You can call the CreateCluster operation to create a Container Service for Kubernetes (ACK) managed cluster that supports sandboxed containers.
Debugging
Request syntax
POST /clusters HTTP/1.1
Content-Type:application/json
{
"addons" : [ {
"name" : "String",
"config" : "String",
"disabled" : Boolean
} ],
"cloud_monitor_flags" : Boolean,
"cluster_type" : "String",
"container_cidr" : "String",
"cpu_policy" : "String",
"deletion_protection" : Boolean,
"disable_rollback" : Boolean,
"endpoint_public_access" : Boolean,
"is_enterprise_security_group" : Boolean,
"key_pair" : "String",
"kubernetes_version" : "String",
"login_password" : "String",
"name" : "String",
"node_cidr_mask" : "String",
"node_port_range" : "String",
"num_of_nodes" : Long,
"pod_vswitch_ids" : [ "String" ],
"proxy_mode" : "String",
"region_id" : "String",
"runtime" : {
"name" : "String",
"version" : "String"
},
"service_cidr" : "String",
"security_group_id" : "String",
"snat_entry" : Boolean,
"ssh_flags" : Boolean,
"tags" : [ {
"key" : "String",
"value" : "String"
} ],
"taints" : [ {
"key" : "String",
"value" : "String",
"effect" : "String"
} ],
"timeout_mins" : Long,
"user_data" : "String",
"vpcid" : "String",
"vswitch_ids" : [ "String" ],
"worker_auto_renew" : Boolean,
"worker_auto_renew_period" : Long,
"worker_data_disks" : [ {
"category" : "String",
"size" : Long,
"encrypted" : "String",
"auto_snapshot_policy_id" : "String"
} ],
"worker_vswitch_ids" : [ "String" ],
"worker_instance_types" : [ "String" ],
"worker_system_disk_category" : "String",
"worker_system_disk_size" : Long,
"worker_instance_charge_type" : "String",
"worker_period_unit" : "String",
"worker_period" : Long,
"zone_id" : "String"
}
Request parameters
Table 1. Request body parameters
Parameter | Type | Required | Example | Description |
addons | Array | Yes | [{"name": "terway-eniip","config": ""}, {"name": "logtail-ds","config": "{\"IngressDashboardEnabled\":\"true\",\"sls_project_name\":\"your_sls_project_name\"}"}, {"name":"nginx-ingress-controller","config":"{\"IngressSlbNetworkType\":\"internet\"}"}] | The list of add-ons to be installed.
|
cloud_monitor_flags | Boolean | No | true | Specifies whether to install the CloudMonitor agent. Valid values:
Default value: |
cluster_type | String | Yes | ManagedKubernetes | The type of the instance. If you want to create an ACK managed cluster that supports sandboxed containers, set the value to |
container_cidr | String | No | 172.20.0.0/16 | The CIDR block of pods. This CIDR block cannot overlap with the CIDR block of the VPC in which the cluster is deployed. If the VPC is automatically created by the system, the CIDR block of pods is set to 172.16.0.0/16 by default. This parameter is required if the cluster uses the Flannel plug-in. |
cpu_policy | String | No | none | The CPU management policy of the nodes in the cluster. The following policies are supported if the Kubernetes version of the cluster is 1.12.6 or later.
Default value: |
deletion_protection | Boolean | No | true | Specifies whether to enable deletion protection for the cluster. After deletion protection is enabled, the cluster cannot be deleted in the ACK console or by calling API operations. Valid values:
Default value: |
disable_rollback | Boolean | No | true | Specifies whether to perform a rollback when the cluster fails to be created. Valid values:
Default value: |
endpoint_public_access | Boolean | No | true | Specifies whether to enable Internet access for the API server. Valid values:
Default value: |
is_enterprise_security_group | Boolean | No | true | Specifies whether to create an advanced security group. This parameter takes effect only if security_group_id is left empty. You must specify an advanced security group for a cluster that has Terway installed.
Default value: |
key_pair | String | Yes | security-key | The name of the key pair. You must set this parameter or the |
kubernetes_version | String | No | 1.16.9-aliyun.1 | The Kubernetes version of the cluster. The Kubernetes versions supported by Container Service are the same as the Kubernetes versions supported by open source Kubernetes. We recommend that you specify the latest Kubernetes version. If you do not set this parameter, the latest Kubernetes version is queried. You can create clusters of the latest two Kubernetes versions in the ACK console. You can create clusters of earlier Kubernetes versions by calling API operations. For more information about the Kubernetes versions supported by ACK, see Overview of Kubernetes versions supported by ACK. |
login_password | String | Yes | Hello@1234 | The password for SSH logon. You must set this parameter or the |
name | String | Yes | cluster-demo | The name of the cluster. The name must be 1 to 63 characters in length, and can contain digits, letters, and hyphens (-). The name cannot start with a hyphen (-). |
node_cidr_mask | String | No | 25 | The maximum number of IP addresses that can be assigned to each node. This number is determined by the specified pod CIDR block. This parameter takes effect only if the cluster uses the Flannel plug-in. Default value: 25 |
node_port_range | String | No | 30000~32767 | The node port range. Valid values: 30000 to 65535. |
num_of_nodes | Long | Yes | 3 | The number of worker nodes. Valid values: 0 to 100. |
pod_vswitch_ids | Array of String | No | vsw-2ze97jwri7cei0mpw**** | The list of pod vSwitches. Note The For each vSwitch that is allocated to nodes, you must specify at least one pod vSwitch in the same zone. The pod vSwitches cannot be the same as the node |
proxy_mode | String | No | ipvs | The kube-proxy mode. Valid values: Default value: |
region_id | String | Yes | cn-beijing | The ID of the region in which you want to deploy the cluster. |
runtime | Yes | {"name": "Sandboxed-Container.runv", "version": "2.2.0"} | The container runtime. Valid values:
You must specify the name and version of the container runtime:
Important Set the value to The version of the container runtime. By default, the latest version is used. For more information about the release notes for Sandboxed-Container, see Release notes for Sandboxed-Container. | |
security_group_id | String | No | sg-bp1bdue0qc1g7k**** | The ID of the existing security group that is specified for the cluster. Nodes in the cluster are automatically added to the specified security group. You must set this parameter or the |
service_cidr | String | Yes | 172.21.0.0/20 | The CIDR block of Services. This CIDR block cannot overlap with the CIDR block of pods or the CIDR block of the VPC in which the cluster is deployed. If the VPC is automatically created by the system, the default CIDR block of Services is 172.19.0.0/20. |
snat_entry | Boolean | No | true | Specifies whether to configure SNAT rules for the VPC in which your cluster is deployed.
If your applications deployed in the cluster need to access the Internet, we recommend that you set the value to Default value: |
ssh_flags | Boolean | No | true | Specifies whether to enable SSH logon over the Internet. Valid values:
Default value: |
tags | Array | No | The tags of the cluster. | |
key | String | No | env | The key of the label. |
value | String | No | prod | The value of the label. |
taints | Array | No | The taints that you want to add to nodes. Taints are added to nodes to prevent pods from being scheduled to inappropriate nodes. However, tolerations allow pods to be scheduled to nodes with matching taints. For more information, see taint-and-toleration. | |
effect | String | No | NoSchedule | The scheduling policy. Valid values:
|
key | String | No | disk_type | The key of the taint. |
value | String | No | sshd | The value of the taint. |
timeout_mins | Long | No | 60 | The timeout period of cluster creation. Unit: minutes. Default value: 60 |
user_data | String | No | IyEvdXNyL2Jpbi9iYXNoCmVjaG8gIkhlbGxvIEFD**** | The user-defined data on the node. For more information, see Instance user data. |
vpcid | String | Yes | vpc-2zeik9h3ahvv2zz95**** | The ID of the VPC in which you want to deploy the cluster. |
vswitch_ids | Array of String | Yes | vsw-2ze48rkq464rsdts1****" | The IDs of vSwitches. |
worker_auto_renew | Boolean | No | true | Specifies whether to enable auto-renewal for worker nodes. This parameter takes effect only if
Default value: |
worker_auto_renew_period | Long | No | 1 | The cycle of auto-renewal. This parameter takes effect and is required only if the subscription billing method is selected for worker nodes. Valid values: 1, 2, 3, 6, and 12. |
worker_data_disks | Array | Yes | The configuration of the data disk that is mounted to worker nodes. The configuration includes the disk type and disk size. | |
auto_snapshot_policy_id | String | No | sp-bp14j6w7ss6ozz**** | The ID of the automatic snapshot policy. |
category | String | No | cloud_ssd | The type of data disk that is mounted to worker nodes. Valid values:
Default value: |
encrypted | String | No | false | Specifies whether to encrypt the data disk. Valid values:
Default value: |
size | String | Yes | 200 | The size of the data disk. Unit: GiB. Valid values:
Note You must mount at least one data disk to nodes that run sandboxed containers. The data disk must be at least 200 GiB in size. |
worker_instance_charge_type | String | Yes | PrePaid | The billing method of worker nodes. Valid values:
Default value: PostPaid. |
worker_instance_types | Array of String | Yes | ecs.ebmg5s.24xlarge | The instance types of worker nodes. Important To create a cluster that supports sandboxed containers, you must select ECS Bare Metal instances. |
worker_period | Long | No | 1 | The subscription duration of worker nodes. This parameter takes effect and is required only if Default value: 1. |
worker_period_unit | String | No | Month | The billing cycle of worker nodes. This parameter is required if worker_instance_charge_type is set to |
worker_system_disk_category | String | No | cloud_efficiency | The type of system disk that is specified for worker nodes. Valid values:
Default value: cloud_ssd |
worker_system_disk_size | Long | No | 120 | The size of the system disk that you want to use for worker nodes. Unit: GiB. Valid values: 40 to 500 Note If you use a custom image, set the parameter to a value that is equal to or greater than the larger value between 40 and the size of the custom image. Default value: |
worker_vswitch_ids | Array of String | No | vsw-2ze3ds0mdip0hdz8i**** | The list of vSwitches that are specified for nodes. Each node is allocated a vSwitch. |
zone_id | String | No | cn-beijing-b | The ID of the zone in which the cluster is deployed. |
resource_group_id | String | No | rg-acfm3mkrure**** | The ID of the resource group to which the cluster belongs. You can use this parameter to isolate different clusters. |
Response syntax
HTTP/1.1 200
Content-Type:application/json
{
"cluster_id" : "String",
"request_id" : "String",
"task_id" : "String"
}
Response parameters
Table 2. Response body parameters
Parameter | Type | Example | Description |
cluster_id | String | cb95aa626a47740afbf6aa099b650**** | The ID of the cluster. |
request_id | String | 687C5BAA-D103-4993-884B-C35E4314A1E1 | The request ID. |
task_id | String | T-5a54309c80282e39ea00002f | The ID of the job. |
Example 1: Create an ACK managed cluster that supports sandboxed containers and uses the Flannel plug-in
Sample requests
POST /clusters
Common request headers
{
"name": "webService",
"cluster_type": "ManagedKubernetes",
"disable_rollback": true,
"timeout_mins": 60,
"kubernetes_version": "1.18.8-aliyun.1",
"region_id": "cn-hangzhou",
"snat_entry": true,
"cloud_monitor_flags": true,
"endpoint_public_access": false,
"deletion_protection": false,
"node_cidr_mask": "26",
"proxy_mode": "ipvs",
"tags": [],
"timezone": "Asia/Shanghai",
"addons": [{
"name": "flannel"
}, {
"name": "sandboxed-container-controller"
}, {
"name": "csi-plugin"
}, {
"name": "csi-provisioner"
}, {
"name": "logtail-ds",
"config": "{\"IngressDashboardEnabled\":\"true\"}"
}, {
"name": "ack-node-problem-detector",
"config": "{\"sls_project_name\":\"\"}"
}, {
"name": "nginx-ingress-controller",
"config": "{\"IngressSlbNetworkType\":\"internet\"}"
}, {
"name": "arms-prometheus"
}],
"runtime": {
"name": "Sandboxed-Container.runv",
"version": "2.1.0"
},
"worker_instance_types": ["ecs.ebmc5s.24xlarge"],
"num_of_nodes": 3,
"worker_system_disk_category": "cloud_essd",
"worker_system_disk_size": 120,
"worker_data_disks": [{
"category": "cloud_efficiency",
"size": "200",
"encrypted": "false",
"auto_snapshot_policy_id": ""
}],
"worker_instance_charge_type": "PostPaid",
"vpcid": "vpc-bp1gxh70jnkl12vq27jg7",
"container_cidr": "172.23.0.0/16",
"service_cidr": "172.21.0.0/20",
"vswitch_ids": ["vsw-bp1hl2o4i9z7sbmy*****"],
"login_password": "Hello1234!",
"logging_type": "SLS",
"cpu_policy": "none",
"is_enterprise_security_group": true
}
Sample success responses
XML
format
<cluster_id>cb95aa626a47740afbf6aa099b650****</cluster_id>
<task_id>T-5a54309c80282e39ea00002f</task_id>
<request_id>687C5BAA-D103-4993-884B-C35E4314A1E1</request_id>
JSON
format
{
"cluster_id": "cb95aa626a47740afbf6aa099b650****",
"task_id": "T-5a54309c80282e39ea00002f",
"request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1"
}
Example 2: Create an ACK managed cluster that supports sandboxed containers and uses the Terway plug-in
pod_vswitch_ids
is required if you create a cluster that uses the Terway plug-in.
Sample requests
POST /clusters HTTP/1.1
Common request headers
{
"name": "webService",
"cluster_type": "ManagedKubernetes",
"disable_rollback": true,
"timeout_mins": 60,
"kubernetes_version": "1.18.8-aliyun.1",
"region_id": "cn-hangzhou",
"snat_entry": true,
"cloud_monitor_flags": true,
"endpoint_public_access": false,
"deletion_protection": false,
"proxy_mode": "ipvs",
"tags": [],
"timezone": "Asia/Shanghai",
"addons": [{
"name": "terway-eniip",
"config": "{\"IPVlan\":\"false\",\"NetworkPolicy\":\"false\"}"
}, {
"name": "sandboxed-container-controller"
}, {
"name": "csi-plugin"
}, {
"name": "csi-provisioner"
}, {
"name": "logtail-ds",
"config": "{\"IngressDashboardEnabled\":\"true\"}"
}, {
"name": "ack-node-problem-detector",
"config": "{\"sls_project_name\":\"\"}"
}, {
"name": "nginx-ingress-controller",
"config": "{\"IngressSlbNetworkType\":\"internet\"}"
}, {
"name": "arms-prometheus"
}],
"pod_vswitch_ids": ["vsw-bp1e5819t8dl8ulcrpgkm"],
"runtime": {
"name": "Sandboxed-Container.runv",
"version": "2.1.0"
},
"worker_instance_types": ["ecs.ebmc5s.24xlarge"],
"num_of_nodes": 3,
"worker_system_disk_category": "cloud_essd",
"worker_system_disk_size": 120,
"worker_data_disks": [{
"category": "cloud_efficiency",
"size": "200",
"encrypted": "false",
"auto_snapshot_policy_id": ""
}],
"worker_instance_charge_type": "PostPaid",
"vpcid": "vpc-bp1gxh70jnkl12vq27jg7",
"service_cidr": "172.21.0.0/20",
"vswitch_ids": ["vsw-bp1hl2o4i9z7sbmy*****"],
"login_password": "Hello1234!",
"logging_type": "SLS",
"cpu_policy": "none",
"is_enterprise_security_group": true
}
Sample success responses
XML
format
<cluster_id>cb95aa626a47740afbf6aa099b650****</cluster_id>
<task_id>T-5a54309c80282e39ea00002f</task_id>
<request_id>687C5BAA-D103-4993-884B-C35E4314A1E1</request_id>
JSON
format
{
"cluster_id": "cb95aa626a47740afbf6aa099b650****",
"task_id": "T-5a54309c80282e39ea00002f",
"request_id": "687C5BAA-D103-4993-884B-C35E4314A1E1"
}
Error codes
For a list of error codes, see Service error codes.