Use ALIYUN::CS::ManagedKubernetesCluster to create an ACK managed cluster - Resource Orchestration Service

ALIYUN::CS::ManagedKubernetesCluster is used to create a Container Service for Kubernetes (ACK) managed cluster.

Syntax

{
  "Type": "ALIYUN::CS::ManagedKubernetesCluster",
  "Properties": {
    "CloudMonitorFlags": Boolean,
    "ProxyMode": String,
    "WorkerDataDisk": Boolean,
    "SnatEntry": Boolean,
    "VSwitchIds": List,
    "WorkerSystemDiskCategory": String,
    "VpcId": String,
    "Tags": List,
    "WorkerSystemDiskSize": Number,
    "WorkerInstanceTypes": List,
    "WorkerDataDisks": List,
    "LoginPassword": String,
    "ContainerCidr": String,
    "NumOfNodes": Number,
    "Name": String,
    "Taint": List,
    "KeyPair": String,
    "Addons": List,
    "DisableRollback": Boolean,
    "ServiceCidr": String,
    "KubernetesVersion": String,
    "SecurityGroupId": String,
    "EndpointPublicAccess": Boolean,
    "ClusterSpec": String,
    "TimeoutMins": Number,
    "PodVswitchIds": List,
    "EncryptionProviderKey": String,
    "Runtime": Map,
    "SocEnabled": Boolean,
    "UserData": String,
    "OsType": String,
    "IsEnterpriseSecurityGroup": Boolean,
    "Platform": String,
    "AutoRenewPeriod": Number,
    "LoadBalancerSpec": String,
    "AutoRenew": Boolean,
    "ChargeType": String,
    "FormatDisk": Boolean,
    "Period": Number,
    "NodeCidrMask": String,
    "PeriodUnit": String,
    "KeepInstanceName": Boolean,
    "DeletionProtection": Boolean,
    "ZoneIds": List,
    "ResourceGroupId": String,
    "NodePools": List,
    "NodeNameMode": String,
    "SecurityHardeningOs": Boolean,
    "WorkerSystemDiskPerformanceLevel": String
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
Name	String	Yes	No	The cluster name.	The name must be 1 to 63 characters in length, and can contain letters, digits, and hyphens (-).
VpcId	String	Yes	No	The ID of the virtual private cloud (VPC).	If you do not specify this property, the system automatically creates a VPC whose CIDR block is 192.168.0.0/16. You must leave the `VpcId` and `VSwitchIds` properties empty or specify both the properties.
VSwitchIds	List	Yes	No	The vSwitch IDs of the worker nodes.	You can specify one to three vSwitch IDs.
Addons	List	No	No	The components that you want to use for the cluster.	Network component: The Flannel and Terway components are supported. You must use one of the components when you create the cluster. Value format when you use the Flannel component: `[{"Name":"flannel","Config":""}]`. Value format when you use the Terway component: `[{"Name": "terway-eniip","Config": ""}]`. Storage component: The Container Storage Interface (CSI) and FlexVolume components are supported. Value format when you use the CSI component: `[{"Name":"csi-plugin","Config": ""},{"Name": "csi-provisioner","Config": ""}]`. Value format when you use the FlexVolume component: `[{"Name": "flexvolume","Config": ""}]`. (Optional) Simple Log Service component: Note If you do not activate Simple Log Service, you cannot use the cluster auditing feature. Value format when you use an existing Simple Log Service project: `[{"Name": "logtail-ds","Config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}]`. Value format when you create a Simple Log Service project: `[{"Name": "logtail-ds","Config": "{\"IngressDashboardEnabled\":\"true\"}"}]`. (Optional) Ingress component: By default, the nginx-ingress-controller component is installed in ACK dedicated clusters. Value format when you install the nginx-ingress-controller component and enable Internet access: `[{"Name":"nginx-ingress-controller","Config":"{\"IngressSlbNetworkType\":\"internet\"}"}]`. Value format when you do not install the nginx-ingress-controller component: `[{"Name": "nginx-ingress-controller","Config": "","Disabled": true}]`. (Optional) Event center: By default, the event center feature is enabled. You can use event centers to store and query Kubernetes events and configure alerts. You can use the Logstores that are associated with event centers for free within 90 days. For more information, see Create and use an event center. Value format when you enable the event center feature: `[{"Name":"ack-node-problem-detector","Config":"{\"sls_project_name\":\"your_sls_project_name\"}"}]`. For more information, see Addons properties.
AutoRenew	Boolean	No	No	Specifies whether to enable auto-renewal.	This property takes effect when ChargeType is set to PrePaid. Valid values: true (default) false
SecurityHardeningOs	Boolean	No	No	Specifies whether to enable security hardening for Alibaba Cloud Linux.	Valid values: true false Default value: false.
WorkerSystemDiskPerformanceLevel	String	No	No	The system disk performance level (PL) of the worker nodes.	Valid values: PL0 (default): A disk can deliver up to 10,000 random read/write IOPS. PL1: A disk can deliver up to 50,000 random read/write IOPS.
AutoRenewPeriod	Number	No	No	The auto-renewal period.	This property takes effect when ChargeType is set to PrePaid and AutoRenew is set to true. Valid values when PeriodUnit is set to Week: 1 to 3. Valid values when PeriodUnit is set to Month: 1, 2, 3, 6, and 12. Default value: 1.
ChargeType	String	No	No	The billing method.	Valid values: PrePaid: subscription PostPaid (default): pay-as-you-go
CloudMonitorFlags	Boolean	No	No	Specifies whether to install the CloudMonitor agent.	Valid values: true false (default)
ClusterSpec	String	No	No	The type of the ACK managed cluster.	Valid values: ack.pro.small: ACK Pro cluster ack.standard (default): ACK standard cluster
ContainerCidr	String	No	No	The container CIDR block.	The container CIDR block cannot overlap with the VPC CIDR block. If you use the VPC that is automatically created by the system, 172.16.0.0/16 is used as the container CIDR block by default.
DeletionProtection	Boolean	No	No	Specifies whether to enable deletion protection.	After you enable deletion protection, you cannot delete the cluster by using the ACK console or by calling specific ACK API operations. Valid values: true false (default)
DisableRollback	Boolean	No	No	Specifies whether to disable rollback for resources if the cluster fails to be created.	Valid values: true (default) false Note If you set this property to false, the resources that are generated during the cluster creation are released when the cluster fails to be created. We recommend that you set this property to true.
EncryptionProviderKey	String	No	No	The ID of the key that is managed by Key Management Service (KMS).	The key is used to encrypt data disks. You can use KMS only for ACK Pro clusters.
EndpointPublicAccess	Boolean	No	No	Specifies whether to allow the cluster to access the API server over the Internet.	Valid values: true: allows the cluster to access the API server over the Internet. false (default): does not allow the cluster to access the API server over the Internet. In this case, the cluster can access the API server only over a VPC.
FormatDisk	Boolean	No	No	Specifies whether to attach a data disk to a node that is created based on an existing Elastic Compute Service (ECS) instance.	Valid values: true: If you set this property to true, the container and image data of the existing ECS instance is stored on the data disk. The existing data on the data disk is overwritten. Before you attach the data disk, back up the data on the data disk. false (default): If you set this property to false, the container and image data of the existing ECS instance is not stored on the data disk.
IsEnterpriseSecurityGroup	Boolean	No	No	Specifies whether to create an advanced security group.	This property takes effect when SecurityGroupId is left empty. Valid values: true: creates an advanced security group. If you install the Terway component in a cluster, you must create an advanced security group. false (default): does not create an advanced security group.
KeepInstanceName	Boolean	No	No	Specifies whether to retain the names of existing ECS instances in the cluster.	Valid values: true (default): retains the names of existing ECS instances in the cluster. false: does not retain the names of existing ECS instances in the cluster. The system assigns new names.
KeyPair	String	No	No	The name of the key pair.	You can specify KeyPair or LoginPassword.
KubernetesVersion	String	No	No	The Kubernetes version of the cluster. ACK supports the same Kubernetes versions as open source Kubernetes. We recommend that you use the latest version.	You can create clusters of the latest two versions. For more information about the Kubernetes versions supported by ACK, see Overview of Kubernetes versions supported by ACK.
LoadBalancerSpec	String	No	No	The specification of the Server Load Balancer (SLB) instance.	Valid values: slb.s1.small slb.s2.small slb.s2.medium slb.s3.small slb.s3.medium slb.s3.large
LoginPassword	String	No	No	The password for SSH logon.	The password must be 8 to 30 characters in length, and must contain letters, digits, and special characters. The following special characters are supported: `( ) ' ~ ! @ # $ % ^ & * - + = \| { } [ ] : ; < > , . ? / _` Note You can specify LoginPassword or KeyPair.
NodeCidrMask	String	No	No	The maximum number of CIDR blocks that can be assigned to the nodes.	The value of this property varies based on the pod CIDR block. This property takes effect only when you use the Flannel component for the cluster. Default value: 25.
NodeNameMode	String	No	No	The custom name of the node.	A node name consists of a prefix, an IP address substring, and a suffix. The prefix and the suffix can contain one or more parts that are separated by periods (.). Each part can contain lowercase letters, digits, and hyphens (-). The node name must start and end with a lowercase letter or digit. The IP address substring consists of 5 to 12 digits that are truncated from the end of the node IP address. For example, if the node IP address is 192.168.XX.XX, the prefix is `aliyun.com`, the IP address substring is 5 digits in length, and the suffix is test, the node name is `aliyun.com0****test`.
NodePools	List	No	No	The details of the node pools.	For more information, see NodePools properties.
NumOfNodes	Number	No	Yes	The number of worker nodes.	Valid values: 0 to 300. Default value: 3.
OsType	String	No	No	The OS type.	Valid values: Windows Linux (default)
Period	Number	No	No	The subscription duration of the cluster.	You must specify this property when ChargeType is set to PrePaid. Valid values when PeriodUnit is set to Week: 1 to 4. Valid values when PeriodUnit is set to Month: 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 24, 36, 48, and 60. Default value: 1.
PeriodUnit	String	No	No	The unit of the subscription duration of the cluster.	This property takes effect when ChargeType property is set to PrePaid. Valid values: Week Month (default)
Platform	String	No	No	The OS distribution.	Valid values: CentOS (default) AliyunLinux QbootAliyunLinux Qboot Windows WindowsCore
PodVswitchIds	List	No	No	The pod vSwitches.	For each node vSwitch, you must specify at least one pod vSwitch that is deployed in the same zone as the node vSwitch. The pod vSwitch cannot overlap with the node vSwitch. We recommend that you use a vSwitch whose CIDR block mask is up to 19 bits in length. Note You must specify this property when you use the Terway component for the cluster.
ProxyMode	String	No	No	The kube-proxy mode.	Valid values: iptables (default) ipvs
ResourceGroupId	String	No	Yes	The ID of the resource group to which the cluster belongs.	None.
Runtime	Map	No	No	The container runtime.	The Runtime property consists of the following fields: name: the name of the container runtime version: the version of the container runtime Example: `{"name": "docker", "version": "19.03.5"}` For more information about how to select a container runtime, see Comparison among Docker, containerd, and Sandboxed-Container. For more information about the Runtime property, see Runtime properties.
SecurityGroupId	String	No	No	The ID of the security group to which the ECS instances in the cluster belong.	None.
ServiceCidr	String	No	No	The Service CIDR block.	The Service CIDR block cannot overlap with the VPC CIDR block or container CIDR block. If you use the VPC that is automatically created by the system, 172.19.0.0/20 is used as the Service CIDR block by default.
SnatEntry	Boolean	No	No	Specifies whether to configure SNAT rules for the VPC.	Valid value when the VPC can access the Internet: false. In this case, you do not need to configure SNAT rules for the VPC. Valid values when the VPC cannot access the Internet: true: configures SNAT rules for the VPC. In this case, the VPC can access the Internet. false: does not configure SNAT rules for the VPC. In this case, the VPC cannot access the Internet.
SocEnabled	Boolean	No	No	Specifies whether to enable reinforcement based on classified protection.	Valid values: true false (default)
Tags	List	No	Yes	The tags of the cluster.	You can add up to 20 tags. For more information, see Tags properties.
Taint	List	No	No	The taints that you want to add to nodes for scheduling of pods.	If you apply tolerations to pods, the pods can be scheduled to nodes that have matching taints.
TimeoutMins	Number	No	No	The timeout period for creating the cluster.	Default value: 60. Unit: minutes.
UserData	String	No	No	The user data that you specify when you create the ECS instances.	The user data can be up to 16 KB in size. You do not need to convert the data into Base64-encoded strings. If the user data contains special characters, you must add the escape character (\) before each special character.
WorkerDataDisk	Boolean	No	No	Specifies whether to attach data disks to worker nodes.	Valid values: true false (default)
WorkerDataDisks	List	No	Yes	The configurations of the data disks that you want to attach to worker nodes. The configurations include disk categories and disk sizes.	This property takes effect only when you attach data disks to worker nodes. For more information, see WorkerDataDisks properties.
WorkerInstanceTypes	List	No	Yes	The ECS instance types of the worker nodes.	For more information, see Overview of instance families.
WorkerSystemDiskCategory	String	No	No	The system disk category of the worker nodes.	Valid values: cloud_efficiency (default): ultra disk cloud_ssd: standard SSD cloud_essd: Enterprise SSD (ESSD)
WorkerSystemDiskSize	Number	No	No	The system disk size of the worker nodes.	Default value: 120. Unit: GiB.
ZoneIds	List	No	No	The zones to which the vSwitches of the worker nodes belong.	None.

NodePools syntax

"NodePools": [
  {
    "ScalingGroup": Map,
    "KubernetesConfig": Map,
    "NodePoolInfo": Map,
    "Count": Integer
  }
]

NodePools properties

Property	Type	Required	Editable	Description	Constraint
ScalingGroup	Map	Yes	No	The configurations of the scaling group that you want to use for the node pool.	For more information, see ScalingGroup properties.
Count	Integer	No	No	The number of nodes in the node pool.	None.
KubernetesConfig	Map	No	No	The configurations of the cluster.	For more information, see KubernetesConfig properties.
NodePoolInfo	Map	No	No	The configurations of the node pool.	For more information, see NodePoolInfo properties.

ScalingGroup syntax

"ScalingGroup": {
  "RdsInstances": List,
  "IsEnterpriseSecurityGroup": Boolean,
  "VSwitchIds": List,
  "InternetMaxBandwidthOut": Integer,
  "DataDisks": List,
  "Period": Integer,
  "InternetChargeType": String,
  "KeyPair": String,
  "SystemDiskPerformanceLevel": String,
  "ImageId": String,
  "Platform": String,
  "InstanceTypes": List,
  "SystemDiskCategory": String,
  "PeriodUnit": String,
  "LoginPassword": String,
  "InstanceChargeType": String,
  "SystemDiskSize": Integer,
  "Tags": List,
  "ZoneIds": List
}

ScalingGroup properties

Property	Type	Required	Editable	Description	Constraint
InstanceTypes	List	Yes	No	The instance types.	None.
SystemDiskSize	Integer	Yes	No	The system disk size of the nodes.	Unit: GiB. Valid values: 40 to 500.
VSwitchIds	List	Yes	No	The IDs of the vSwitches.	None.
DataDisks	List	No	No	The configurations of the data disks that you want to attach to the nodes in the node pool.	For more information, see DataDisks properties.
ImageId	String	No	No	The ID of the custom image.	By default, the image that is provided by the system is used.
InstanceChargeType	String	No	No	The billing method of the nodes in the node pool.	Valid values: PrePaid: subscription PostPaid (default): pay-as-you-go
InternetChargeType	String	No	No	The metering method of the public IP address.	Valid values: PayByBandwidth: pay-by-bandwidth PayByTraffic: pay-by-data-transfer
InternetMaxBandwidthOut	Integer	No	No	The maximum outbound bandwidth of the public IP address of the node.	Unit: Mbit/s. Valid values: 1 to 100.
IsEnterpriseSecurityGroup	Boolean	No	No	Specifies whether to automatically create and use an advanced security group.	Valid values: true false
KeyPair	String	No	No	The name of the key pair that is used for password-free logon.	You can specify KeyPair or LoginPassword.
LoginPassword	String	No	No	The password for SSH logon.	You can specify KeyPair or LoginPassword. The password must be 8 to 30 characters in length, and must contain uppercase letters, lowercase letters, digits, and special characters.
Period	Integer	No	No	The subscription duration of the nodes in the node pool.	You must specify this property only when InstanceChargeType is set to PrePaid. Valid values when PeriodUnit is set to Month: 1, 2, 3, 6, and 12. Default value: 1.
PeriodUnit	String	No	No	The unit of the subscription duration of the nodes in the node pool.	You must specify this property when InstanceChargeType is set to PrePaid. Set PeriodUnit to Month.
Platform	String	No	No	The OS distribution.	Valid values: CentOS AliyunLinux (default) Windows WindowsCore
RdsInstances	List	No	No	The IDs of the ApsaraDB RDS instances.	None.
SystemDiskCategory	String	No	No	The system disk category of the nodes.	Valid values: cloud_efficiency (default): ultra disk cloud_ssd: standard SSD cloud_essd: ESSD
SystemDiskPerformanceLevel	String	No	No	The system disk PL of the nodes.	This property takes effect only for ESSDs.
Tags	List	No	No	The tags that you want to add to the ECS instances.	For more information, see Tags properties.
ZoneIds	List	No	No	The zones.	None.

DataDisks syntax

"DataDisks": [
  {
    "AutoSnapshotPolicyId": String,
    "Encrypted": Boolean,
    "Size": Integer,
    "Category": String,
    "PerformanceLevel": String
  }
]

DataDisks properties

Property	Type	Required	Editable	Description	Constraint
AutoSnapshotPolicyId	String	No	No	The ID of the automatic snapshot policy.	The system automatically backs up cloud disks based on the specified automatic snapshot policy.
Category	String	No	No	The data disk category.	Valid values: cloud: basic disk cloud_efficiency (default): ultra disk cloud_ssd: standard SSD cloud_essd: ESSD
Encrypted	Boolean	No	No	Specifies whether to encrypt data disks.	Valid values: true false (default)
PerformanceLevel	String	No	No	The data disk PL of the nodes.	This property takes effect only for ESSDs. The PL of a disk varies based on the disk size. For more information, see ESSDs.
Size	Integer	No	No	The data disk size.	Unit: GiB. Valid values: 40 to 32768. Default value: 120.

KubernetesConfig syntax

"KubernetesConfig": {
  "Runtime": String,
  "RuntimeVersion": String,
  "CpuPolicy": String,
  "Labels": List,
  "NodeNameMode": String,
  "Taints": List
}

KubernetesConfig properties

Property	Type	Required	Editable	Description	Constraint
Runtime	String	Yes	No	The container runtime.	None.
RuntimeVersion	String	Yes	No	The version of the container runtime.	None.
CpuPolicy	String	No	No	The CPU management policy of the nodes.	Valid values when the Kubernetes version of the cluster is 1.12.6 or later: static: grants the pods that have specific resource characteristics on the node with enhanced CPU affinity and exclusivity. none (default): uses the default CPU affinity.
Labels	List	No	No	The labels of the nodes.	You can add labels to the nodes in the cluster. For more information, see the "Labels properties" section of this topic.
NodeNameMode	String	No	No	The custom name of the node.	A node name consists of a prefix, an IP address substring, and a suffix. The prefix and the suffix can contain one or more parts that are separated by periods (.). Each part can contain lowercase letters, digits, and hyphens (-). The node name must start and end with a lowercase letter or digit. The IP address substring consists of 5 to 12 digits that are truncated from the end of the node IP address. For example, if the node IP address is 192.168.XX.XX, the prefix is `aliyun.com`, the IP address substring is 5 digits in length, and the suffix is test, the node name is `aliyun.com0****test`.
Taints	List	No	No	The configurations of the taints.	For more information, see Taints properties.

Labels syntax

"Labels": {
 "Value": String,
 "Key": String
}

Labels properties

Property	Type	Required	Editable	Description	Constraint
Key	String	Yes	No	The label key.	None.
Value	String	Yes	No	The label value.	None.

Taints syntax

"Taints": [{
 "Value": String,
 "Effect": String,
 "Key": String
}]

Taints properties

Property	Type	Required	Editable	Description	Constraint
Key	String	Yes	No	The taint name.	None.
Value	String	Yes	No	The taint value.	None.
Effect	String	No	No	The scheduling policy.	NoSchedule (default): Pods that do not tolerate the taint are not scheduled to the node that contains this taint. This policy affects only the scheduling process and takes effect only for newly added pods. This policy does not affect scheduled pods. NoExecute: Pods that do not tolerate the taint are evicted after you add this taint to the node. PreferNoSchedule: This is a preference or soft version of NoSchedule. This policy does not affect existing pods on the node.

NodePoolInfo syntax

"NodePoolInfo": {
  "Name": String,
  "Type": String,
  "ResourceGroupId": String
}

NodePoolInfo properties

Property	Type	Required	Editable	Description	Constraint
Name	String	Yes	No	The name of the node pool.	None.
Type	String	No	No	The type of the node pool.	Valid values: ess edge
ResourceGroupId	String	No	Yes	The resource group to which the node pool belongs.	None.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]

Tags properties

Property	Type	Required	Editable	Description	Constraint
Key	String	Yes	No	The tag key.	The tag key must be 1 to 64 characters in length, and cannot start with `aliyun`, `acs:`, `https://`, or `http://`.
Value	String	Yes	No	The tag value.	The tag value can be up to 128 characters in length, and cannot start with `aliyun`, `acs:`, `https://`, or `http://`.

WorkerDataDisks syntax

"WorkerDataDisks": [
  {
    "Category": String,
    "Size": Number,
    "PerformanceLevel": String
  }
]

WorkerDataDisks properties

Property	Type	Required	Editable	Description	Constraint
Category	String	Yes	Yes	The data disk category of the worker node.	Valid values: cloud: basic disk cloud_ssd: standard SSD cloud_efficiency (default): ultra disk cloud_essd: ESSD
PerformanceLevel	String	No	No	The PL of the ESSD.	Valid values: PL0: An ESSD can deliver up to 10,000 random read/write IOPS. PL1 (default): An ESSD can deliver up to 50,000 random read/write IOPS.
Size	Number	Yes	Yes	The data disk size.	Valid values: 40 to 32768. Unit: GiB.

Addons syntax

"Addons": [
  {
    "Version": String,
    "Config": String,
    "Name": String,
    "Disabled": Boolean
  }
]

Addons properties

Property	Type	Required	Editable	Description	Constraint
Name	String	Yes	No	The component name.	None.
Config	String	No	No	The configurations of the component.	None.
Disabled	Boolean	No	No	Specifies whether to disable default installation for the component.	Valid values: true (default) false
Version	String	No	No	The version of the component.	By default, the latest version is used.

Runtime syntax

"Runtime": {
    "Name": String,
    "Version": String
  }

Runtime properties

Property

Type

Required

Editable

Description

Constraint

Name

String

Yes

The name of the container runtime.

Valid values:

containerd
docker (default)
Sandboxed-Container.runv

Version