ALIYUN::CS::ManagedKubernetesCluster is used to create an ACK managed cluster.

Syntax

{
  "Type": "ALIYUN::CS::ManagedKubernetesCluster",
  "Properties": {
    "CloudMonitorFlags": Boolean,
    "ProxyMode": String,
    "WorkerDataDisk": Boolean,
    "SnatEntry": Boolean,
    "VSwitchIds": List,
    "WorkerSystemDiskCategory": String,
    "VpcId": String,
    "Tags": List,
    "WorkerSystemDiskSize": Number,
    "WorkerInstanceTypes": List,
    "WorkerDataDisks": List,
    "LoginPassword": String,
    "ContainerCidr": String,
    "NumOfNodes": Number,
    "Name": String,
    "Taint": List,
    "KeyPair": String,
    "Addons": List,
    "DisableRollback": Boolean,
    "ServiceCidr": String,
    "KubernetesVersion": String,
    "SecurityGroupId": String,
    "EndpointPublicAccess": Boolean,
    "ClusterSpec": String,
    "TimeoutMins": Number,
    "PodVswitchIds": List,
    "EncryptionProviderKey": String,
    "Runtime": Map,
    "SocEnabled": Boolean,
    "UserData": String,
    "CisEnabled": Boolean,
    "OsType": String,
    "IsEnterpriseSecurityGroup": Boolean,
    "Platform": String,
    "AutoRenewPeriod": Number,
    "LoadBalancerSpec": String,
    "AutoRenew": Boolean,
    "ChargeType": String,
    "FormatDisk": Boolean,
    "Period": Number,
    "NodeCidrMask": String,
    "PeriodUnit": String,
    "KeepInstanceName": Boolean,
    "DeletionProtection": Boolean
  }
}

Properties

Property Type Required Editable Description Constraint
CloudMonitorFlags Boolean No No Specifies whether to install CloudMonitor agents. Default value: false. Valid values:
  • true: installs CloudMonitor agents.
  • false: dose not install CloudMonitor agents.
Runtime Map No No The container runtime. The Runtime property consists of the following fields:
  • name: the name of the container runtime
  • version: the version of the container runtime

Example:

{"name": "docker", "version": "19.03.5"}
For more information about how to select a container runtime, see Comparison of Docker, containerd, and Sandboxed-Container.

For more information about the Runtime property, see Runtime properties.

ProxyMode String No No The kube-proxy mode. Default value: iptables. Valid values:
  • iptables
  • ipvs
SnatEntry Boolean No No Specifies whether to configure SNAT rules for the virtual private cloud (VPC). Valid values:
  • Valid value if the VPC can access the Internet: false.
  • Valid values if the VPC cannot access the Internet:
    • true: configures SNAT rules. The VPC can access the Internet.
    • false: does not configure SNAT rules. The VPC cannot access the Internet.
WorkerSystemDiskCategory String No No The category of the system disk that you attach to the worker node. Default value: cloud_efficiency. Valid values:
  • cloud_efficiency: ultra disk
  • cloud_ssd: SSD
  • cloud_essd: enhanced SSD (ESSD)
VpcId String Yes No The ID of the VPC. If you do not specify this property, the system automatically creates a VPC whose CIDR block is 192.168.0.0/16.

You must specify the VpcId and VSwitchIds properties or leave both properties empty.

Tags List No Yes The tags of the cluster. You can specify up to 20 tags.

For more information, see Tags properties.

WorkerInstanceTypes List Yes No The Elastic Compute Service (ECS) instance types of worker nodes. For more information, see Instance family.
WorkerDataDisks List No No The configurations of the data disks that you attach to worker nodes. The configurations include disk categories and disk sizes. This property takes effect only when you attach data disks to worker nodes.

For more information, see WorkerDataDisks properties.

LoginPassword String No No The password for SSH logon. The password must be 8 to 30 characters in length, and must contain letters, digits, and special characters. The following special characters are supported: ( ) ' ~ ! @ # $ % ^ & ∗ - + = | { } [ ] : ; < > , . ? / _.

You must specify the LoginPassword or KeyPair property.

ContainerCidr String No No The CIDR block of the container. The CIDR block of the container cannot overlap with the CIDR block of the VPC. If you use the VPC that is automatically created by the system, the CIDR block 172.16.0.0/16 is used by default.
NumOfNodes Number No No The number of worker nodes. Valid values: 0 to 300.

Default value: 3.

Name String Yes No The name of the cluster. The name must be 1 to 63 characters in length, and can contain letters, digits, and hyphens (-).
WorkerSystemDiskSize Number No No The size of the system disk that you attach to the worker node. Default value: 120.

Unit: GiB.

Taint List No No The taints that you add to nodes to ensure that pods are appropriately scheduled. If you apply tolerations to pods, the pods can be scheduled to nodes that have matching taints.
WorkerDataDisk Boolean No No Specifies whether to attach a data disk to the worker node. Default value: false. Valid values:
  • true: attaches a data disk.
  • false: does not attach a data disk.
Addons List No No The components that you use for the cluster. Valid values:
  • For network component types, you can use Flannel or Terway when you create the cluster.

    • If you use the Flannel component, specify the value in the [{"Name":"flannel","Config":""}] format.
    • If you use the Terway component, specify the value in the [{"Name": "terway-eniip","Config": ""}] format.
  • For storage component types, you can use Container Storage Interface (CSI) or FlexVolume.

    • If you use the CSI component, specify the value in the [{"Name":"csi-plugin","Config": ""},{"Name": "csi-provisioner","Config": ""}] format.
    • If you use the FlexVolume component, specify the value in the [{"Name": "flexvolume","Config": ""}] format.
  • (Optional) For Log Service component types, you can use an existing Log Service project or create a project.
    Note If you do not activate Log Service, you cannot use the cluster auditing feature.
    • If you use an existing project, specify the value in the [{"Name": "logtail-ds","Config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}] format.
    • If you create a project, specify the value in the [{"Name": "logtail-ds","Config": "{\"IngressDashboardEnabled\":\"true\"}"}] format.
  • (Optional) For Ingress component types, nginx-ingress-controller is automatically installed on ACK dedicated clusters.

    • If you install nginx-ingress-controller and enable Internet access, specify the value in the [{"Name":"nginx-ingress-controller","Config":"{\"IngressSlbNetworkType\":\"internet\"}"}] format.
    • If you do not install nginx-ingress-controller, specify the value in the [{"Name": "nginx-ingress-controller","Config": "","Disabled": true}] format.
  • (Optional) For event center component types, the event center feature is automatically enabled for the cluster.

    You can use Kubernetes event centers to store and query events, and configure alerts. You can use the Logstores that are associated with Kubernetes event centers for free within 90 days. For more information, see Create and use an event center.

    If you enable the event center feature, specify the value in the [{"Name":"ack-node-problem-detector","Config":"{\"sls_project_name\":\"your_sls_project_name\"}"}] format.

For more information, see Addons properties.
DisableRollback Boolean No No Specifies whether to roll back the resources when the cluster fails to be created. Default value: true. Valid values:
  • true: does not roll back the resources.
  • false: rolls back the resources.
    Note If you set this property to false, the resources that are generated when you create the cluster are released. We recommend that you set this property to true.
ServiceCidr String No No The CIDR block of the Container Service for Kubernetes (ACK) service. The CIDR block of the service cannot overlap with the CIDR block of the VPC or the CIDR block of the container. If you use the VPC that is automatically created by the system, the CIDR block 172.19.0.0/20 is used by default.
KubernetesVersion String No No The Kubernetes version of the cluster. ACK supports all open source Kubernetes versions. We recommend that you use the latest version. You can create clusters of the latest two versions. For more information about Kubernetes versions that are supported by ACK, see Overview of Kubernetes versions supported by ACK.
SecurityGroupId String No No The ID of the security group to which the ECS instances in the cluster belong. None.
KeyPair String No No The name of the key pair. You must specify the LoginPassword or KeyPair property.
EndpointPublicAccess Boolean No No Specifies whether to allow the cluster to access the API server over the Internet. Default value: false. Valid values:
  • true: allows the cluster to access the API server over the Internet.
  • false: does not allow the cluster to access the API server over the Internet. The cluster can access the API server only over the VPC.
ClusterSpec String No No The type of the ACK managed cluster. Default value: ack.standard. Valid values:
  • ack.pro.small: ACK Pro cluster
  • ack.standard: ACK standard cluster
TimeoutMins Number No No The timeout period during which you can create the cluster. Default value: 60.

Unit: minutes.

PodVswitchIds List No No The IDs of pod vSwitches. For each vSwitch that you allocate to a node, you must specify at least one pod vSwitch in the same zone as the node vSwitch. The pod vSwitch cannot overlap with the node vSwitch.

We recommend that you use the vSwitch of which the mask of the CIDR block is no greater than 19 bits in length.

Note You must specify this property when you use the Terway component for the cluster.
EncryptionProviderKey String No No The ID of the key that is managed by Key Management Service (KMS). The key is used to encrypt data disks. You can use KMS only for ACK Pro clusters.
VSwitchIds List Yes No The vSwitch IDs of worker nodes. You can specify one to three vSwitch IDs.
SocEnabled Boolean No No Specifies whether to enable reinforcement based on classified protection. Default value: false. Valid values:
  • true: enables reinforcement based on classified protection.
  • false: disables reinforcement based on classified protection.
UserData String No No The user data that you pass when you create the ECS instance. The data must be 16 KB in size. You do not need to convert the data to Base64-encoded strings. If the user data contains special characters, you must add the escape character (\) before each special character.
CisEnabled Boolean No No Specifies whether to enable Center for Internet Security (CIS) reinforcement. Default value: false. Valid values:
  • true: enables CIS reinforcement.
  • false: disables CIS reinforcement.
OsType String No No The type of the OS. Default value: Linux. Valid values:
  • Windows
  • Linux
IsEnterpriseSecurityGroup Boolean No No Specifies whether to create an advanced security group. This parameter takes effect when you leave the SecurityGroupId property empty. Default value: false. Valid values:
  • true: creates an advanced security group. If you install Terway on a cluster, you must create an advanced security group for the cluster.
  • false: does not create an advanced security group.
Platform String No No The distribution of the OS. Default value: CentOS. Valid values:
  • CentOS
  • AliyunLinux
  • QbootAliyunLinux
  • Qboot
  • Windows
  • WindowsCore
AutoRenewPeriod Number No No The auto-renewal cycle of the cluster. This property takes effect when you set the ChargeType property to PrePaid and the AutoRenew property to true. Valid values:
  • Valid values if you set the PeriodUnit property to Week: 1, 2, and 3
  • Valid values if you set the PeriodUnit property to Month: 1, 2, 3, 6, and 12

Default value: 1.

LoadBalancerSpec String No No The specification of the Server Load Balancer (SLB) instance. Valid values:
  • slb.s1.small
  • slb.s2.small
  • slb.s2.medium
  • slb.s3.small
  • slb.s3.medium
  • slb.s3.large
AutoRenew Boolean No No Specifies whether to enable auto-renewal for the cluster. This property takes effect when you set the ChargeType property to PrePaid. Default value: true. Valid values:
  • true: enables auto-renewal.
  • false: does not enable auto-renewal.
ChargeType String No No The billing method of the cluster. Default value: PostPaid. Valid values:
  • PrePaid: subscription
  • PostPaid: pay-as-you-go
FormatDisk Boolean No No Specifies whether to attach the data disk to a node that is created based on an existing ECS instance. Default value: false. Valid values:
  • true: stores the container and image data of the existing ECS instance on the data disk. The existing data on the data disk is overwritten. Before you attach the data disk, back up the data on the data disk.
  • false: does not store the container and image data of the existing ECS instance on the data disk.
Period Number No No The subscription duration of the cluster that you purchase. This parameter takes effect and is required when you set the ChargeType property to PrePaid. Valid values:
  • Valid values if you set the PeriodUnit property to Week: 1, 2, 3, and 4
  • Valid values if you set the PeriodUnit property to Month: 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 24, 36, 48, and 60
Default value: 1.
NodeCidrMask String No No The maximum number of IP addresses that are assigned to nodes. The value varies based on the CIDR block that you specify for pods. This parameter takes effect only when you use the Flannel component for the cluster.

Default value: 25.

PeriodUnit String No No The unit of the subscription duration of the cluster that you purchase. This property takes effect when you set the ChargeType property to PrePaid. Default value: Month. Valid values:
  • Week
  • Month
KeepInstanceName Boolean No No Specifies whether to retain the name of the existing ECS instance that is used in the cluster. Default value: true. Valid values:
  • true: retains the name of the existing ECS instance.
  • false: does not retain the name of the existing ECS instance. The system assigns a name for the existing ECS instance.
DeletionProtection Boolean No No Specifies whether to enable deletion protection. After you enable deletion protection, you cannot delete the cluster by using the ACK console or by calling the ACK API. Default value: false. Valid values:
  • true: enables deletion protection.
  • false: disables deletion protection.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]

Tags properties

Property Type Required Editable Description Constraint
Key String Yes No The key of the tag. The key must be 1 to 64 characters in length. The key cannot start with aliyun, acs:, https://, or http://.
Value String No No The value of the tag. The value must be 0 to 128 characters in length. The value cannot start with aliyun, acs:, http://, or https://.

WorkerDataDisks syntax

"WorkerDataDisks": [
  {
    "Category": String,
    "Size": Number
  }
]

WorkerDataDisks properties

Property Type Required Editable Description Constraint
Category String Yes No The category of the data disk that you attach to the worker node. Default value: cloud_efficiency. Valid values:
  • cloud: basic disk
  • cloud_ssd: SSD
  • cloud_efficiency: ultra disk
  • cloud_essd: ESSD
Size Number Yes No The size of the data disk. Valid values: 40 to 32768.

Unit: GiB.

Addons syntax

"Addons": [
  {
    "Version": String,
    "Config": String,
    "Name": String,
    "Disabled": Boolean
  }
]

Addons properties

Property Type Required Editable Description Constraint
Version String No No The version of the component. By default, the latest version is used.
Config String No No The configurations of the component. None.
Name String Yes No The name of the component. None.
Disabled Boolean No No Specifies whether to disable automatic installation for the component. Default value: true. Valid values:
  • true : disables automatic installation.
  • false: enables automatic installation.

Runtime syntax

"Runtime": {
    "Name": String,
    "Version": String
  }

Runtime properties

Property Type Required Editable Description Constraint
Name String Yes No The name of the container runtime. Default value: docker. Valid values:
  • containerd
  • docker
  • Sandboxed-Container.runv
Version String No No The version of the container runtime. Valid values:
  • Valid value if you set the Name property to containerd: 1.4.4
  • Valid value if you set the Name property to docker: 19.03.5
  • Valid value if you set the Name property to Sandboxed-Container.runv: 3.4.1

Return values

Fn::GetAtt
  • ClusterId: the ID of the cluster.
  • TaskId: the ID of the task. The task ID is automatically assigned by the system and can be used to query the status of the task.
  • WorkerRamRoleName: the name of the RAM role for the worker node.
  • DefaultUserKubeConfig: the default configurations of user credentials for the cluster.
  • ScalingRuleId: the ID of the scaling rule.
  • ScalingGroupId: the ID of the scaling group.
  • PrivateUserKubConfig: the private configurations of user credentials for the cluster.
  • ScalingConfigurationId: the ID of the scaling configuration.
  • Nodes: the nodes in the cluster.
  • APIServerSLBId: the ID of the SLB instance that is used by the API server.

Examples

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Description": "Test Create ManagedKubernetesCluster",
  "Parameters": {
    "WorkerInstanceTypes": {
      "Type": "Json",
      "Default": [
        "ecs.c5.large"
      ]
    },
    "WorkerSystemDiskCategory": {
      "Type": "String",
      "Description": "Category of system disk. Default is cloud_efficiency. support cloud|cloud_efficiency|cloud_ssd|cloud_essd|ephemeral_ssd.Old instances will not be changed.",
      "AllowedValues": [
        "cloud",
        "cloud_efficiency",
        "cloud_ssd",
        "cloud_essd",
        "ephemeral_ssd"
      ],
      "Default": "cloud_essd"
    },
    "LoginPassword": {
      "Type": "String",
      "Default": "Admin123"
    },
    "Name": {
      "Type": "String",
      "Default": "mytest"
    }
  },
  "Resources": {
    "Vpc": {
      "Type": "ALIYUN::ECS::VPC",
      "Properties": {
        "VpcName": "mytest",
        "CidrBlock": "192.168.0.0/16"
      }
    },
    "VSwitch": {
      "Type": "ALIYUN::ECS::VSwitch",
      "Properties": {
        "VSwitchName": "mytest",
        "VpcId": {
          "Ref": "Vpc"
        },
        "ZoneId": {
          "Fn::Select": [
            "0",
            {
              "Fn::GetAZs": {
                "Ref": "ALIYUN::Region"
              }
            }
          ]
        },
        "CidrBlock": "192.168.1.0/24"
      }
    },
    "ManagedKubernetesCluster": {
      "Type": "ALIYUN::CS::ManagedKubernetesCluster",
      "Properties": {
        "VSwitchIds": [
          {
            "Ref": "VSwitch"
          }
        ],
        "VpcId": {
          "Ref": "Vpc"
        },
        "ClusterSpec": "ack.pro.small",
        "WorkerInstanceTypes": {
          "Ref": "WorkerInstanceTypes"
        },
        "WorkerSystemDiskCategory": {
          "Ref": "WorkerSystemDiskCategory"
        },
        "LoginPassword": {
          "Ref": "LoginPassword"
        },
        "Name": {
          "Ref": "Name"
        }
      }
    }
  },
  "Outputs": {
    "ClusterId": {
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "ClusterId"
        ]
      }
    },
    "TaskId": {
      "Value": {
        "Fn::GetAtt": [
          "ManagedKubernetesCluster",
          "TaskId"
        ]
      }
    }
  }
}

To view more examples, visit ManagedKubernetesCluster.json and ManagedKubernetesCluster.yml.