This product(
CS/2015-12-15
) OpenAPI adopts ROA Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
API catalog
API | Title | Description |
---|---|---|
OpenAckService | OpenAckService | When you use Container Service for Kubernetes (ACK) for the first time, you must activate ACK by using an Alibaba Cloud account or RAM user with the required permissions and complete ACK authorization. |
Cluster
API | Title | Description |
---|---|---|
CreateCluster | CreateCluster | You can call the CreateCluster operation to create a Container Service for Kubernetes (ACK) cluster. ACK clusters include ACK managed clusters, ACK dedicated clusters, ACK Serverless clusters, ACK Edge clusters, ACK clusters that support sandboxed containers, and registered clusters. For more information about how to create different types of ACK clusters, see the following usage notes. |
DeleteCluster | DeleteCluster | You can call the DeleteCluster operation to delete a cluster and specify whether to delete or retain the relevant cluster resources. Before you delete a cluster, you must manually delete workloads in the cluster, such as Deployments, StatefulSets, Jobs, and CronJobs. Otherwise, you may fail to delete the cluster. |
DescribeClustersV1 | DescribeClustersV1 | Queries the details about Container Service for Kubernetes (ACK) clusters of specified types or specifications within an account. |
DescribeClusterDetail | DescribeClusterDetail | You can call the DescribeClusterDetail operation to query the details of a Container Service for Kubernetes (ACK) cluster by cluster ID. |
DescribeClusterResources | DescribeClusterResources | You can call the DescribeClusterResources operation to query all resources in a cluster by cluster ID. |
DescribeKubernetesVersionMetadata | DescribeKubernetesVersionMetadata | Queries the detailed information about Kubernetes versions, including the version number, release date, expiration date, compatible OSs, and runtime. |
DescribeUserClusterNamespaces | DescribeUserClusterNamespaces | You can use Kubernetes namespaces to limit users from accessing resources in a Container Service for Kubernetes (ACK) cluster. Users that are granted Role-Based Access Control (RBAC) permissions only on one namespace cannot access resources in other namespaces. Queries the RBAC permissions that are granted to the current Resource Access Management (RAM) user or RAM role on an ACK cluster. |
DescribeClusterLogs | DescribeClusterLogs | Queries the cluster log to help analyze cluster issues and locate the cause. |
RunClusterCheck | RunClusterCheck | Container Intelligence Service (CIS) provides a variety of cluster check capabilities to allow you to perform cluster update check, cluster migration check, component installation check, component update check, and node pool check. A precheck is automatically triggered before an update, migration, or installation is performed. You can perform changes only if the cluster passes the precheck. You can also manually call the RunClusterCheck operation to initiate cluster checks. We recommend that you periodically check and maintain your cluster to mitigate potential risks. |
ListClusterChecks | ListClusterChecks | You can call the ListClusterChecks operation to query all the cluster check results of a cluster. |
GetClusterCheck | GetClusterCheck | Queries a cluster check task by cluster ID and task ID. You can view the status, check items, creation time, and end time of the task. Container Intelligence Service (CIS) provides a variety of Kubernetes cluster check features, including cluster update check, cluster migration check, component installation check, component update check, and node pool check. |
ModifyCluster | ModifyCluster | You can call the ModifyCluster operation to modify the cluster configurations by cluster ID. |
MigrateCluster | MigrateCluster | Container Service for Kubernetes (ACK) Pro clusters are developed based on ACK Basic clusters. ACK Pro clusters provide all benefits of ACK managed clusters, such as fully-managed control planes and control plane high availability. In addition, ACK Pro clusters provide you with enhanced reliability, security, and schedulability. ACK Pro clusters are covered by the SLA that supports compensation clauses. ACK Pro clusters are suitable for large-scale businesses that require high stability and security in production environments. We recommend that you migrate from ACK Basic clusters to ACK Pro clusters. |
DescribeClusterUserKubeconfig | DescribeClusterUserKubeconfig | Kubeconfig files store identity and authentication information that is used by clients to access Container Service for Kubernetes (ACK) clusters. To use a kubectl client to manage an ACK cluster, you need to use the corresponding kubeconfig file to connect to the ACK cluster. We recommend that you keep kubeconfig files confidential and revoke kubeconfig files that are not in use. This helps prevent data leaks caused by the disclosure of kubeconfig files. |
DescribeSubaccountK8sClusterUserConfig | DescribeSubaccountK8sClusterUserConfig | Queries or issues the kubeconfig credentials of a Resource Access Management (RAM) user or RAM role of the account. If you are the permission manager of a Container Service for Kubernetes (ACK) cluster, you can issue the kubeconfig credentials to a specific RAM user or RAM role of the account by using the Alibaba Cloud account. The kubeconfig credentials, which are used to connect to the ACK cluster, contain the identity information about the RAM user or RAM role. |
UpdateK8sClusterUserConfigExpire | UpdateK8sClusterUserConfigExpire | Sets the validity period of a kubeconfig file used by a Resource Access Management (RAM) user or RAM role to connect to a Container Service for Kubernetes (ACK) cluster. The validity period ranges from 1 to 876,000 hours. You can call this API operation when you customize configurations by using an Alibaba Cloud account. The default validity period of a kubeconfig file is three years. |
ScanClusterVuls | ScanClusterVuls | Scans for vulnerabilities in a Container Service for Kubernetes (ACK) cluster, including workload vulnerabilities, third-party software vulnerabilities, CVE vulnerabilities, WebCMS vulnerabilities, and Windows vulnerabilities. We recommend that you scan your cluster on a regular basis to ensure cluster security. |
DescribeClusterVuls | DescribeClusterVuls | Queries the security vulnerability details of a cluster by cluster ID. The details include vulnerability name, vulnerability type, and vulnerability severity. We recommend that you scan your cluster on a regular basis to ensure cluster security. |
Node Pool
API | Title | Description |
---|---|---|
CreateClusterNodePool | CreateClusterNodePool | Creates a node pool for a Container Service for Kubernetes (ACK) cluster. You can use node pools to facilitate node management. For example, you can schedule, configure, or maintain nodes by node pool, and enable auto scaling for a node pool. We recommend that you use a managed node pool, which can help automate specific O\\\\\\&M tasks for nodes, such as Common Vulnerabilities and Exposures (CVE) patching and node repair. This reduces your O\\\\\\&M workload. |
DeleteClusterNodepool | DeleteClusterNodepool | null |
DescribeClusterNodePoolDetail | DescribeClusterNodePoolDetail | You can call the DescribeClusterNodePoolDetail.html operation to query the details about a node pool in a cluster by node pool ID. |
DescribeClusterNodePools | DescribeClusterNodePools | Queries the information about all node pools in a cluster. |
DescribeNodePoolVuls | DescribeNodePoolVuls | Queries the vulnerability information of a node pool, such as vulnerability names and severity levels, by specifying the ID of the node pool. We recommend that you periodically scan node pools for vulnerabilities to enhance cluster security. |
ModifyClusterNodePool | ModifyClusterNodePool | You can call the ModifyClusterNodePool operation to modify the configuration of a node pool with the specified node pool ID. |
ScaleClusterNodePool | ScaleClusterNodePool | Scales out a node pool. |
AttachInstancesToNodePool | AttachInstancesToNodePool | Adds existing nodes to a specific node pool. You can add existing ECS instances to a specific node pool in a Container Service for Kubernetes (ACK) cluster as worker nodes. You can also add removed worker nodes back to the node pool. |
RemoveNodePoolNodes | RemoveNodePoolNodes | Removes nodes from a node pool. |
UpgradeClusterNodepool | UpgradeClusterNodepool | You can call the UpgradeClusterNodepool operation to update the Kubernetes version, OS version, or container runtime version of the nodes in a node pool. |
RepairClusterNodePool | RepairClusterNodePool | Repairs a node pool. |
FixNodePoolVuls | FixNodePoolVuls | Patches node vulnerabilities in a node pool to enhance node security. Cloud Security provided by Alibaba Cloud periodically scans Elastic Compute Service (ECS) instances for vulnerabilities and provides suggestions on how to patch the detected vulnerabilities. Vulnerability patching may require node restarts. Make sure that your cluster has sufficient idle nodes for node draining. |
ModifyNodePoolNodeConfig | ModifyNodePoolNodeConfig | Modifies the configuration of a node pool, such as the kubelet configuration and node rolling update configuration. After you modify the node pool configuration, nodes are batch updated and the kubelet on each node is restarted. This may adversely affect the nodes and workloads. We recommend that you perform this operation during off-peak hours. |
SyncClusterNodePool | SyncClusterNodePool | Synchronizes the information about a node pool, including the metadata and node information of the node pool. |
DescribeClusterAttachScripts | DescribeClusterAttachScripts | Queries the scripts used to add existing nodes to a Container Service for Kubernetes (ACK) cluster. ACK allows you to manually add existing Elastic Compute Service (ECS) instances to an ACK cluster as worker nodes or re-add worker nodes that you remove from the cluster to a node pool. |
CreateAutoscalingConfig | CreateAutoscalingConfig | Creates a scaling configuration to allow the system to scale resources based on the given scaling rules. When you create a scaling configuration, you can specify the scaling metrics, thresholds, scaling order, and scaling interval. |
Node
API | Title | Description |
---|---|---|
DescribeClusterNodes | DescribeClusterNodes | null |
DeleteClusterNodes | DeleteClusterNodes | Removes nodes from a Container Service for Kubernetes (ACK) cluster. When you remove nodes, you can specify whether to release the Elastic Compute Service (ECS) instances and drain the nodes. When you remove nodes, pods on the nodes are migrated. This may adversely affect your businesses. We recommend that you back up data and perform this operation during off-peak hours. |
Add-ons
API | Title | Description |
---|---|---|
InstallClusterAddons | InstallClusterAddons | Installs a component by specifying the name and version of the component. To enhance Kubernetes capabilities, you can install a variety of components in Container Service for Kubernetes (ACK) clusters, such as fully-managed core components and application, logging and monitoring, network, storage, and security group components. |
UnInstallClusterAddons | UnInstallClusterAddons | Uninstalls components that you no longer need from a cluster. You must specify the name of the components and specify whether to release associated Alibaba Cloud resources from the cluster. |
DescribeAddons | DescribeAddons | You can call the DescribeAddons operation to query the details about all components that are supported by Container Service for Kubernetes (ACK). |
DescribeClusterAddonsVersion | DescribeClusterAddonsVersion | You can call the DescribeClusterAddonsVersion operation to query the details about all components in a cluster by cluster ID. |
DescribeClusterAddonInstance | DescribeClusterAddonInstance | You can call the DescribeClusterAddonInstance operation to query the information about a cluster component, including the version, status, and configuration of the component. |
ListAddons | ListAddons | Queries the available components based on specific conditions such as the region, cluster type, cluster subtype defined by cluster profile, and cluster version and queries the detailed information about a component. The information includes whether the component is managed, the supported custom parameter schema, and compatible operating system architecture. |
ListClusterAddonInstances | ListClusterAddonInstances | Queries the component instances that are running in the specified cluster and the information about the component instances. The information includes the component version and status. |
GetClusterAddonInstance | GetClusterAddonInstance | You can call the GetClusterAddonInstance operation to query the information of a component instance in a cluster, including the version, configurations, and log status of the component instance. |
DescribeAddon | DescribeAddon | Queries the information about a component based on specific conditions such as the region, cluster type, cluster subtype defined by cluster profile, cluster version, and component name. The information includes whether the component is managed, the component type, supported custom parameter schema, compatible operating system architecture, and earliest supported cluster version. |
ModifyClusterAddon | ModifyClusterAddon | Modifies the configuration of a cluster component. This operation may affect your businesses. We recommend that you assess the impact, back up data, and perform the operation during off-peak hours. |
DescribeClusterAddonMetadata | DescribeClusterAddonMetadata | You can call the DescribeClusterAddonMetadata operation to query the metadata of a component version. The metadata includes the component version and available parameters. |
UpgradeClusterAddons | UpgradeClusterAddons | Updates cluster components to use new features and patch vulnerabilities. You must update cluster components one after one and update a component only after the previous one is successfully updated. Before you update a component, we recommend that you read the update notes for each component. Cluster component updates may affect your businesses. Assess the impact, back up data, and perform the update during off-peak hours. |
DescribeClusterAddonsUpgradeStatus | DescribeClusterAddonsUpgradeStatus | You can call the DescribeClusterAddonsUpgradeStatus operation to query the update progress of a component by component name. |
Upgrade
API | Title | Description |
---|---|---|
UpgradeCluster | UpgradeCluster | You can call the UpgradeCluster operation to upgrade a cluster by cluster ID. |
GetUpgradeStatus | GetUpgradeStatus | You can call the GetUpgradeStatus operation to query the update progress of a cluster by cluster ID. |
PauseClusterUpgrade | PauseClusterUpgrade | You can call the PauseClusterUpgrade operation to pause the update of a Container Service for Kubernetes (ACK) cluster. |
CancelClusterUpgrade | CancelClusterUpgrade | You can call the CancelClusterUpgrade operation to cancel the update of a cluster. |
ResumeUpgradeCluster | ResumeUpgradeCluster | You can call the ResumeUpgradeCluster operation to resume the update of a cluster by cluster ID. |
Permissions
API | Title | Description |
---|---|---|
DescribeUserPermission | DescribeUserPermission | In an Container Service for Kubernetes (ACK) cluster, you can create and specify different Resource Access Management (RAM) users or roles to have different access permissions. This ensures access control and resource isolation. You can call the DescribeUserPermission operation to query the permissions that are granted to a RAM user or RAM role on ACK clusters, including the resources that are allowed to access, the scope of the permissions, the predefined role, and the permission source. |
GrantPermissions | GrantPermissions | Updates the role-based access control (RBAC) permissions of a Resource Access Management (RAM) user or RAM role. By default, you do not have the RBAC permissions on a Container Service for Kubernetes (ACK) cluster if you are not the cluster owner or you are not using an Alibaba Cloud account. You can call this operation to specify the resources that can be accessed, permission scope, and predefined roles. This helps you better manage the access control on resources in ACK clusters. |
Template
API | Title | Description |
---|---|---|
CreateTemplate | CreateTemplate | Creates an orchestration template. An orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can use orchestration templates to manage resources in Kubernetes clusters and automate resource deployment, such as pods, Services, Deployments, ConfigMaps, and persistent volumes (PVs). |
DescribeTemplateAttribute | DescribeTemplateAttribute | An orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can call the DescribeTemplates API operation to query orchestration templates and their detailed information, including access permissions, YAML content, and labels. |
DescribeTemplates | DescribeTemplates | An orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can call the DescribeTemplates API operation to query orchestration templates and their detailed information, including access permissions, YAML content, and labels. |
UpdateTemplate | UpdateTemplate | Updates the configurations of an orchestration template. An orchestration template defines and describes a group of Container Service for Kubernetes (ACK) resources. An orchestration template describes the configurations of an application or how an application runs in a declarative manner. |
DeleteTemplate | DeleteTemplate | Deletes the orchestration templates that you no longer need. |
Trigger
API | Title | Description |
---|---|---|
CreateTrigger | CreateTrigger | Creates a trigger for an application to redeploy the application pods when specific conditions are met. |
DeleteTrigger | DeleteTrigger | Deletes an application trigger. |
DescribeTrigger | DescribeTrigger | Queries triggers that match specific conditions. |
Labels
API | Title | Description |
---|---|---|
ListTagResources | ListTagResources | Queries resource labels and the detailed information, such as the key-value pairs of the labels and the clusters to which the labels are added. You can use labels to classify and manage Container Service for Kubernetes (ACK) clusters in order to meet monitoring, cost analysis, and tenant isolation requirements. |
TagResources | TagResources | You can add labels in key-value pairs to clusters. This allows cluster developers or O\\\&M engineers to classify and manage clusters in a more flexible manner. This also meets the requirements for monitoring, cost analysis, and tenant isolation. You can call the TagResources operation to add labels to a cluster. |
UntagResources | UntagResources | If you no longer need the labels (key-value pairs) of a cluster, you can call the UntagResources operation to delete the labels. |
ModifyClusterTags | ModifyClusterTags | You can add labels in key-value pairs to clusters. This allows cluster developers or O\\\&M engineers to classify and manage clusters in a more flexible manner. This also meets the requirements for monitoring, cost analysis, and tenant isolation. You can call the ModifyClusterTags operation to modify the labels of a cluster. |
Logs
API | Title | Description |
---|---|---|
UpdateControlPlaneLog | UpdateControlPlaneLog | Modifies the log configurations of control plane components. The configurations include the log retention period and components whose logs that you want to collect. Container Service for Kubernetes (ACK) managed clusters can collect the logs of control plane components and deliver the logs to projects in Simple Log Service. These control plane components include Kube-apiserver, kube-scheduler, Kubernetes controller manager, and cloud controller manager (CCM). |
CheckControlPlaneLogEnable | CheckControlPlaneLogEnable | Queries the current log configuration of control plane components, including the log retention period and the log collection component. Container Service for Kubernetes (ACK) managed clusters can collect the logs of control plane components and deliver the logs to projects in Simple Log Service. These control plane components include Kube API Server, Kube Scheduler, Kube Controller Manager, and Cloud Controller Manager. |
Event
API | Title | Description |
---|---|---|
DescribeEventsForRegion | DescribeEventsForRegion | Queries all events in a specified region. |
DescribeEvents | DescribeEvents | Queries the detailed information about a type of events, including the severity level, status, and time. Events are generated when clusters are created, modified, and updated, node pools are created and scaled out, and components are installed. |
DescribeClusterEvents | DescribeClusterEvents | Queries events and event details in a Container Service for Kubernetes (ACK) cluster, including the severity level, status, and start time of each event. Events are generated when clusters created, modified, and updated, node pools are created and scaled out, and components are installed. |
Task
API | Title | Description |
---|---|---|
DescribeTaskInfo | DescribeTaskInfo | Queries detailed information about a task, such as the task type, status, and progress. |
PauseTask | PauseTask | Pauses an on-going task. |
ResumeTask | ResumeTask | Resumes a task. |
CancelTask | CancelTask | Cancels the execution of a cluster task. |
DescribeClusterTasks | DescribeClusterTasks | Queries tasks in a Container Service for Kubernetes (ACK) cluster. |
Policies
API | Title | Description |
---|---|---|
DeletePolicyInstance | DeletePolicyInstance | Deletes policy instances in a Container Service for Kubernetes (ACK) cluster. |
ModifyPolicyInstance | ModifyPolicyInstance | Updates a policy in a specific Container Service for Kubernetes (ACK) cluster. You can modify the action of the policy such as alerting or denying and namespaces to which the policy applies. |
DescribePolicies | DescribePolicies | Queries a list of security policies. Container Service for Kubernetes (ACK) clusters offer a variety of built-in container security policies, such as Compliance, Infra, K8s-general, and pod security policy (PSP). You can use these policies to ensure the security of containers running in a production environment. |
DescribePolicyDetails | DescribePolicyDetails | Queries the detailed information about a policy. The information includes the content, action, and severity level of the policy. Container Service for Kubernetes (ACK) provides the following types of predefined security policies: Compliance, Infra, K8s-general, and pod security policy (PSP). These policies ensure that containers are running in the production environment in a secure manner. |
DescribePolicyGovernanceInCluster | DescribePolicyGovernanceInCluster | Container Service for Kubernetes (ACK) clusters offer a variety of built-in container security policies, such as Compliance, Infra, K8s-general, and pod security policy (PSP). You can use these policies to ensure the security of containers running in a production environment. You can call the DescribePolicyGovernanceInCluster operation to query the details of policies for an ACK cluster. For example, you can query the number of policies that are enabled per severity level, the audit logs of policies, and the blocking and alerting information. |
DescribePolicyInstances | DescribePolicyInstances | Queries the detailed information about policy instances of the specified type in a Container Service for Kubernetes (ACK) cluster, such as the policy description and severity level. You can choose a type of security policy for an ACK cluster, specify the action and applicable scope of the policy, and then create and deploy a policy instance. |
DescribePolicyInstancesStatus | DescribePolicyInstancesStatus | Queries the deployment of policy instances in the current Container Service for Kubernetes (ACK) cluster, including the number of policy instances of each type and the number of policy types of each severity level. |
DeployPolicyInstance | DeployPolicyInstance | Deploys a policy in the specified namespaces of a specific Container Service for Kubernetes (ACK) cluster. You can create and deploy a security policy by specifying the policy type, action of the policy such as alerting or denying, and namespaces to which the policy applies. |
Others
API | Title | Description |
---|---|---|
DescribeUserQuota | DescribeUserQuota | Queries quotas related to Container Service for Kubernetes (ACK) clusters, node pools, and nodes. To increase a quota, submit an application in the Quota Center console. |
UpdateUserPermissions | UpdateUserPermissions | Updates the role-based access control (RBAC) permissions of a Resource Access Management (RAM) user or RAM role. By default, you do not have the RBAC permissions on a Container Service for Kubernetes (ACK) cluster if you are not the cluster owner or you are not using an Alibaba Cloud account. You can call this operation to specify the resources that can be accessed, permission scope, and predefined roles. This helps you better manage the access control on resources in ACK clusters. |
ListOperationPlans | ListOperationPlans | Queries the auto O\\\&M schedules of a cluster. |
CancelOperationPlan | CancelOperationPlan | You can call the CancelOperationPlan operation to cancel a pending auto O\\\\\\&M plan. |