All Products
Search
Document Center

Container Service for Kubernetes:List of operations by function

Last Updated:Dec 18, 2024
This product(CS/2015-12-15) OpenAPI adopts ROA Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts.
Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.

API catalog

APITitleDescription
OpenAckServiceOpenAckServiceWhen you use Container Service for Kubernetes (ACK) for the first time, you must activate ACK by using an Alibaba Cloud account or RAM user with the required permissions and complete ACK authorization.

Cluster

APITitleDescription
CreateClusterCreateClusterYou can call the CreateCluster operation to create a Container Service for Kubernetes (ACK) cluster. ACK clusters include ACK managed clusters, ACK dedicated clusters, ACK Serverless clusters, ACK Edge clusters, ACK clusters that support sandboxed containers, and registered clusters. For more information about how to create different types of ACK clusters, see the following usage notes.
DeleteClusterDeleteClusterYou can call the DeleteCluster operation to delete a cluster and specify whether to delete or retain the relevant cluster resources. Before you delete a cluster, you must manually delete workloads in the cluster, such as Deployments, StatefulSets, Jobs, and CronJobs. Otherwise, you may fail to delete the cluster.
DescribeClustersV1DescribeClustersV1Queries the details about Container Service for Kubernetes (ACK) clusters of specified types or specifications within an account.
DescribeClustersForRegionDescribeClustersForRegionQueries all clusters in a specified region.
DescribeClusterDetailDescribeClusterDetailYou can call the DescribeClusterDetail operation to query the details of a Container Service for Kubernetes (ACK) cluster by cluster ID.
DescribeClusterResourcesDescribeClusterResourcesYou can call the DescribeClusterResources operation to query all resources in a cluster by cluster ID.
DescribeKubernetesVersionMetadataDescribeKubernetesVersionMetadataQueries the detailed information about Kubernetes versions, including the version number, release date, expiration date, compatible OSs, and runtime.
DescribeUserClusterNamespacesDescribeUserClusterNamespacesYou can use Kubernetes namespaces to limit users from accessing resources in a Container Service for Kubernetes (ACK) cluster. Users that are granted Role-Based Access Control (RBAC) permissions only on one namespace cannot access resources in other namespaces. Queries the RBAC permissions that are granted to the current Resource Access Management (RAM) user or RAM role on an ACK cluster.
DescribeClusterLogsDescribeClusterLogsQueries the cluster log to help analyze cluster issues and locate the cause.
RunClusterCheckRunClusterCheckContainer Intelligence Service (CIS) provides a variety of cluster check capabilities to allow you to perform cluster update check, cluster migration check, component installation check, component update check, and node pool check. A precheck is automatically triggered before an update, migration, or installation is performed. You can perform changes only if the cluster passes the precheck. You can also manually call the RunClusterCheck operation to initiate cluster checks. We recommend that you periodically check and maintain your cluster to mitigate potential risks.
ListClusterChecksListClusterChecksYou can call the ListClusterChecks operation to query all the cluster check results of a cluster.
GetClusterCheckGetClusterCheckQueries a cluster check task by cluster ID and task ID. You can view the status, check items, creation time, and end time of the task. Container Intelligence Service (CIS) provides a variety of Kubernetes cluster check features, including cluster update check, cluster migration check, component installation check, component update check, and node pool check.
CreateClusterDiagnosisCreateClusterDiagnosisStarts a cluster diagnostic.
GetClusterDiagnosisResultGetClusterDiagnosisResultQueries cluster diagnostic results.
GetClusterDiagnosisCheckItemsGetClusterDiagnosisCheckItemsQueries cluster diagnostic items.
ModifyClusterModifyClusterYou can call the ModifyCluster operation to modify the cluster configurations by cluster ID.
MigrateClusterMigrateClusterContainer Service for Kubernetes (ACK) Pro clusters are developed based on ACK Basic clusters. ACK Pro clusters provide all benefits of ACK managed clusters, such as fully-managed control planes and control plane high availability. In addition, ACK Pro clusters provide you with enhanced reliability, security, and schedulability. ACK Pro clusters are covered by the SLA that supports compensation clauses. ACK Pro clusters are suitable for large-scale businesses that require high stability and security in production environments. We recommend that you migrate from ACK Basic clusters to ACK Pro clusters.
DescribeClusterUserKubeconfigDescribeClusterUserKubeconfigKubeconfig files store identity and authentication information that is used by clients to access Container Service for Kubernetes (ACK) clusters. To use a kubectl client to manage an ACK cluster, you need to use the corresponding kubeconfig file to connect to the ACK cluster. We recommend that you keep kubeconfig files confidential and revoke kubeconfig files that are not in use. This helps prevent data leaks caused by the disclosure of kubeconfig files.
DescribeSubaccountK8sClusterUserConfigDescribeSubaccountK8sClusterUserConfigQueries or issues the kubeconfig credentials of a Resource Access Management (RAM) user or RAM role of the account. If you are the permission manager of a Container Service for Kubernetes (ACK) cluster, you can issue the kubeconfig credentials to a specific RAM user or RAM role of the account by using the Alibaba Cloud account. The kubeconfig credentials, which are used to connect to the ACK cluster, contain the identity information about the RAM user or RAM role.
RevokeK8sClusterKubeConfigRevokeK8sClusterKubeConfigYou can call the RevokeK8sClusterKubeConfig operation to revoke the kubeconfig file of a cluster that belongs to the current Alibaba Cloud account or RAM user. After the kubeconfig file is revoked, the cluster generates a new kubeconfig file, and the original kubeconfig file becomes invalid.
UpdateK8sClusterUserConfigExpireUpdateK8sClusterUserConfigExpireSets the validity period of a kubeconfig file used by a Resource Access Management (RAM) user or RAM role to connect to a Container Service for Kubernetes (ACK) cluster. The validity period ranges from 1 to 876,000 hours. You can call this API operation when you customize configurations by using an Alibaba Cloud account. The default validity period of a kubeconfig file is three years.
ScanClusterVulsScanClusterVulsScans for vulnerabilities in a Container Service for Kubernetes (ACK) cluster, including workload vulnerabilities, third-party software vulnerabilities, CVE vulnerabilities, WebCMS vulnerabilities, and Windows vulnerabilities. We recommend that you scan your cluster on a regular basis to ensure cluster security.
DescribeClusterVulsDescribeClusterVulsQueries the security vulnerability details of a cluster by cluster ID. The details include vulnerability name, vulnerability type, and vulnerability severity. We recommend that you scan your cluster on a regular basis to ensure cluster security.

Node Pool

APITitleDescription
CreateClusterNodePoolCreateClusterNodePoolCreates a node pool for a Container Service for Kubernetes (ACK) cluster. You can use node pools to facilitate node management. For example, you can schedule, configure, or maintain nodes by node pool, and enable auto scaling for a node pool. We recommend that you use a managed node pool, which can help automate specific O\\\\\\&M tasks for nodes, such as Common Vulnerabilities and Exposures (CVE) patching and node repair. This reduces your O\\\\\\&M workload.
DeleteClusterNodepoolDeleteClusterNodepoolnull
DescribeClusterNodePoolDetailDescribeClusterNodePoolDetailYou can call the DescribeClusterNodePoolDetail.html operation to query the details about a node pool in a cluster by node pool ID.
DescribeClusterNodePoolsDescribeClusterNodePoolsQueries the information about all node pools in a cluster.
DescribeNodePoolVulsDescribeNodePoolVulsQueries the vulnerability information of a node pool, such as vulnerability names and severity levels, by specifying the ID of the node pool. We recommend that you periodically scan node pools for vulnerabilities to enhance cluster security.
ModifyClusterNodePoolModifyClusterNodePoolYou can call the ModifyClusterNodePool operation to modify the configuration of a node pool with the specified node pool ID.
ScaleClusterNodePoolScaleClusterNodePoolScales out a node pool.
AttachInstancesToNodePoolAttachInstancesToNodePoolAdds existing nodes to a specific node pool. You can add existing ECS instances to a specific node pool in a Container Service for Kubernetes (ACK) cluster as worker nodes. You can also add removed worker nodes back to the node pool.
RemoveNodePoolNodesRemoveNodePoolNodesRemoves nodes from a node pool.
UpgradeClusterNodepoolUpgradeClusterNodepoolYou can call the UpgradeClusterNodepool operation to update the Kubernetes version, OS version, or container runtime version of the nodes in a node pool.
RepairClusterNodePoolRepairClusterNodePoolRepairs a node pool.
FixNodePoolVulsFixNodePoolVulsPatches node vulnerabilities in a node pool to enhance node security. Cloud Security provided by Alibaba Cloud periodically scans Elastic Compute Service (ECS) instances for vulnerabilities and provides suggestions on how to patch the detected vulnerabilities. Vulnerability patching may require node restarts. Make sure that your cluster has sufficient idle nodes for node draining.
ModifyNodePoolNodeConfigModifyNodePoolNodeConfigModifies the configuration of a node pool, such as the kubelet configuration and node rolling update configuration. After you modify the node pool configuration, nodes are batch updated and the kubelet on each node is restarted. This may adversely affect the nodes and workloads. We recommend that you perform this operation during off-peak hours.
SyncClusterNodePoolSyncClusterNodePoolSynchronizes the information about a node pool, including the metadata and node information of the node pool.
DescribeClusterAttachScriptsDescribeClusterAttachScriptsQueries the scripts used to add existing nodes to a Container Service for Kubernetes (ACK) cluster. ACK allows you to manually add existing Elastic Compute Service (ECS) instances to an ACK cluster as worker nodes or re-add worker nodes that you remove from the cluster to a node pool.
CreateAutoscalingConfigCreateAutoscalingConfigCreates a scaling configuration to allow the system to scale resources based on the given scaling rules. When you create a scaling configuration, you can specify the scaling metrics, thresholds, scaling order, and scaling interval.

Node

APITitleDescription
DescribeClusterNodesDescribeClusterNodesnull
DeleteClusterNodesDeleteClusterNodesRemoves nodes from a Container Service for Kubernetes (ACK) cluster. When you remove nodes, you can specify whether to release the Elastic Compute Service (ECS) instances and drain the nodes. When you remove nodes, pods on the nodes are migrated. This may adversely affect your businesses. We recommend that you back up data and perform this operation during off-peak hours.

Add-ons

APITitleDescription
InstallClusterAddonsInstallClusterAddonsInstalls a component by specifying the name and version of the component. To enhance Kubernetes capabilities, you can install a variety of components in Container Service for Kubernetes (ACK) clusters, such as fully-managed core components and application, logging and monitoring, network, storage, and security group components.
UnInstallClusterAddonsUnInstallClusterAddonsUninstalls components that you no longer need from a cluster. You must specify the name of the components and specify whether to release associated Alibaba Cloud resources from the cluster.
DescribeAddonsDescribeAddonsYou can call the DescribeAddons operation to query the details about all components that are supported by Container Service for Kubernetes (ACK).
DescribeClusterAddonsVersionDescribeClusterAddonsVersionYou can call the DescribeClusterAddonsVersion operation to query the details about all components in a cluster by cluster ID.
DescribeClusterAddonInstanceDescribeClusterAddonInstanceYou can call the DescribeClusterAddonInstance operation to query the information about a cluster component, including the version, status, and configuration of the component.
ListAddonsListAddonsQueries the available components based on specific conditions such as the region, cluster type, cluster subtype defined by cluster profile, and cluster version and queries the detailed information about a component. The information includes whether the component is managed, the supported custom parameter schema, and compatible operating system architecture.
ListClusterAddonInstancesListClusterAddonInstancesQueries the component instances that are running in the specified cluster and the information about the component instances. The information includes the component version and status.
GetClusterAddonInstanceGetClusterAddonInstanceYou can call the GetClusterAddonInstance operation to query the information of a component instance in a cluster, including the version, configurations, and log status of the component instance.
DescribeAddonDescribeAddonQueries the information about a component based on specific conditions such as the region, cluster type, cluster subtype defined by cluster profile, cluster version, and component name. The information includes whether the component is managed, the component type, supported custom parameter schema, compatible operating system architecture, and earliest supported cluster version.
ModifyClusterAddonModifyClusterAddonModifies the configuration of a cluster component. This operation may affect your businesses. We recommend that you assess the impact, back up data, and perform the operation during off-peak hours.
DescribeClusterAddonMetadataDescribeClusterAddonMetadataYou can call the DescribeClusterAddonMetadata operation to query the metadata of a component version. The metadata includes the component version and available parameters.
UpgradeClusterAddonsUpgradeClusterAddonsUpdates cluster components to use new features and patch vulnerabilities. You must update cluster components one after one and update a component only after the previous one is successfully updated. Before you update a component, we recommend that you read the update notes for each component. Cluster component updates may affect your businesses. Assess the impact, back up data, and perform the update during off-peak hours.
DescribeClusterAddonsUpgradeStatusDescribeClusterAddonsUpgradeStatusYou can call the DescribeClusterAddonsUpgradeStatus operation to query the update progress of a component by component name.

Upgrade

APITitleDescription
UpgradeClusterUpgradeClusterYou can call the UpgradeCluster operation to upgrade a cluster by cluster ID.
GetUpgradeStatusGetUpgradeStatusYou can call the GetUpgradeStatus operation to query the update progress of a cluster by cluster ID.
PauseClusterUpgradePauseClusterUpgradeYou can call the PauseClusterUpgrade operation to pause the update of a Container Service for Kubernetes (ACK) cluster.
CancelClusterUpgradeCancelClusterUpgradeYou can call the CancelClusterUpgrade operation to cancel the update of a cluster.
ResumeUpgradeClusterResumeUpgradeClusterYou can call the ResumeUpgradeCluster operation to resume the update of a cluster by cluster ID.

Permissions

APITitleDescription
DescribeUserPermissionDescribeUserPermissionIn an Container Service for Kubernetes (ACK) cluster, you can create and specify different Resource Access Management (RAM) users or roles to have different access permissions. This ensures access control and resource isolation. You can call the DescribeUserPermission operation to query the permissions that are granted to a RAM user or RAM role on ACK clusters, including the resources that are allowed to access, the scope of the permissions, the predefined role, and the permission source.
GrantPermissionsGrantPermissionsUpdates the role-based access control (RBAC) permissions of a Resource Access Management (RAM) user or RAM role. By default, you do not have the RBAC permissions on a Container Service for Kubernetes (ACK) cluster if you are not the cluster owner or you are not using an Alibaba Cloud account. You can call this operation to specify the resources that can be accessed, permission scope, and predefined roles. This helps you better manage the access control on resources in ACK clusters.
UpdateUserPermissionsUpdateUserPermissionsUpdates the role-based access control (RBAC) permissions of a Resource Access Management (RAM) user or RAM role. By default, you do not have the RBAC permissions on a Container Service for Kubernetes (ACK) cluster if you are not the cluster owner or you are not using an Alibaba Cloud account. You can call this operation to specify the resources that can be accessed, permission scope, and predefined roles. This helps you better manage the access control on resources in ACK clusters.

Template

APITitleDescription
CreateTemplateCreateTemplateCreates an orchestration template. An orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can use orchestration templates to manage resources in Kubernetes clusters and automate resource deployment, such as pods, Services, Deployments, ConfigMaps, and persistent volumes (PVs).
DescribeTemplateAttributeDescribeTemplateAttributeAn orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can call the DescribeTemplates API operation to query orchestration templates and their detailed information, including access permissions, YAML content, and labels.
DescribeTemplatesDescribeTemplatesAn orchestration template defines and describes a group of Kubernetes resources. It declaratively describes the configuration of an application or how an application runs. You can call the DescribeTemplates API operation to query orchestration templates and their detailed information, including access permissions, YAML content, and labels.
UpdateTemplateUpdateTemplateUpdates the configurations of an orchestration template. An orchestration template defines and describes a group of Container Service for Kubernetes (ACK) resources. An orchestration template describes the configurations of an application or how an application runs in a declarative manner.
DeleteTemplateDeleteTemplateDeletes the orchestration templates that you no longer need.

Trigger

APITitleDescription
CreateTriggerCreateTriggerCreates a trigger for an application to redeploy the application pods when specific conditions are met.
DeleteTriggerDeleteTriggerDeletes an application trigger.
DescribeTriggerDescribeTriggerQueries triggers that match specific conditions.

Labels

APITitleDescription
ListTagResourcesListTagResourcesQueries resource labels and the detailed information, such as the key-value pairs of the labels and the clusters to which the labels are added. You can use labels to classify and manage Container Service for Kubernetes (ACK) clusters in order to meet monitoring, cost analysis, and tenant isolation requirements.
TagResourcesTagResourcesYou can add labels in key-value pairs to clusters. This allows cluster developers or O\\\&M engineers to classify and manage clusters in a more flexible manner. This also meets the requirements for monitoring, cost analysis, and tenant isolation. You can call the TagResources operation to add labels to a cluster.
UntagResourcesUntagResourcesIf you no longer need the labels (key-value pairs) of a cluster, you can call the UntagResources operation to delete the labels.
ModifyClusterTagsModifyClusterTagsYou can add labels in key-value pairs to clusters. This allows cluster developers or O\\\&M engineers to classify and manage clusters in a more flexible manner. This also meets the requirements for monitoring, cost analysis, and tenant isolation. You can call the ModifyClusterTags operation to modify the labels of a cluster.

Logs

APITitleDescription
UpdateControlPlaneLogUpdateControlPlaneLogModifies the log configurations of control plane components. The configurations include the log retention period and components whose logs that you want to collect. Container Service for Kubernetes (ACK) managed clusters can collect the logs of control plane components and deliver the logs to projects in Simple Log Service. These control plane components include Kube-apiserver, kube-scheduler, Kubernetes controller manager, and cloud controller manager (CCM).
CheckControlPlaneLogEnableCheckControlPlaneLogEnableQueries the current log configuration of control plane components, including the log retention period and the log collection component. Container Service for Kubernetes (ACK) managed clusters can collect the logs of control plane components and deliver the logs to projects in Simple Log Service. These control plane components include Kube API Server, Kube Scheduler, Kube Controller Manager, and Cloud Controller Manager.

Event

APITitleDescription
DescribeEventsForRegionDescribeEventsForRegionQueries all events in a specified region.
DescribeEventsDescribeEventsQueries the detailed information about a type of events, including the severity level, status, and time. Events are generated when clusters are created, modified, and updated, node pools are created and scaled out, and components are installed.
DescribeClusterEventsDescribeClusterEventsQueries events and event details in a Container Service for Kubernetes (ACK) cluster, including the severity level, status, and start time of each event. Events are generated when clusters created, modified, and updated, node pools are created and scaled out, and components are installed.

Task

APITitleDescription
DescribeTaskInfoDescribeTaskInfoQueries detailed information about a task, such as the task type, status, and progress.
PauseTaskPauseTaskPauses an on-going task.
ResumeTaskResumeTaskResumes a task.
CancelTaskCancelTaskCancels the execution of a cluster task.
DescribeClusterTasksDescribeClusterTasksQueries tasks in a Container Service for Kubernetes (ACK) cluster.

Policies

APITitleDescription
DeletePolicyInstanceDeletePolicyInstanceDeletes policy instances in a Container Service for Kubernetes (ACK) cluster.
ModifyPolicyInstanceModifyPolicyInstanceUpdates a policy in a specific Container Service for Kubernetes (ACK) cluster. You can modify the action of the policy such as alerting or denying and namespaces to which the policy applies.
DescribePoliciesDescribePoliciesQueries a list of security policies. Container Service for Kubernetes (ACK) clusters offer a variety of built-in container security policies, such as Compliance, Infra, K8s-general, and pod security policy (PSP). You can use these policies to ensure the security of containers running in a production environment.
DescribePolicyDetailsDescribePolicyDetailsQueries the detailed information about a policy. The information includes the content, action, and severity level of the policy. Container Service for Kubernetes (ACK) provides the following types of predefined security policies: Compliance, Infra, K8s-general, and pod security policy (PSP). These policies ensure that containers are running in the production environment in a secure manner.
DescribePolicyGovernanceInClusterDescribePolicyGovernanceInClusterContainer Service for Kubernetes (ACK) clusters offer a variety of built-in container security policies, such as Compliance, Infra, K8s-general, and pod security policy (PSP). You can use these policies to ensure the security of containers running in a production environment. You can call the DescribePolicyGovernanceInCluster operation to query the details of policies for an ACK cluster. For example, you can query the number of policies that are enabled per severity level, the audit logs of policies, and the blocking and alerting information.
DescribePolicyInstancesDescribePolicyInstancesQueries the detailed information about policy instances of the specified type in a Container Service for Kubernetes (ACK) cluster, such as the policy description and severity level. You can choose a type of security policy for an ACK cluster, specify the action and applicable scope of the policy, and then create and deploy a policy instance.
DescribePolicyInstancesStatusDescribePolicyInstancesStatusQueries the deployment of policy instances in the current Container Service for Kubernetes (ACK) cluster, including the number of policy instances of each type and the number of policy types of each severity level.
DeployPolicyInstanceDeployPolicyInstanceDeploys a policy in the specified namespaces of a specific Container Service for Kubernetes (ACK) cluster. You can create and deploy a security policy by specifying the policy type, action of the policy such as alerting or denying, and namespaces to which the policy applies.

Others

APITitleDescription
DescribeUserQuotaDescribeUserQuotaQueries quotas related to Container Service for Kubernetes (ACK) clusters, node pools, and nodes. To increase a quota, submit an application in the Quota Center console.
ListOperationPlansListOperationPlansQueries the auto O\\\&M schedules of a cluster.
CancelOperationPlanCancelOperationPlanYou can call the CancelOperationPlan operation to cancel a pending auto O\\\\\\\\\\&M plan.