Creates a VNode to connect self-managed Kubernetes clusters to elastic container instances.
Operation description
- When you call this operation to create a virtual node, the system automatically creates a service-linked role AliyunServiceRoleForECIVnode. This way, you can use the service-linked role to access relevant cloud services such as Elastic Container Instance, Elastic Compute Service (ECS), and Virtual Private Cloud (VPC). For more information, see Service-linked role for virtual nodes.
- You are charged for virtual nodes based on number of virtual nodes that you use. Each virtual node has a resident node, which is equivalent to an ECI instance with 2 vCPU cores and 8 GiB memory. You are charged for virtual nodes based on elastic container instances.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| eci:CreateVirtualNode | create | *VirtualNode acs:eci:{#regionId}:{#accountId}:virtualnode/* |
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| RegionId | string | Yes | The region ID of the virtual node. | cn-hangzhou |
| ZoneId | string | No | The zone ID of the VNode. | cn-hangzhou-b |
| SecurityGroupId | string | Yes | The ID of the security group. The VNode and the elastic container instances in the VNode are added to the security group. | sg-2ze81zoc3yl7a3we**** |
| VSwitchId | string | Yes | The ID of the vSwitch. The vSwitch is connected to the VNode and the elastic container instances in the VNode. You can specify 1 to 10 vSwitches for a VPC. | vsw-2ze23nqzig8inprou**** |
| VirtualNodeName | string | No | The name of the VNode. The name must be 2 to 128 characters in length, and can contain lowercase letters, digits, periods (.), and hyphens (-). | testNode |
| ResourceGroupId | string | No | The ID of the resource group. | rg-uf66jeqopgqa9hdn**** |
| ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must ensure that the value is unique among different requests. The token can only contain ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence. | 123e4567-e89b-12d3-a456-426655440000 |
| EnablePublicNetwork | boolean | No | Specifies whether to enable Internet access for the VNode. Default value: false. If the value of this parameter is true, the VNode exposes a public IP address to external services. | false |
| EipInstanceId | string | No | The ID of the elastic IP address (EIP). | eip-uf66jeqopgqa9hdn**** |
| KubeConfig | string | No | The KubeConfig of the Kubernetes cluster with which the VNode is connected. The value must be Base64-encoded. | JTVDbmFwaVZlcnNpb24lM0ElMjB2MSU1Q25jbHVzdGVycyUzQSU1Q24tJTIwY2x1c3RlciUzQSU1Q24uLi****** |
| CustomResources | string | No | The custom resources that are supported by the virtual node. If a custom resource is specified in the request of an Elastic Container Instance pod, the pod is scheduled to run on the virtual node that supports the custom resource. You can use the Resource name = Number of resources format to specify custom resources. Separate multiple resources with commas (,). | example1.com=100,example2.com=200 |
| ClusterDomain | string | No | The domain name of the cluster. If this parameter is specified, in addition to the search domain of the host, Kubelet configures all containers to search for the specified domain name. | example.com |
| ClusterDNS | string | No | The IP address of the DNS server. If dnsPolicy=ClusterFirst is configured for the Elastic Container Instance pod, Elastic Container Instance uses the configuration to provide DNS services to containers. You can configure multiple IP addresses. Separate multiple IP addresses with commas (,). | 100.1.XX.XX |
| Tag | array<object> | No | The tags to add to the VNode. You can add up to 20 tags. | |
| object | No | The information about the tag. | ||
| Key | string | No | The tag key. | name |
| Value | string | No | The tag value. | test |
| Taint | array<object> | No | The taints of the VNode. You can configure up to 20 taints. | |
| object | No | The information about a taint of the VNode. | ||
| Key | string | No | The key of the taint. | testKey |
| Value | string | No | The value of the taint. | testValue |
| Effect | string | No | The effect of the taint. Valid values:
| NoSchedule |
| TlsBootstrapEnabled | boolean | No | Specifies whether to enable TLS bootstrapping. If you set this parameter to true, use the KubeConfig certificate for TLS bootstrapping. Valid values:
Default value: false. | false |
Response parameters
Examples
Sample success responses
JSONformat
{
"RequestId": "89164E78-FC82-4684-BE97-DCDD85D26546",
"VirtualNodeId": "vnd-2ze960zkdqrldeaw****"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | Account.Arrearage | Your account has an outstanding payment. | Your account has an outstanding payment. |
| 400 | DryRunOperation | Request validation has been passed with DryRun flag set. | Request validation has been passed with DryRun flag set. |
| 400 | InvalidParameter.CPU.Memory | The specified cpu and memory are not allowed | - |
| 400 | InvalidParameter.DuplicatedName | The container group include containers with duplicate names. | - |
| 400 | InvalidParameter.DuplicatedVolumeName | The container group includes volumes with duplicate names. | The container group includes volumes with duplicate names. |
| 400 | IncorrectStatus | %s | - |
| 400 | ServiceNotEnabled | %s | You have not activated the service that is required for processing this request. |
| 400 | ImageSnapshot.IncorrectStatus | %s | The status of the specified snapshot is invalid. |
| 400 | ImageSnapshot.NotSupport | %s | Image caching based on data disk snapshots is not available for all users. If you want to enable this function, contact us. |
| 400 | DiskVolume.NotSupport | The disk volume is not supported. | Disk volume does not support your structure. If you want to enable this function, contact us. |
| 400 | RamRole.NotSupport | The RAM role is not supported. | The RAM role is not supported. |
| 400 | DiskNumber.LimitExceed | The maximum number of disks in an instance is exceeded. | The maximum number of disks in an instance is exceeded. |
| 400 | InvalidPaymentMethod.InsufficientBalance | No payment method is specified for your account. We recommend that you add a payment method or add funds to the prepayment balance. | No payment method is specified for your account. We recommend that you add a payment method or add funds to the prepayment balance. |
| 400 | DiskVolume.NotInSameZone | The instance to be created and the disk are not in the same zone. | The instance to be created and the disk are not in the same zone. |
| 400 | NoPermission | You are not authorized to use the "Product on ECI" feature. | - |
| 400 | HighCpuMemConfigRequired | You need to apply to be added to the whitelist of the specified CPU and memory. | You need to apply to be added to the whitelist of the specified CPU and memory. |
| 400 | RecommendEmpty.InstanceTypeFamilyNotMatched | The recommended instance type is unavailable in the current zone. Try again later. | - |
| 400 | LocalDiskAmountNotMatch | The number of local volumes does not match the instance type. | - |
| 400 | Payfor.CreditPayInsufficientBalance | Your payment credit line is insufficient. | Your payment credit line is insufficient. |
| 400 | InvalidOperation.KMS.InstanceTypeNotSupport | The specified instance is invalid. Only I/O optimized instances support KMS key. | The specified instance is invalid. Only I/O optimized instances support KMS key. |
| 400 | InvalidParameter.Encrypted.KmsNotEnabled | KMS must be enabled for encrypted disks. | - |
| 400 | InvalidParameter.KMS.EncryptedIllegal | After configuring the parameter KmsKeyId, you must enable encryption. | After configuring the parameter KmsKeyId, you must enable encryption. |
| 400 | Ipv6AddressNotSupportVsw | IPv6 is not supported in the specified vSwitch. | - |
| 400 | EipAddressPoolIpNotEnough | The ip address of specified PublicIpAddressPool is not enough. | - |
| 400 | VnodeDedicatedHostIdAlreadyExist | DedicatedHostId:%s of Vnode:%s already exists. | - |
| 400 | DedicatedHostQuotaExceeded | The quota of DedicatedHost is exceeded. | - |
| 403 | OperationDenied.VswZoneMisMatch | The specified VSwitchId is not in the specified Zone. | - |
| 403 | QuotaExceeded | %s quota exceeded. | - |
| 403 | Zone.NotOnSale | The specified zone is not available for purchase. | - |
| 403 | Forbidden.RiskControl | This operation has been identified as an abnormal operation and cannot be processed. | - |
| 403 | Forbidden.SubUser | The specified action is not available for you. | The specified action is not available for you. |
| 403 | Forbidden.OnlyForInvitedTest | Eci create action is only open to invited users during public beta. | Eci create action is only open to invited users during public beta. |
| 403 | OperationDenied.SecurityGroupMisMatch | The specified VSwitchId and SecurityGroupId are not in the same VPC. | The specified VSwitchId and SecurityGroupId are not in the same VPC. |
| 403 | InvalidVSwitchId.IpNotEnough | The specified VSwitch does not have enough IP addresses. | - |
| 403 | Forbidden.UserBussinessStatus | This operation is not allowed, because you have overdue bills. Pay the overdue bill and try again. | - |
| 403 | Forbidden.UserNotRealNameAuthentication | This operation is not allowed, because you have not passed the real-name verification. | - |
| 403 | InvalidUser.PassRoleForbidden | The RAM user is not authorized to assume a RAM role. | The RAM user is not authorized to assume a RAM role. |
| 403 | NoPermission | The RAM role does not belong to ECS. | - |
| 403 | OperationDenied.NoStock | Sales of this resource are temporarily suspended in the specified zone. We recommend that you use the multi-zone creation function to avoid the risk of insufficient resource. For more information, see https://help.aliyun.com/document_detail/157290.html | - |
| 403 | InvalidParameter.KMS.KeyId.Forbidden | You are not authorized to access the specified KMSKeyId. | You are not authorized to access the specified KMSKeyId. |
| 403 | NoPermission | The RAM role AliyunECIContainerGroupRole does not belong to eci.aliyuncs.com. Please check and try again. | - |
| 403 | Forbidden.AccountClosed | The operation is forbidden. Your account has been closed. | - |
| 403 | InvalidOperation.ResourceManagedByCloudProduct | The operation is forbidden. The security group has been managed by another cloud product. | - |
| 403 | Spot.NotMatched | %s. We recommend that you use the create multi-zone function to avoid insufficient inventory. For more information, see https://help.aliyun.com/document_detail/157290.html | - |
| 403 | SecurityRisk.3DVerification | We have detected a security risk with your default credit or debit card. Please proceed with verification via the link in your email. | - |
| 403 | CreateServiceLinkedRole.Denied | Please make sure the account has ram:CreateServiceLinkedRole permission. | Please make sure the account has ram:CreateServiceLinkedRole permission. |
| 404 | ImageSnapshot.NotFound | The specified snapshot does not exist. | - |
| 404 | InvalidDiskId.NotFound | The specified disk does not exist. | - |
| 404 | InvalidParameter.KMS.KeyId.NotFound | The specified KMSKeyId does not exist. | The specified KMSKeyId does not exist. |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation |
|---|---|---|
| 2023-07-03 | The Error code has changed. The request parameters of the API has changed | View Change Details |
| 2023-06-13 | The Error code has changed | View Change Details |
| 2021-09-06 | Add Operation | View Change Details |