CreateCluster-阿里云帮助中心

You can create ACK clusters using OpenAPI, including ACK managed clusters, ACK serverless clusters, ACK Edge clusters, and registered clusters. When creating a cluster, configure the cluster information, components, and related Alibaba Cloud resources.

Operation description

Generate OpenAPI request parameters in the console

If your CreateCluster API call fails due to an invalid combination of request parameters, you can generate a valid parameter combination directly in the console. Follow these steps:

Log on to the Container Service for Kubernetes console. In the left navigation pane, select Clusters.
On the Clusters page, click Cluster Templates.
In the dialog box, select the cluster type you want to create and click Create. Then, configure the cluster information on the cluster configuration page.
After completing the configuration, go to the Confirm Configuration page and click Equivalent Code in the upper-right corner. The dialog box displays the required parameter combination for cluster creation. Copy and use it as needed.

Important Starting July 4, 2026, some request parameters will no longer take effect. For details about the changes and replacement parameters, see Announcement on Changes and Deprecation of OpenAPI Parameters for ACK Cluster Management.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

cs:CreateCluster

create

*Cluster

acs:cs:{#regionId}:{#accountId}:cluster/*

cs:ClusterType
cs:ClusterSpec
cs:ClusterProfile
cs:EnableSecretEncryption
cs:EnableApiServerEip
cs:EnableAddonLogtailDs
cs:EnableCoreControlPlaneComponentsLog
cs:AddonNames
cs:EnableSNAT
cs:EnableNodePoolPublicIP

None

Request syntax

POST /clusters HTTP/1.1

Request parameters

Parameter	Type	Required	Description	Example
body	object	No	Request body parameters.	cluster-demo
name	string	Yes	Custom cluster name. It can contain digits, letters, Chinese characters, or hyphens (-). The name must be 1 to 63 characters long and cannot start with a hyphen (-).	cluster-demo
region_id	string	Yes	The region ID where the cluster is deployed. For more information, see Regions supported by Container Service for Kubernetes.	cn-beijing
cluster_type	string	No	`Kubernetes`: ACK dedicated cluster. `ManagedKubernetes`: ACK managed clusters, including ACK managed clusters (Pro and Basic Editions), ACK serverless clusters (Pro and Basic Editions), ACK Edge clusters (Pro and Basic Editions), and ACK LINGJUN clusters (Pro Edition). `ExternalKubernetes`: Registered cluster.	Kubernetes
cluster_spec	string	No	When `cluster_type` is set to `ManagedKubernetes` and `profile` is configured, you can further specify the cluster specification. Valid values: `ack.standard`: Basic Edition (default if left empty) `ack.pro.small`: Pro Edition `ack.pro.xlarge`: Pro XL `ack.pro.2xlarge`: Pro 2XL `ack.pro.4xlarge`: Pro 4XL (requires whitelist access from customer service) Pro XL, Pro 2XL, and Pro 4XL are three tiers provided by ACK Pro Provisioned Control Plane. These tiers pre-allocate and dedicate control plane resources to ensure consistently high API concurrency and pod scheduling performance, making them ideal for AI training/inference, ultra-large-scale clusters, and mission-critical workloads. For cluster management fees for Pro and provisioned control plane editions, see Cluster management fees.	ack.pro.small
profile	string	No	When `cluster_type` is set to `ManagedKubernetes` (ACK managed clusters), you can further specify the cluster subtype. `Default`: ACK managed cluster, including ACK clusters (Pro and Basic Editions). `Edge`: ACK Edge cluster, including ACK Edge clusters (Pro and Basic Editions). `Serverless`: ACK serverless cluster, including ACK serverless clusters (Pro and Basic Editions). `Lingjun`: ACK LINGJUN cluster, available in Pro Edition only.	Default
kubernetes_version	string	No	Cluster version, aligned with the Kubernetes community baseline version. We recommend selecting the latest version. If not specified, the latest version is used by default. You can create clusters using any of the three most recent versions. Use the DescribeKubernetesVersionMetadata API to query supported cluster versions. For more information about Kubernetes versions supported by ACK, see Overview of Kubernetes version releases.	1.32.1-aliyun.1
auto_mode	object	No	Intelligent managed mode configuration.
enable	boolean	No	Enable intelligent managed mode. true: Enable. false: Disable.	true
tags	array	No	Node labels. Label rules: Labels consist of case-sensitive key-value pairs. You can add up to 20 tags. Tag keys must be unique and up to 64 characters long. Tag values can be empty and up to 128 characters long. Neither tag keys nor tag values can start with "aliyun", "acs:", "https://", or "http://". For more information, see Labels and Selectors.
	tag	No	Node labels. Label rules: Labels consist of case-sensitive key-value pairs. You can add up to 20 tags. Tag keys must be unique and up to 64 characters long. Tag values can be empty and up to 128 characters long. Neither tag keys nor tag values can start with "aliyun", "acs:", "https://", or "http://". For more information, see Labels and Selectors.
resource_group_id	string	No	The resource group ID to which the cluster belongs, enabling resource isolation.	rg-acfm3mkrure****
deletion_protection	boolean	No	Cluster deletion protection prevents accidental deletion via the console or API. Valid values: `true`: Enable deletion protection. The cluster cannot be deleted through the console or API. `false`: Disable deletion protection. The cluster can be deleted through the console or API. Default value: `false`.	true
zone_ids	array	No	A list of zone IDs within the cluster region. This parameter applies only to ACK managed clusters.
	string	No	The zone ID within the cluster region. Virtual switches are automatically created in this zone. When creating an ACK managed cluster without specifying `vpc_id` and `vswitch_ids`, specify `zone_ids` to automatically create VPC network resources across multiple zones. This parameter is ignored if `vpc_id` and `vswitch_ids` are specified.	cn-beijing-h
vpcid	string	No	The VPC used by the cluster. You must provide this when creating the cluster.	vpc-2zeik9h3ahvv2zz95****
vswitch_ids	array	No	Virtual switches for cluster nodes. This field is required when creating a zero-node managed cluster.
	string	No	Virtual switches for cluster nodes. This field is required when creating a zero-node managed cluster.	vsw-2ze3ds0mdip0hdz8i****
ip_stack	string	No	Cluster IP stack.	可选值： ipv4（单栈） dual（双栈），默认值为ipv4。
pod_vswitch_ids `deprecated`	array	No	[Deprecated] When using the Terway network plugin, specify virtual switches to assign IP addresses to pods. Each pod virtual switch corresponds to a worker node virtual switch, and both must reside in the same zone. Note We recommend that the pod virtual switch CIDR mask not exceed /19 and must not exceed /25. Otherwise, the number of assignable pod IP addresses becomes very limited, affecting normal cluster operation.
	string	No	When using the Terway network plugin, specify virtual switches to assign IP addresses to pods. Each pod virtual switch corresponds to a worker node virtual switch, and both must reside in the same zone. Note We recommend that the pod virtual switch CIDR mask not exceed /19 and must not exceed /25. Otherwise, the number of assignable pod IP addresses becomes very limited, affecting normal cluster operation.	vsw-2ze97jwri7cei0mpw****
container_cidr	string	No	Pod network CIDR block. It must be a valid private CIDR block: 10.0.0.0/8, 172.16–31.0.0/12–16, or 192.168.0.0/16. It cannot overlap with the VPC or existing Kubernetes cluster CIDR blocks. This cannot be modified after cluster creation. For cluster network planning, see Network planning for ACK managed clusters. Note This field is required for Flannel clusters.	172.20.0.0/16
service_cidr	string	No	Service network CIDR block. Valid ranges: 10.0.0.0/16–24, 172.16–31.0.0/16–24, 192.168.0.0/16–24. It cannot overlap with the VPC CIDR block 10.1.0.0/21 or existing Kubernetes cluster CIDR blocks. This cannot be modified after cluster creation. Default value: 172.19.0.0/20.	172.21.0.0/20
security_group_id	string	No	Specify an existing security group ID when creating a cluster. Use either this parameter or `is_enterprise_security_group`. Cluster nodes are automatically added to this security group.	sg-bp1bdue0qc1g7k****
is_enterprise_security_group	boolean	No	Automatically create an enterprise security group when `security_group_id` is empty. Note With basic security groups, the total number of nodes and Terway pods in a cluster cannot exceed 2,000. We recommend using enterprise security groups for Terway network clusters. `true`: Create and use an enterprise security group. `false`: Use a basic security group. Default value: `true`.	true
snat_entry	boolean	No	Configure SNAT for the VPC. Valid values: `true`: Automatically create a NAT Gateway and configure SNAT rules. Set this to `true` if nodes or applications in the cluster need public network access. `false`: Do not create a NAT Gateway or SNAT rules. Nodes and applications in the cluster cannot access the public network. Note If SNAT is not enabled during cluster creation but public network access is later required, you can enable it manually. Default value: `false`.	false
control_plane_endpoints_config	object	No	Cluster connection configuration.
internal_dns_config	object	No	Internal domain name configuration for the cluster, applicable to ACK managed clusters. The internal domain name allows node-side system components like kubelet and kube-proxy to access the API Server. Without this, node-side components access the API Server via CLB IP.
bind_vpcs	array	No	VPCs where the internal domain name resolution takes effect.
	string	No	VPCs where the internal domain name resolution takes effect.	vpc-xxxx
endpoint_public_access	boolean	No	Enable public network access. Expose the API Server via EIP to allow public access. `true`: Enable public access. `false`: Disable public access. If disabled, you cannot access the cluster API Server from the public network. Default value: `false`.	true
load_balancer_id	string	No	Specify the CLB instance ID for API Server access. If specified, no new API Server CLB is automatically created. Note Ensure the CLB instance has no dependencies (such as listeners or backend servers). Shared or public CLB instances are not supported.	lb-wz9t256gqa3vbouk****
ssh_flags	boolean	No	Enable public SSH logon. Used to log on to master nodes of ACK dedicated clusters. This parameter does not take effect for managed clusters. `true`: Enable. `false`: Disable. Default value: `false`.	true
timezone	string	No	Time zone used by the cluster. See Supported time zones.	Asia/Shanghai
node_cidr_mask	string	No	Number of node IPs, determined by the CIDR mask. Applies only to Flannel network clusters. Default value: `26`.	25
proxy_mode	string	No	kube-proxy proxy mode `iptables`: Mature and stable kube-proxy mode. Uses iptables rules for Kubernetes Service discovery and load balancing. Performance is moderate and scales poorly with large numbers of Services. Suitable for clusters with few Services. `ipvs`: High-performance kube-proxy mode. Uses Linux IPVS modules for Service discovery and load balancing. Ideal for clusters with many Services requiring high-performance load balancing. `nftables`: Next-generation kube-proxy mode based on Linux nftables for Service discovery and load balancing. A modern replacement for iptables. Offers better network performance, rule update efficiency, and scalability for large Service counts. Supported only for clusters running Kubernetes 1.35 or later. The Kubernetes community deprecated IPVS starting in version 1.35. We recommend using nftables for new clusters to ensure long-term community support. Default value: `ipvs`.	ipvs
controlplane_log_ttl	string	No	Retention period (in days) for control plane component logs.	30
controlplane_log_project	string	No	Simple Log Service project for control plane component logs. You can use an existing project or let the system create one automatically. If auto-created, the project name is `k8s-log-{ClusterID}`.	k8s-log-xxx
controlplane_log_components	array	No	List of component names to specify which control plane component logs to collect. By default, logs from kube-apiserver, kube-controller-manager, kube-scheduler, and cloud-controller-manager are collected.
	string	No	List of component names to specify which control plane component logs to collect. By default, logs from kube-apiserver, kube-controller-manager, kube-scheduler, and cloud-controller-manager are collected.	["apiserver","kcm","scheduler"]
audit_log_config	object	No	Cluster audit log configuration.
enabled	boolean	No	Enable cluster audit logging. true: Enable. false: Disable.	true
sls_project_name	string	No	The SLS Project containing the Logstore for cluster audit logs. Default value: `k8s-log-{clusterid}`. Enabling audit logging creates a Logstore for audit logs in the specified SLS Project.	k8s-log-c2345xxxxxxxxxxxx
rrsa_config	object	No	RRSA feature configuration.
enabled	boolean	No	Enable RRSA. true: Enable. false: Disable.	true
cluster_domain	string	No	Cluster local domain name. Naming rules: The domain consists of one or more parts separated by dots (.). Each part can be up to 63 characters long and can contain lowercase letters, digits, and hyphens (-). Each part must start and end with a lowercase letter or digit.	cluster.local
encryption_provider_key	string	No	KMS key ID used to encrypt data disks. For more information, see Key Management Service. Note This feature applies only to professional managed clusters (ACK Pro clusters).	0fe64791-55eb-4fc7-84c5-c6c7cdca****
service_account_issuer	string	No	ServiceAccount is the access credential used by pods to communicate with the cluster API Server. The `service-account-issuer` is the issuer identity in the `serviceaccount token`, represented by the `iss` field in the `token payload`. For more information about `ServiceAccount`, see Deploy service account token volume projection.	kubernetes.default.svc
api_audiences	string	No	ServiceAccount is the access credential used by pods to communicate with the cluster API Server. The `api-audiences` specifies valid request `token` identities for `apiserver` to authenticate whether a request `token` is valid. You can configure multiple `audience` values separated by commas (,). For more information about `ServiceAccount`, see Deploy service account token volume projection.	kubernetes.default.svc
extra_sans	array	No	Custom Subject Alternative Name (SAN) for the API Server certificate.
	string	No	Certificate SAN. Supports custom IP addresses or domain names.	192.168.xx.xx
maintenance_window	maintenance_window	No	Cluster maintenance window.
operation_policy	object	No	Cluster automated operations policy.
cluster_auto_upgrade	object	No	Cluster automatic upgrade.
enabled	boolean	No	Enable cluster automatic upgrade. true: Enable. false: Disable.	true
channel	string	No	Cluster automatic upgrade frequency. Valid values: patch: Automatically upgrade to the latest patch version within the current minor version. New Kubernetes versions include no breaking changes. stable: Automatically upgrade to the latest patch version of the second-newest minor version. New Kubernetes versions may include API and feature changes but have undergone extensive stability validation. rapid: Automatically upgrade to the latest patch version of the newest minor version to quickly access new Kubernetes community features.	stable
addons	array	No	List of cluster components. Specify components to install during cluster creation using `addons`. Network components: Required. Choose between Flannel and Terway: Flannel network: [{"name":"flannel","config":""}]. Terway network: [{"name": "terway-eniip","config": ""}]. Storage components: Optional. Only `csi` is supported: `csi`: [{"name":"csi-plugin","config": ""},{"name": "csi-provisioner","config": ""}]. Logging components: Optional. We recommend enabling this. Without Simple Log Service, you cannot use cluster audit features. Use an existing `SLS Project`: [{"name": "loongcollector","config": "{"IngressDashboardEnabled":"true","sls_project_name":"your_sls_project_name"}"}]. Create a new `SLS Project`: [{"name": "loongcollector","config": "{"IngressDashboardEnabled":"true"}"}]. Ingress components: Optional. ACK dedicated clusters install the `nginx-ingress-controller` by default. Install Ingress with public access: [{"name":"nginx-ingress-controller","config":"{"IngressSlbNetworkType":"internet"}"}]. Disable default Ingress installation: [{"name": "nginx-ingress-controller","config": "","disabled": true}]. Event Hub: Optional. Enabled by default. Event Hub provides storage, querying, and alerting for Kubernetes events. The associated Logstore is free for 90 days. For more information about the free tier, see Create and use Kubernetes Event Hub. Example to enable Event Hub: [{"name":"ack-node-problem-detector","config":"{"sls_project_name":"your_sls_project_name"}"}].
	addon	No	List of cluster components. Specify components to install during cluster creation using `addons`.
nodepools	array	No	List of node pools.
	nodepool	No	Node pool configuration.
user_ca	string	No	Custom cluster CA.	-----BEGIN CERTIFICATE-----****
control_plane_config	object	No	Control plane configuration for ACK dedicated clusters.
charge_type	string	No	Payment type for control plane nodes. `PrePaid`: Subscription. `PostPaid`: Pay-as-you-go. Default value: `PostPaid`.	PostPaid
period	integer	No	Subscription duration for control plane nodes in months. Required and valid only when charge_type is `PrePaid`. Valid values: {1, 2, 3, 6, 12, 24, 36, 48, 60}. Unit: months. Default value: 1.	1
period_unit	string	No	Time unit for control plane node subscription. Required and valid only when charge_type is `PrePaid`. Valid value: `Month`. Only monthly billing is supported.	Month
auto_renew	boolean	No	Enable auto-renewal for control plane nodes. Valid only when charge_type is `PrePaid`. true: Enable auto-renewal. false: Disable auto-renewal. Default value: true.	true
auto_renew_period	integer	No	Auto-renewal duration for control plane nodes. Valid values: {1, 2, 3, 6, 12}. Unit: months. Default value: 1.	1
instance_types	array	No	Node instance types.
	string	No	Node instance type specifications.	ecs.g6.large
image_type	string	No	Operating system image type.	AliyunLinux3
image_id	string	No	Image ID.	aliyun_3_x64_20G_alibase_20240819.vhd
key_pair	string	No	Key pair name. Use either this parameter or login_password.	ack
login_password	string	No	SSH login password. Password rules: 8–30 characters, including at least three of the following: uppercase letters, lowercase letters, digits, and special characters. Use either this parameter or key_pair.	********
system_disk_category	string	No	Node system disk type. `cloud_efficiency`: Ultra disk. `cloud_ssd`: Standard SSD. `cloud_essd`: ESSD. `cloud_auto`: ESSD AutoPL. `cloud_essd_entry`: ESSD Entry. Default value: `cloud_ssd`. The default may vary by zone.	cloud_ssd
system_disk_size	integer	No	Node system disk size. Valid range: [40,500]. Unit: GiB. Default value: `120`.	120
system_disk_snapshot_policy_id	string	No	Automatic snapshot backup policy for node system disks.	sp-2zej1nogjvovnz4z****
system_disk_performance_level	string	No	Node system disk performance level. Applies only to ESSD disks. Disk performance levels depend on disk size. For more information, see ESSD.	PL1
system_disk_provisioned_iops	integer	No	Provisioned read/write IOPS for node system disks. Valid range: 0 to min{50,000, 1000 × capacity - baseline performance}. Baseline performance = min{1,800 + 50 × capacity, 50,000}. This parameter is supported only when `system_disk_category` is `cloud_auto`.	1000
system_disk_bursting_enabled	boolean	No	Enable performance burst for node system disks. true: Enable. false: Disable. This parameter is supported only when `system_disk_category` is `cloud_auto`.	true
deploymentset_id	string	No	Deployment set ID.	ds-bp10b35imuam5amw****
cloud_monitor_flags	boolean	No	Install CloudMonitor agent on nodes. true: Install CloudMonitor agent. false: Do not install CloudMonitor agent. Default value: false.	false
instance_metadata_options	InstanceMetadataOptions	No	ECS instance metadata access configuration.
soc_enabled	boolean	No	Enable MLPS 2.0 security hardening. true: Enable MLPS 2.0 security hardening. false: Disable MLPS 2.0 security hardening. Default value: false.	false
security_hardening_os	boolean	No	Enable Alibaba Cloud OS security hardening. true: Enable Alibaba Cloud OS security hardening. false: Disable Alibaba Cloud OS security hardening. Default value: false.	false
cpu_policy	string	No	Node CPU management policy. static: Enhances CPU affinity and exclusivity for pods with specific resource characteristics on the node. none: Uses the default CPU affinity scheme. Default value: none.	none
runtime	string	No	[Deprecated] Control plane node runtime name. Valid value: containerd: Containerd runtime, supported for all cluster versions.	containerd
node_port_range	string	No	[Deprecated] Node service port range.	30000-32767
size	integer	No	Number of control plane nodes. Valid values: `3` or `5`.	3
custom_san `deprecated`	string	No	[Deprecated] Use the `extra_sans` parameter instead. Custom certificate SAN. Separate multiple IP addresses or domain names with commas (,).	cs.aliyun.com
runtime `deprecated`	runtime	No	Container runtime for the cluster. Supports containerd, sandboxed container, and Docker. Note Kubernetes 1.24 no longer supports Docker as a built-in container runtime. For more information, see Comparison of Docker, containerd, and sandboxed container runtimes.
node_name_mode `deprecated`	string	No	[Deprecated] For node pool configuration, use the `node_name_mode` parameter under `kubernetes_config` in `nodepool`.	null
user_data `deprecated`	string	No	[Deprecated] Custom node data.	IyEvdXNyL2Jpbi9iYXNoCmVjaG8gIkhlbGxvIEFD****
image_id `deprecated`	string	No	[Deprecated] For control plane configuration, use the `image_id` parameter under `control_plane_config`. For node pool configuration, use the `image_id` parameter under `scaling_group` in `nodepool`. Custom node image. By default, the system image is used. When a custom image is selected, it replaces the default system image. See Custom images.	m-bp16z7xko3vvv8gt****
rds_instances `deprecated`	array	No	[Deprecated] For node pool configuration, use the `rds_instances` parameter under `scaling_group` in `nodepool`. List of RDS instances to add to the whitelist. We recommend adding the pod and node CIDR blocks of your container to the RDS instance whitelist. Setting the RDS instance whitelist may fail if the instance is not in the Running state.
	string	No	List of RDS instances to add to the whitelist. We recommend adding the pod and node CIDR blocks of your container to the RDS instance whitelist. Setting the RDS instance whitelist may fail if the instance is not in the Running state.	rm-2zev748xi27xc****
taints `deprecated`	array	No	[Deprecated] For node pool configuration, use the `taints` parameter under `kubernetes_config` in `nodepool`. Node taint information. Taints and tolerations work together to prevent pods from being scheduled onto unsuitable nodes. For more information, see taint-and-toleration.
	taint	No	Node taint information. Taints and tolerations work together to prevent pods from being scheduled onto unsuitable nodes. For more information, see taint-and-toleration.
cloud_monitor_flags `deprecated`	boolean	No	[Deprecated] For control plane node configuration, use the cloud_monitor_flags parameter under `control_plane_config`. For node pool configuration, use the `cms_enabled` parameter under `kubernetes_config` in `nodepool`. Install CloudMonitor agent in the cluster. Valid values: `true`: Install CloudMonitor agent. `false`: Do not install CloudMonitor agent. Default value: `false`.	false
platform `deprecated`	string	No	[Deprecated] For node pool configuration, use the `platform` parameter under `scaling_group` in `nodepool`. Operating system distribution. Valid values: CentOS AliyunLinux QbootAliyunLinux Qboot Windows WindowsCore Default value: `CentOS`.	CentOS
os_type `deprecated`	string	No	[Deprecated] For control plane node configuration, use the `image_type` parameter under `control_plane_config`. For node pool configuration, use the `image_type` parameter under `scaling_group` in `nodepool`. Operating system platform type. Valid values: Windows Linux Default value: `Linux`.	Linux
soc_enabled `deprecated`	boolean	No	[Deprecated] For control plane node configuration, use the `soc_enabled` parameter under `control_plane_config`. For node pool configuration, use the `soc_enabled` parameter under `scaling_group` in `nodepool`. MLPS 2.0 security hardening. For more information, see Instructions for using MLPS 2.0 security hardening in ACK. Valid values: `true`: Enable MLPS 2.0 security hardening. `false`: Disable MLPS 2.0 security hardening. Default value: `false`.	false
security_hardening_os `deprecated`	boolean	No	[Deprecated] For control plane configuration, use the `security_hardening_os` parameter under `control_plane_config`. For node pool configuration, use the `security_hardening_os` parameter under `scaling_group` in `nodepool`. Alibaba Cloud OS security hardening. Valid values: `true`: Enable Alibaba Cloud OS security hardening. `false`: Disable Alibaba Cloud OS security hardening. Default value: `false`.	false
cis_enabled `deprecated`	boolean	No	[Deprecated] For control plane configuration, use the `security_hardening_os` parameter under `control_plane_config`. For node pool configuration, use the `security_hardening_os` parameter under `scaling_group` in `nodepool`.	false
cpu_policy `deprecated`	string	No	[Deprecated] For control plane configuration, use the `cpu_policy` parameter under `control_plane_config`. For node pool configuration, use the `cpu_policy` parameter under `kubernetes_config` in `nodepool`. Node CPU management policy. Supported for cluster versions 1.12.6 and later: `static`: Enhances CPU affinity and exclusivity for pods with specific resource characteristics on the node. `none`: Uses the default CPU affinity scheme. Default value: `none`.	none
node_port_range `deprecated`	string	No	Node service port range. Valid range: [30000,65535]. Default value: `30000-32767`.	30000~32767
master_vswitch_ids `deprecated`	array	No	[Deprecated] Use the `vswitch_ids` parameter instead. List of master node vSwitch IDs. The number of vSwitches must be in the range [1,3]. For high availability, we recommend selecting three vSwitches in different zones. The number of specified instance types must match `master_count` and correspond one-to-one with elements in `master_vswitch_ids`.
	string	No	List of master node vSwitch IDs. The number of vSwitches must be in the range [1,3]. For high availability, we recommend selecting three vSwitches in different zones. The number of specified instance types must match `master_count` and correspond one-to-one with elements in `master_vswitch_ids`.	vsw-2ze3ds0mdip0hdz8i****
key_pair `deprecated`	string	No	[Deprecated] For control plane configuration, use the `key_pair` parameter under `control_plane_config`. For node pool configuration, use the `key_pair` parameter under `scaling_group` in `nodepool`. Key pair name. Use either this parameter or `login_password`.	security-key
login_password `deprecated`	string	No	[Deprecated] For control plane configuration, use the `login_password` parameter under `control_plane_config`. For node pool configuration, use the `login_password` parameter under `scaling_group` in `nodepool`. SSH login password. Use either this parameter or `key_pair`. Password rules: 8–30 characters, including at least three of the following: uppercase letters, lowercase letters, digits, and special characters.	null
master_count `deprecated`	integer	No	[Deprecated] For control plane configuration, use the `size` parameter under `control_plane_config`. Number of master nodes. Valid values: `3` or `5`. Default value: `3`.	3
master_instance_types `deprecated`	array	No	[Deprecated] For control plane configuration, use the `instance_types` parameter under `control_plane_config`. Master node instance types. For more information, see Instance families.
	string	No	Master node instance types. The number of specified instance types must match `master_count` and correspond one-to-one with elements in `master_instance_types`. For more information, see Instance families.	ecs.n4.xlarge
master_system_disk_category `deprecated`	string	No	[Deprecated] For control plane configuration, use the `system_disk_category` parameter under `control_plane_config`. Master node system disk type. Valid values: `cloud_efficiency`: Ultra disk. `cloud_ssd`: Standard SSD. `cloud_essd`: ESSD. Default value: `cloud_ssd`. The default may vary by zone.	cloud_ssd
master_system_disk_size `deprecated`	integer	No	[Deprecated] For control plane configuration, use the `system_disk_size` parameter under `control_plane_config`. Master node system disk size. Valid range: [40,500]. Unit: GiB. Default value: `120`.	120
master_system_disk_performance_level `deprecated`	string	No	[Deprecated] For control plane configuration, use the `system_disk_performance_level` parameter under `control_plane_config`. Performance level of the master node system disk. Applies only to ESSD disks. Disk performance levels depend on disk size. For more information, see ESSD.	PL1
master_system_disk_snapshot_policy_id `deprecated`	string	No	[Deprecated] For control plane configuration, use the `system_disk_snapshot_policy_id` parameter under `control_plane_config`. Automatic snapshot policy ID for master node system disks.	sp-2zej1nogjvovnz4z****
master_instance_charge_type `deprecated`	string	No	[Deprecated] For control plane configuration, use the `instance_charge_type` parameter under `control_plane_config`. Master node payment type. Valid values: `PrePaid`: Subscription. `PostPaid`: Pay-as-you-go. Default value: `PostPaid`.	PrePaid
master_period_unit `deprecated`	string	No	[Deprecated] For control plane configuration, use the `period_unit` parameter under `control_plane_config`. Master node billing cycle. Required when master_instance_charge_type is `PrePaid`. Valid value: `Month`. Only monthly billing is supported.	Month
master_period `deprecated`	integer	No	[Deprecated] For control plane configuration, use the `unit` parameter under `control_plane_config`. Master node subscription duration in months. Required and valid only when `master_instance_charge_type` is `PrePaid`. Valid values: {1, 2, 3, 6, 12, 24, 36, 48, 60}. Default value: 1.	1
master_auto_renew `deprecated`	boolean	No	[Deprecated] For control plane configuration, use the `auto_renew` parameter under `control_plane_config`. Enable auto-renewal for master nodes. Valid only when `master_instance_charge_type` is `PrePaid`. Valid values: `true`: Enable auto-renewal. `false`: Disable auto-renewal. Default value: `true`.	true
master_auto_renew_period `deprecated`	integer	No	[Deprecated] For control plane configuration, use the `auto_renew_period` parameter under `control_plane_config`. Master node auto-renewal period. Required and valid only when subscription billing is selected. Valid values: {1, 2, 3, 6, 12}. Default value: 1.	1
num_of_nodes `deprecated`	integer	No	[Deprecated] For node pool configuration, use the `desired_size` parameter under `scaling_group` in `nodepool`. Number of worker nodes. Range: [0,100].	3
worker_vswitch_ids `deprecated`	array	No	[Deprecated] For node pool configuration, use the `vswitch_ids` parameter under `scaling_group` in `nodepool`. List of vSwitches used by cluster nodes. One vSwitch per node. When creating a zero-node managed cluster, `worker_vswitch_ids` is optional, but you must provide `vswitch_ids`.
	string	No	List of worker node vSwitches. Valid range: [1,20]. For high availability, we recommend selecting vSwitches in different zones. When creating a zero-node managed cluster, `worker_vswitch_ids` is optional, but you must provide `vswitch_ids`.	vsw-2ze3ds0mdip0hdz8i****
worker_instance_types `deprecated`	array	No	[Deprecated] For node pool configuration, use the `instance_types` parameter under `scaling_group` in `nodepool`. Worker node instance configuration.
	string	No	Worker node instance types. Specify at least one instance type. For more information, see Instance families. Note Instance type priority decreases in the order they appear in the list. If an instance cannot be created using a higher-priority instance type, the system automatically tries the next lower-priority type.	ecs.n4.large
worker_system_disk_category `deprecated`	string	No	[Deprecated] For node pool configuration, use the `system_disk_category` parameter under `scaling_group` in `nodepool`. Worker node system disk type. For more information, see Overview of Elastic Block Storage. Valid values: `cloud_efficiency`: Ultra disk. `cloud_ssd`: Standard SSD. Default value: `cloud_ssd`.	cloud_efficiency
worker_system_disk_size `deprecated`	integer	No	[Deprecated] For node pool configuration, use the `system_disk_size` parameter under `scaling_group` in `nodepool`. Worker node system disk size. Unit: GiB. Valid range: [40,500]. The value must be greater than or equal to max{40, ImageSize}. Default value: `120`.	120
worker_system_disk_snapshot_policy_id `deprecated`	string	No	[Deprecated] For node pool configuration, use the `system_disk_snapshot_policy_id` parameter under `scaling_group` in `nodepool`. Automatic snapshot policy ID for worker node system disks.	sp-2zej1nogjvovnz4z****
worker_system_disk_performance_level `deprecated`	string	No	[Deprecated] For node pool configuration, use the `system_disk_performance_level` parameter under `scaling_group` in `nodepool`. When the system disk is an ESSD, you can set the performance level (PL). For more information, see ESSD. Valid values: PL0 PL1 PL2 PL3	PL1
worker_data_disks `deprecated`	array<object>	No	[Deprecated] For node pool configuration, use the `data_disks` parameter under `scaling_group` in `nodepool`. Configuration for worker node data disks, including type and size.
	object	No	Data disk configuration set.
category	string	Yes	Data disk type.	cloud_essd
encrypted	string	No	Encrypt the data disk. Valid values: `true`: Encrypt the data disk. `false`: Do not encrypt the data disk. Default value: `false`.	true
size	string	Yes	Data disk size. Valid range: 40–32767. Unit: GiB.	120
performance_level	string	No	Performance level of the node data disk. Applies only to ESSD.	PL1
worker_instance_charge_type `deprecated`	string	No	[Deprecated] For node pool configuration, use the `instance_charge_type` parameter under `scaling_group` in `nodepool`. Worker node payment type. Valid values: `PrePaid`: Subscription. `PostPaid`: Pay-as-you-go. Default value: Pay-as-you-go.	PrePaid
worker_period_unit `deprecated`	string	No	[Deprecated] For node pool configuration, use the `period_unit` parameter under `scaling_group` in `nodepool`. Worker node billing cycle. Required when worker_instance_charge_type is `PrePaid`. Valid value: `Month`. Only monthly billing is supported.	Month
worker_period `deprecated`	integer	No	[Deprecated] For node pool configuration, use the `period` parameter under `scaling_group` in `nodepool`. Worker node subscription duration in months. Required and valid only when `worker_instance_charge_type` is `PrePaid`. Valid values: {1, 2, 3, 6, 12, 24, 36, 48, 60}. Default value: 1.	1
worker_auto_renew `deprecated`	boolean	No	[Deprecated] For node pool configuration, use the `auto_renew` parameter under `scaling_group` in `nodepool`. Enable auto-renewal for worker nodes. Valid only when `worker_instance_charge_type` is `PrePaid`. Valid values: `true`: Enable auto-renewal. `false`: Disable auto-renewal. Default value: `true`.	true
worker_auto_renew_period `deprecated`	integer	No	[Deprecated] For node pool configuration, use the `auto_renew_period` parameter under `scaling_group` in `nodepool`. Worker node auto-renewal period. Required and valid only when subscription billing is selected. Valid values: {1, 2, 3, 6, 12}.	1
instances `deprecated`	array	No	[Deprecated] Adding existing nodes during cluster creation is not supported. To add existing nodes to a cluster, first create a node pool and then call the AttachInstancesToNodePool API. When using existing nodes to create a cluster, specify the ECS instance list. These instances are added as worker nodes to the cluster. Note This field is required when using existing instances to create a cluster.
	string	No	When using existing nodes to create a cluster, specify the ECS instance list. These instances are added as worker nodes to the cluster. Note This field is required when using existing instances to create a cluster.	i-2ze4zxnm36vq00xn****
format_disk `deprecated`	boolean	No	[Deprecated] Adding existing nodes during cluster creation is not supported. To add existing nodes to a cluster, first create a node pool and then call the AttachInstancesToNodePool API. When using existing instances to create a cluster, specify whether to mount data disks. Valid values: `true`: Store containers and images on the data disk. Existing data on the data disk will be lost. Back up your data. `false`: Do not store containers and images on the data disk. Default value: `false`. Data disk mounting rules: If the ECS instance has a mounted data disk and the file system of the last data disk is uninitialized, the system automatically formats it as ext4 to store /var/lib/docker and /var/lib/kubelet. If the ECS instance has no mounted data disk, no new data disk is mounted.	false
keep_instance_name `deprecated`	boolean	No	[Deprecated] Adding existing nodes during cluster creation is not supported. To add existing nodes to a cluster, first create a node pool and then call the AttachInstancesToNodePool API. When using existing instances to create a cluster, specify whether to retain the instance name. `true`: Retain. `false`: Replace with a system-generated name. Default value: `true`.	true
service_discovery_types `deprecated`	array	No	[Deprecated] Service discovery type for the cluster, used to specify the service discovery method in `ACK Serverless` clusters. `CoreDNS`: Uses CoreDNS, the standard Kubernetes service discovery component. Requires deploying a set of containers for DNS resolution. Defaults to two ECI instances with 0.25 vCPU and 512 MiB memory each. `PrivateZone`: Uses Alibaba Cloud PrivateZone for service discovery. Requires enabling the PrivateZone service. Default value: Disabled.
	string	No	Service discovery type for the cluster, used to specify the service discovery method in `ACK Serverless` clusters. `CoreDNS`: Uses CoreDNS, the standard Kubernetes service discovery component. Requires deploying a set of containers for DNS resolution. Defaults to two ECI instances with 0.25 vCPU and 512 MiB memory each. `PrivateZone`: Uses Alibaba Cloud PrivateZone for service discovery. Requires enabling the PrivateZone service. Default value: Disabled.	PrivateZone
nat_gateway `deprecated`	boolean	No	[Deprecated] Use the `snat_entry` parameter instead.	true
zone_id `deprecated`	string	No	[Deprecated] Use the `zone_ids` parameter instead. The zone ID within the cluster region. This parameter applies only to ACK managed clusters. When creating an ACK managed cluster without specifying `vpc_id` and `vswitch_ids`, specify `zone_id` to automatically create VPC network resources in this zone. This parameter is ignored if `vpc_id` and `vswitch_ids` are specified.	cn-beiji****
logging_type `deprecated`	string	No	[Deprecated] Enable Simple Log Service for the cluster. Applies only to ACK Serverless clusters and must be set to `SLS`.	SLS
disable_rollback `deprecated`	boolean	No	[Deprecated] By default, cluster creation failures do not trigger rollback. You must manually clean up failed clusters. Roll back on cluster creation failure. Valid values: `true`: Roll back when cluster creation fails. `false`: Do not roll back when cluster creation fails. Default value: `true`.	true
timeout_mins `deprecated`	integer	No	[Deprecated] By default, cluster creation failures do not trigger rollback. You must manually clean up failed clusters. Cluster creation timeout in minutes. Default value: `60`.	60
image_type `deprecated`	string	No	[Deprecated] For control plane configuration, use the `image_type` parameter under `control_plane_config`. For node pool configuration, use the `image_type` parameter under `scaling_group` in `nodepool`. Operating system distribution type. We recommend using this parameter to specify the node operating system. Valid values: CentOS AliyunLinux AliyunLinux Qboot AliyunLinuxUEFI AliyunLinux3 Windows WindowsCore AliyunLinux3Arm64 ContainerOS Default value: `CentOS`.	AliyunLinux
load_balancer_spec `deprecated`	string	No	[Deprecated] CLB is billed based on usage. This parameter has no effect. Load Balancer specification. Valid values: slb.s1.small slb.s2.small slb.s2.medium slb.s3.small slb.s3.medium slb.s3.large Default value: `slb.s2.small`.	slb.s2.small
enable_rrsa `deprecated`	boolean	No	[Deprecated] Use the `rrsa_config` parameter instead. Enable RRSA. true: Enable. false: Disable.	false
charge_type `deprecated`	string	No	[Deprecated] Payment type for the CLB instance used by the API Server. Default value: PostPaid. Valid values: PostPaid: Pay-as-you-go. PrePaid: Subscription. New CLB instances no longer support subscription billing, but existing instances are unaffected. Important This parameter changed on October 15, 2024. For more information, see Announcement on Changes to CreateCluster API Parameters. Starting December 1, 2024, new CLB instances will no longer support subscription billing and will incur an instance fee. For details, see [Product Announcement] Discontinuation of Subscription Billing for API Server CLB in New Clusters and Adjustment Announcement for Classic Load Balancer Billing Items.	PostPaid
period_unit `deprecated`	string	No	[Deprecated] Billing cycle. Required when payment type is PrePaid. Valid value: Month. Only monthly billing is supported. This parameter changed on October 15, 2024. For more information, see Announcement on Changes to CreateCluster API Parameters.	Month
period `deprecated`	integer	No	[Deprecated] Subscription duration. Required and valid only when charge_type is PrePaid. Valid values: {1, 2, 3, 6, 12, 24, 36, 48, 60}. Default value: 1. This parameter changed on October 15, 2024. For more information, see Announcement on Changes to CreateCluster API Parameters.	1
auto_renew `deprecated`	boolean	No	[Deprecated] Enable auto-renewal. Valid only when `charge_type` is `PrePaid`. Valid values: `true`: Enable auto-renewal. `false`: Disable auto-renewal. Default value: `false`. This parameter changed on October 15, 2024. For more information, see Announcement on Changes to CreateCluster API Parameters.	true
auto_renew_period `deprecated`	integer	No	[Deprecated] Auto-renewal period. Valid only when prepaid and auto-renewal are enabled. When `PeriodUnit=Month`, valid values: {1, 2, 3, 6, 12}. Default value: 1. This parameter changed on October 15, 2024. For more information, see Announcement on Changes to CreateCluster API Parameters.	1
access_control_list `deprecated`	array	No	[Deprecated] Access control list for the registered cluster API Server SLB.
	string	No	Access control list for the registered cluster API Server SLB.	192.168.XX.XX/24

Response elements

Element	Type	Description	Example
	object	Response body.
cluster_id	string	Cluster ID.	cb95aa626a47740afbf6aa099b650****
request_id	string	Request ID.	687C5BAA-D103-4993-884B-C35E4314****
task_id	string	Task ID.	T-5a54309c80282e39ea****

Examples

Success response

JSON format

{
  "cluster_id": "cb95aa626a47740afbf6aa099b650****",
  "request_id": "687C5BAA-D103-4993-884B-C35E4314****",
  "task_id": "T-5a54309c80282e39ea****"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.