater than 19 for the pod vSwitches.

Note You must specify this parameter when the Terway component is used for the cluster.
EncryptionProviderKey String No No The ID of the encryption key that is managed by Key Management Service (KMS). The encryption key is used to encrypt data disks. You can use KMS only in ACK Pro clusters.
VSwitchIds List Yes No The vSwitch IDs of worker nodes. You can specify one to three vSwitch IDs.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]

Tags property

Field Type Required Editable Description Constraint
Key String Yes No The key of the tag. The key must be 1 to 64 characters in length, and cannot start with aliyun, acs:, https://, or http://.
Value String No No The value of the tag. The value must be 0 to 128 characters in length, and cannot start with aliyun, acs:, https://, or http://.

WorkerDataDisks syntax

"WorkerDataDisks": [
  {
    "Category": String,
    "Size": Number
  }
]

WorkerDataDisks property

Field Type Required Editable Description Constraint
Category String Yes No The data disk type of worker nodes. Default value: cloud_efficiency. Valid values:
  • cloud: the basic disk
  • cloud_ssd: the standard SSD
  • cloud_efficiency: the ultra disk
  • cloud_essd: the ESSD
Size Number Yes No The size of the data disk. Valid values: 40 to 32768.

Unit: GiB.

Addons syntax

"Addons": [
  {
    "Version": String,
    "Config": String,
    "Name": String,
    "Disabled": Boolean
  }
]

Addons property

Field Type Required Editable Description Constraint
Version String No No The version of the component. If you leave this parameter empty, the latest version of the component is used.
Config String No No The configurations of the component. If you leave this parameter empty, no configurations are required for the component.
Name String Yes No The name of the component. None.
Disabled Boolean No No Specifies whether to disable automatic installation of the component. Default value: true. Valid values:
  • true : disables automatic installation.
  • false: enables automatic installation.

Runtime syntax

"Runtime": {
    "Name": String,
    "Version": String
  }

Runtime property

Field Type Required Editable Description Constraint
Name String Yes No The name of the container runtime. Default value: docker. Valid values:
  • containerd
  • docker
  • Sandboxed-Container.runv
Version String No No The version of the container runtime.
  • Set the value to 1.4.4 if the Name parameter is set to containerd.
  • Set the value to 19.03.5 if the Name parameter is set to docker.
  • Set the value to 3.4.1 if the Name parameter is set to Sandboxed-Container.runv.

Response parameters

Fn::GetAtt
  • ClusterId: the ID of the cluster.
  • TaskId: the ID of the task in which the cluster is created. The task ID is generated by the system and is used to query task status.
  • WorkerRamRoleName: the name of the RAM role for worker nodes.
  • DefaultUserKubeConfig: the default configurations of user credentials for the cluster.
  • ScalingRuleId: the ID of the scaling rule.
  • ScalingGroupId: the ID of the scaling group.
  • PrivateUserKubConfig: the private configurations of user credentials for the cluster.
  • ScalingConfigurationId: the ID of the scaling configuration.
  • Nodes: the nodes in the cluster.

Examples

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "EndpointPublicAccess": {
      "Type": "Boolean",
      "Description": "Whether to enable the public network API Server:\ntrue: which means that the public network API Server is open.\nfalse: If set to false, the API server on the public network will not be created, only the API server on the private network will be created. Default to false.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ],
      "Default": false
    },
    "WorkerPeriod": {
      "Type": "Number",
      "Description": "The duration of the annual and monthly subscription. It takes effect when the worker_instance_charge_type value is PrePaid and is required. The value range is:\nWhen PeriodUnit = Week, Period values are: {\"1\", \"2\", \"3\", \"4\"}\nWhen PeriodUnit = Month, Period values are: {\"1\", \"2\", \"3\", \"4\", \"5\", \"6\", \"7\", \"8\", \"9\", \"12\", \"24\", \"36\", \"48\", \"60\"}\nDefault to 1.",
      "AllowedValues": [
        1,
        2,
        3,
        4,
        5,
        6,
        7,
        8,
        9,
        12,
        24,
        36,
        48,
        60
      ],
      "Default": 1
    },
    "WorkerPeriodUnit": {
      "Type": "String",
      "Description": "When you specify PrePaid, you need to specify the period. The options are:\nWeek: Time is measured in weeks\nMonth: time in months\nDefault to Month.",
      "AllowedValues": [
        "Week",
        "Month"
      ],
      "Default": "Month"
    },
    "Addons": {
      "Type": "Json",
      "Description": "A combination of addon plugins for Kubernetes clusters.\nNetwork plug-in: including Flannel and Terway network plug-ins\nLog service: Optional. If the log service is not enabled, the cluster audit function cannot be used.\nIngress: The installation of the Ingress component is enabled by default."
    },
    "WorkerSystemDiskCategory": {
      "Type": "String",
      "Description": "Worker node system disk type. The value includes:\ncloud_efficiency: efficient cloud disk\ncloud_ssd: SSD cloud disk\nDefault to cloud_efficiency.",
      "Default": "cloud_efficiency"
    },
    "WorkerSystemDiskSize": {
      "Type": "Number",
      "Description": "Worker disk system disk size, the unit is GiB.\nDefault to 120.",
      "MinValue": 1,
      "Default": 120
    },
    "Name": {
      "Type": "String",
      "Description": "The name of the cluster. The cluster name can use uppercase and lowercase letters, Chinese characters, numbers, and dashes."
    },
    "Taint": {
      "Type": "Json",
      "Description": "It is used to mark nodes with taints. It is usually used for the scheduling strategy of Pods. The corresponding concept is: tolerance. If there is a corresponding tolerance mark on the Pods, the stain on the node can be tolerated and scheduled to the node."
    },
    "Runtime": {
      "Type": "Json",
      "Description": "The container runtime of the cluster. The default runtime is Docker."
    },
    "CloudMonitorFlags": {
      "Type": "Boolean",
      "Description": "Whether to install the cloud monitoring plugin:\ntrue: indicates installation\nfalse: Do not install\nDefault to false",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ],
      "Default": false
    },
    "ServiceCidr": {
      "Type": "String",
      "Description": "The service network segment cannot conflict with the VPC network segment and the container network segment. When the system is selected to automatically create a VPC, the network segment 172.19.0.0/20 is used by default.",
      "Default": "172.19.0.0/20"
    },
    "PodVswitchIds": {
      "Type": "Json",
      "Description": "The list of pod vSwitches. For each vSwitch that is allocated to nodes, \n you must specify at least one pod vSwitch in the same zone. \n The pod vSwitches cannot be the same as the node vSwitches. \n We recommend that you set the mask length of the CIDR block to a value no \ngreater than 19 for the pod vSwitches.\nThe pod_vswitch_ids parameter is required when the Terway network \nplug-in is selected for the cluster."
    },
    "WorkerAutoRenew": {
      "Type": "Boolean",
      "Description": "Whether to enable automatic renewal of Worker nodes. The optional values are:\ntrue: automatic renewal\nfalse: do not renew automatically\nDefault to true.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ],
      "Default": true
    },
    "ProxyMode": {
      "Type": "String",
      "Description": "kube-proxy proxy mode, supports both iptables and ipvs modes. The default is iptables.",
      "Default": "iptables"
    },
    "DisableRollback": {
      "Type": "Boolean",
      "Description": "Whether the failure was rolled back:\ntrue: indicates that it fails to roll back\nfalse: rollback failed\nThe default is true. If rollback fails, resources produced during the creation process will be released. False is not recommended.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ],
      "Default": true
    },
    "Tags": {
      "Type": "Json",
      "Description": "Tag the cluster."
    },
    "WorkerInstanceTypes": {
      "Type": "Json",
      "Description": "Worker node ECS specification type code. For more details, see Instance Specification Family.",
      "MinLength": 1,
      "MaxLength": 5
    },
    "LoginPassword": {
      "Type": "String",
      "Description": "SSH login password. Password rules are 8-30 characters and contain three items (upper and lower case letters, numbers, and special symbols). Specify one of KeyPair or LoginPassword."
    },
    "KubernetesVersion": {
      "Type": "String",
      "Description": "The version of the Kubernetes cluster."
    },
    "ContainerCidr": {
      "Type": "String",
      "Description": "The container network segment cannot conflict with the VPC network segment. When the system is selected to automatically create a VPC, the network segment 172.16.0.0/16 is used by default.",
      "Default": "172.16.0.0/16"
    },
    "WorkerInstanceChargeType": {
      "Type": "String",
      "Description": "Worker node payment type. The optional values are:\nPrePaid: prepaid\nPostPaid: Pay as you go\nDefault to PostPaid.",
      "AllowedValues": [
        "Subscription",
        "PrePaid",
        "PrePay",
        "Prepaid",
        "PayAsYouGo",
        "PostPaid",
        "PayOnDemand",
        "Postpaid"
      ],
      "Default": "PostPaid"
    },
    "KeyPair": {
      "Type": "String",
      "Description": "Key pair name. Specify one of KeyPair or LoginPassword."
    },
    "VSwitchIds": {
      "Type": "CommaDelimitedList",
      "Description": "The virtual switch ID of the worker node.",
      "MinLength": 1
    },
    "WorkerDataDisks": {
      "Type": "Json",
      "Description": "A combination of configurations such as worker data disk type and size. This parameter is valid only when the worker node data disk is mounted."
    },
    "SecurityGroupId": {
      "Type": "String",
      "Description": "Specifies the ID of the security group to which the cluster ECS instance belongs."
    },
    "TimeoutMins": {
      "Type": "Number",
      "Description": "Cluster resource stack creation timeout, in minutes. The default value is 60.",
      "Default": 60
    },
    "ClusterSpec": {
      "Type": "String",
      "Description": "The managed cluster spec. Value:\nack.pro.small: Professional hosting cluster, namely: \"ACK Pro version cluster\".\nack.standard: Standard hosting cluster.\nDefault value: ack.standard. The value can be empty. When it is empty, a standard managed cluster will be created."
    },
    "WorkerDataDisk": {
      "Type": "Boolean",
      "Description": "Whether to mount the data disk. The options are as follows:\ntrue: indicates that the worker node mounts data disks.\nfalse: indicates that the worker node does not mount data disks.\nDefault to false.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ],
      "Default": false
    },
    "VpcId": {
      "Type": "String",
      "Description": "VPC ID."
    },
    "NumOfNodes": {
      "Type": "Number",
      "Description": "Number of worker nodes. The range is [0,300].\nDefault to 3.",
      "MinValue": 2,
      "MaxValue": 300,
      "Default": 3
    },
    "EncryptionProviderKey": {
      "Type": "String",
      "Description": "The ID of the key that is managed by Key Management Service (KMS). This key is used to encrypt data disks. You can use KMS in only professional managed Kubernetes clusters."
    },
    "WorkerAutoRenewPeriod": {
      "Type": "Number",
      "Description": "Automatic renewal cycle, which takes effect when prepaid and automatic renewal are selected, and is required:\nWhen PeriodUnit = Week, the values are: {\"1\", \"2\", \"3\"}\nWhen PeriodUnit = Month, the value is {\"1\", \"2\", \"3\", \"6\", \"12\"}\nDefault to 1.",
      "AllowedValues": [
        1,
        2,
        3,
        6,
        12
      ],
      "Default": 1
    },
    "SnatEntry": {
      "Type": "Boolean",
      "Description": "Whether to configure SNAT for the network.\nWhen a VPC can access the public network environment, set it to false.\nWhen an existing VPC cannot access the public network environment:\nWhen set to True, SNAT is configured and the public network environment can be accessed at this time.\nIf set to false, it means that SNAT is not configured and the public network environment cannot be accessed at this time.\nDefault to true.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ],
      "Default": true
    }
  },
  "Resources": {
    "ManagedKubernetesCluster": {
      "Type": "ALIYUN::CS::ManagedKubernetesCluster",
      "Properties": {
        "EndpointPublicAccess": {
          "Ref": "EndpointPublicAccess"
        },
        "WorkerPeriod": {
          "Ref": "WorkerPeriod"
        },
        "WorkerPeriodUnit": {
          "Ref": "WorkerPeriodUnit"
        },
        "Addons": {
          "Ref": "Addons"
        },
        "WorkerSystemDiskCategory": {
          "Ref": "WorkerSystemDiskCategory"
        },
        "WorkerSystemDiskSize": {
          "Ref": "WorkerSystemDiskSize"
        },
        "Name": {
          "Ref": "Name"
        },
        "Taint": {
          "Ref": "Taint"
        },
        "Runtime": {
          "Ref": "Runtime"
        },
        "CloudMonitorFlags": {
          "Ref": "CloudMonitorFlags"
        },
        "ServiceCidr": {
          "Ref": "ServiceCidr"
        },
        "PodVswitchIds": {
          "Ref": "PodVswitchIds"
        },
        "WorkerAutoRenew": {
          "Ref": "WorkerAutoRenew"
        },
        "ProxyMode": {
          "Ref": "ProxyMode"
        },
        "DisableRollback": {
          "Ref": "DisableRollback"
        },
        "Tags": {
          "Ref": "Tags"
        },
        "WorkerInstanceTypes": {
          "Ref": "WorkerInstanceTypes"
        },
        "LoginPassword": {
          "Ref": "LoginPassword"
        },
        "KubernetesVersion": {
          "Ref": "KubernetesVersion"
        },
        "ContainerCidr": {
          "Ref": "ContainerCidr"
        },
        "WorkerInstanceChargeType": {
          "Ref": "WorkerInstanceChargeType"
        },
        "KeyPair": {
          "Ref": "KeyPair"
        },
        "VSwitchIds": {
          "Ref": "VSwitchIds"
        },
        "WorkerDataDisks": {
          "Ref": "WorkerDataDisks"
        },
        "SecurityGroupId": {
          "Ref": "SecurityGroupId"
        },
        "TimeoutMins": {
          "Ref": "TimeoutMins"
        },
        "ClusterSpec": {
          "Ref": "ClusterSpec"
        },
        "WorkerDataDisk": {
          "Ref": "WorkerDataDisk"
        },
        "VpcId": {
          "Ref": "VpcId"
        },
        "NumOfNodes": {
          "Ref": "NumOfNodes"
        },
        "EncryptionProviderKey": {
          "Ref": "EncryptionProviderKey"
        },
        "WorkerAutoRenewPeriod": {
          "Ref": "WorkerAutoRenewPeriod"
        },
        "SnatEntry": {
          "Ref": "SnatEntry"
        }
      }
    }
  },
  "Outputs": {
    "TaskId": {
      "Description": "Task ID. Automatically assigned by the system, the user queries the task status.",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "TaskId"
        ]
      }
    },
    "ClusterId": {
      "Description": "Cluster instance ID.",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "ClusterId"
        ]
      }
    },
    "ScalingGroupId": {
      "Description": "Scaling group id",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "ScalingGroupId"
        ]
      }
    },
    "ScalingRuleId": {
      "Description": "Scaling rule id",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "ScalingRuleId"
        ]
      }
    },
    "DefaultUserKubeConfig": {
      "Description": "Default user kubernetes config which is used for configuring cluster credentials.",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "DefaultUserKubeConfig"
        ]
      }
    },
    "WorkerRamRoleName": {
      "Description": "Worker ram role name.",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "WorkerRamRoleName"
        ]
      }
    },
    "ScalingConfigurationId": {
      "Description": "Scaling configuration id",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "ScalingConfigurationId"
        ]
      }
    },
    "PrivateUserKubConfig": {
      "Description": "Private user kubernetes config which is used for configuring cluster credentials.",
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "PrivateUserKubConfig"
        ]
      }
    }
  }
}

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Addons:
    Description: 'A combination of addon plugins for Kubernetes clusters.

      Network plug-in: including Flannel and Terway network plug-ins

      Log service: Optional. If the log service is not enabled, the cluster audit
      function cannot be used.

      Ingress: The installation of the Ingress component is enabled by default.'
    Type: Json
  CloudMonitorFlags:
    AllowedValues:
    - 'True'
    - 'true'
    - 'False'
    - 'false'
    Default: false
    Description: 'Whether to install the cloud monitoring plugin:

      true: indicates installation

      false: Do not install

      Default to false'
    Type: Boolean
  ClusterSpec:
    Description: 'The managed cluster spec. Value:

      ack.pro.small: Professional hosting cluster, namely: "ACK Pro version cluster".

      ack.standard: Standard hosting cluster.

      Default value: ack.standard. The value can be empty. When it is empty, a standard
      managed cluster will be created.'
    Type: String
  ContainerCidr:
    Default: 172.16.0.0/16
    Description: The container network segment cannot conflict with the VPC network
      segment. When the system is selected to automatically create a VPC, the network
      segment 172.16.0.0/16 is used by default.
    Type: String
  DisableRollback:
    AllowedValues:
    - 'True'
    - 'true'
    - 'False'
    - 'false'
    Default: true
    Description: 'Whether the failure was rolled back:

      true: indicates that it fails to roll back

      false: rollback failed

      The default is true. If rollback fails, resources produced during the creation
      process will be released. False is not recommended.'
    Type: Boolean
  EncryptionProviderKey:
    Description: The ID of the key that is managed by Key Management Service (KMS).
      This key is used to encrypt data disks. You can use KMS in only professional
      managed Kubernetes clusters.
    Type: String
  EndpointPublicAccess:
    AllowedValues:
    - 'True'
    - 'true'
    - 'False'
    - 'false'
    Default: false
    Description: 'Whether to enable the public network API Server:

      true: which means that the public network API Server is open.

      false: If set to false, the API server on the public network will not be created,
      only the API server on the private network will be created. Default to false.'
    Type: Boolean
  KeyPair:
    Description: Key pair name. Specify one of KeyPair or LoginPassword.
    Type: String
  KubernetesVersion:
    Description: The version of the Kubernetes cluster.
    Type: String
  LoginPassword:
    Description: SSH login password. Password rules are 8-30 characters and contain
      three items (upper and lower case letters, numbers, and special symbols). Specify
      one of KeyPair or LoginPassword.
    Type: String
  Name:
    Description: The name of the cluster. The cluster name can use uppercase and lowercase
      letters, Chinese characters, numbers, and dashes.
    Type: String
  NumOfNodes:
    Default: 3
    Description: 'Number of worker nodes. The range is [0,300].

      Default to 3.'
    MaxValue: 300
    MinValue: 2
    Type: Number
  PodVswitchIds:
    Description: "The list of pod vSwitches. For each vSwitch that is allocated to\
      \ nodes, \n you must specify at least one pod vSwitch in the same zone. \n The\
      \ pod vSwitches cannot be the same as the node vSwitches. \n We recommend that\
      \ you set the mask length of the CIDR block to a value no \ngreater than 19\
      \ for the pod vSwitches.\nThe pod_vswitch_ids parameter is required when the\
      \ Terway network \nplug-in is selected for the cluster."
    Type: Json
  ProxyMode:
    Default: iptables
    Description: kube-proxy proxy mode, supports both iptables and ipvs modes. The
      default is iptables.
    Type: String
  Runtime:
    Description: The container runtime of the cluster. The default runtime is Docker.
    Type: Json
  SecurityGroupId:
    Description: Specifies the ID of the security group to which the cluster ECS instance
      belongs.
    Type: String
  ServiceCidr:
    Default: 172.19.0.0/20
    Description: The service network segment cannot conflict with the VPC network
      segment and the container network segment. When the system is selected to automatically
      create a VPC, the network segment 172.19.0.0/20 is used by default.
    Type: String
  SnatEntry:
    AllowedValues:
    - 'True'
    - 'true'
    - 'False'
    - 'false'
    Default: true
    Description: 'Whether to configure SNAT for the network.

      When a VPC can access the public network environment, set it to false.

      When an existing VPC cannot access the public network environment:

      When set to True, SNAT is configured and the public network environment can
      be accessed at this time.

      If set to false, it means that SNAT is not configured and the public network
      environment cannot be accessed at this time.

      Default to true.'
    Type: Boolean
  Tags:
    Description: Tag the cluster.
    Type: Json
  Taint:
    Description: 'It is used to mark nodes with taints. It is usually used for the
      scheduling strategy of Pods. The corresponding concept is: tolerance. If there
      is a corresponding tolerance mark on the Pods, the stain on the node can be
      tolerated and scheduled to the node.'
    Type: Json
  TimeoutMins:
    Default: 60
    Description: Cluster resource stack creation timeout, in minutes. The default
      value is 60.
    Type: Number
  VSwitchIds:
    Description: The virtual switch ID of the worker node.
    MinLength: 1
    Type: CommaDelimitedList
  VpcId:
    Description: VPC ID.
    Type: String
  WorkerAutoRenew:
    AllowedValues:
    - 'True'
    - 'true'
    - 'False'
    - 'false'
    Default: true
    Description: 'Whether to enable automatic renewal of Worker nodes. The optional
      values are:

      true: automatic renewal

      false: do not renew automatically

      Default to true.'
    Type: Boolean
  WorkerAutoRenewPeriod:
    AllowedValues:
    - 1
    - 2
    - 3
    - 6
    - 12
    Default: 1
    Description: 'Automatic renewal cycle, which takes effect when prepaid and automatic
      renewal are selected, and is required:

      When PeriodUnit = Week, the values are: {"1", "2", "3"}

      When PeriodUnit = Month, the value is {"1", "2", "3", "6", "12"}

      Default to 1.'
    Type: Number
  WorkerDataDisk:
    AllowedValues:
    - 'True'
    - 'true'
    - 'False'
    - 'false'
    Default: false
    Description: 'Whether to mount the data disk. The options are as follows:

      true: indicates that the worker node mounts data disks.

      false: indicates that the worker node does not mount data disks.

      Default to false.'
    Type: Boolean
  WorkerDataDisks:
    Description: A combination of configurations such as worker data disk type and
      size. This parameter is valid only when the worker node data disk is mounted.
    Type: Json
  WorkerInstanceChargeType:
    AllowedValues:
    - Subscription
    - PrePaid
    - PrePay
    - Prepaid
    - PayAsYouGo
    - PostPaid
    - PayOnDemand
    - Postpaid
    Default: PostPaid
    Description: 'Worker node payment type. The optional values are:

      PrePaid: prepaid

      PostPaid: Pay as you go

      Default to PostPaid.'
    Type: String
  WorkerInstanceTypes:
    Description: Worker node ECS specification type code. For more details, see Instance
      Specification Family.
    MaxLength: 5
    MinLength: 1
    Type: Json
  WorkerPeriod:
    AllowedValues:
    - 1
    - 2
    - 3
    - 4
    - 5
    - 6
    - 7
    - 8
    - 9
    - 12
    - 24
    - 36
    - 48
    - 60
    Default: 1
    Description: 'The duration of the annual and monthly subscription. It takes effect
      when the worker_instance_charge_type value is PrePaid and is required. The value
      range is:

      When PeriodUnit = Week, Period values are: {"1", "2", "3", "4"}

      When PeriodUnit = Month, Period values are: {"1", "2", "3", "4", "5", "6", "7",
      "8", "9", "12", "24", "36", "48", "60"}

      Default to 1.'
    Type: Number
  WorkerPeriodUnit:
    AllowedValues:
    - Week
    - Month
    Default: Month
    Description: 'When you specify PrePaid, you need to specify the period. The options
      are:

      Week: Time is measured in weeks

      Month: time in months

      Default to Month.'
    Type: String
  WorkerSystemDiskCategory:
    Default: cloud_efficiency
    Description: 'Worker node system disk type. The value includes:

      cloud_efficiency: efficient cloud disk

      cloud_ssd: SSD cloud disk

      Default to cloud_efficiency.'
    Type: String
  WorkerSystemDiskSize:
    Default: 120
    Description: 'Worker disk system disk size, the unit is GiB.

      Default to 120.'
    MinValue: 1
    Type: Number
Resources:
  ManagedKubernetesCluster:
    Properties:
      Addons:
        Ref: Addons
      CloudMonitorFlags:
        Ref: CloudMonitorFlags
      ClusterSpec:
        Ref: ClusterSpec
      ContainerCidr:
        Ref: ContainerCidr
      DisableRollback:
        Ref: DisableRollback
      EncryptionProviderKey:
        Ref: EncryptionProviderKey
      EndpointPublicAccess:
        Ref: EndpointPublicAccess
      KeyPair:
        Ref: KeyPair
      KubernetesVersion:
        Ref: KubernetesVersion
      LoginPassword:
        Ref: LoginPassword
      Name:
        Ref: Name
      NumOfNodes:
        Ref: NumOfNodes
      PodVswitchIds:
        Ref: PodVswitchIds
      ProxyMode:
        Ref: ProxyMode
      Runtime:
        Ref: Runtime
      SecurityGroupId:
        Ref: SecurityGroupId
      ServiceCidr:
        Ref: ServiceCidr
      SnatEntry:
        Ref: SnatEntry
      Tags:
        Ref: Tags
      Taint:
        Ref: Taint
      TimeoutMins:
        Ref: TimeoutMins
      VSwitchIds:
        Ref: VSwitchIds
      VpcId:
        Ref: VpcId
      WorkerAutoRenew:
        Ref: WorkerAutoRenew
      WorkerAutoRenewPeriod:
        Ref: WorkerAutoRenewPeriod
      WorkerDataDisk:
        Ref: WorkerDataDisk
      WorkerDataDisks:
        Ref: WorkerDataDisks
      WorkerInstanceChargeType:
        Ref: WorkerInstanceChargeType
      WorkerInstanceTypes:
        Ref: WorkerInstanceTypes
      WorkerPeriod:
        Ref: WorkerPeriod
      WorkerPeriodUnit:
        Ref: WorkerPeriodUnit
      WorkerSystemDiskCategory:
        Ref: WorkerSystemDiskCategory
      WorkerSystemDiskSize:
        Ref: WorkerSystemDiskSize
    Type: ALIYUN::CS::ManagedKubernetesCluster
Outputs:
  ClusterId:
    Description: Cluster instance ID.
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - ClusterId
  DefaultUserKubeConfig:
    Description: Default user kubernetes config which is used for configuring cluster
      credentials.
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - DefaultUserKubeConfig
  PrivateUserKubConfig:
    Description: Private user kubernetes config which is used for configuring cluster
      credentials.
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - PrivateUserKubConfig
  ScalingConfigurationId:
    Description: Scaling configuration id
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - ScalingConfigurationId
  ScalingGroupId:
    Description: Scaling group id
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - ScalingGroupId
  ScalingRuleId:
    Description: Scaling rule id
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - ScalingRuleId
  TaskId:
    Description: Task ID. Automatically assigned by the system, the user queries the
      task status.
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - TaskId
  WorkerRamRoleName:
    Description: Worker ram role name.
    Value:
      Fn::GetAtt:
      - ManagedKubernetesCluster
      - WorkerRamRoleName

To view more examples, visit ManagedKubernetesCluster.json and ManagedKubernetesCluster.yml.