alicloud.cs.Kubernetes
Explore with Pulumi AI
This resource will help you to manage a Kubernetes Cluster in Alibaba Cloud Kubernetes Service, see What is kubernetes.
NOTE: From August 21, 2024, Container Service for Kubernetes (ACK) discontinues the creation of ACK dedicated clusters, see Product announcement for more details.
NOTE: Available since v1.9.0.
NOTE: Kubernetes cluster only supports VPC network and it can access internet while creating kubernetes cluster. A Nat Gateway and configuring a SNAT for it can ensure one VPC network access internet. If there is no nat gateway in the VPC, you can set
new_nat_gateway
to “true” to create one automatically.
NOTE: Each kubernetes cluster contains 3 master nodes and those number cannot be changed at now.
NOTE: Creating kubernetes cluster need to install several packages and it will cost about 15 minutes. Please be patient.
NOTE: From version 1.9.4, the provider supports to download kube config, client certificate, client key and cluster ca certificate after creating cluster successfully, and you can put them into the specified location, like ‘~/.kube/config’.
NOTE: From version 1.16.0, the provider supports Multiple Availability Zones Kubernetes Cluster. To create a cluster of this kind, you must specify 3 or 5 items in
master_vswitch_ids
andmaster_instance_types
.
NOTE: From version 1.20.0, the provider supports disabling internet load balancer for API Server by setting
false
toslb_internet_enabled
.
NOTE: If you want to manage Kubernetes, you can use Kubernetes Provider.
NOTE: You need to activate several other products and confirm Authorization Policy used by Container Service before using this resource. Please refer to the
Authorization management
andCluster management
sections in the Document Center.
NOTE: From version 1.75.0, Some parameters have been removed from resource,You can check them below and re-import the cluster if necessary.
NOTE: From version 1.101.0+, We supported the
professional managed clusters(ack-pro)
, You can create a pro cluster by setting the the value ofcluster_spec
.
NOTE: From version 1.177.0+,
exclude_autoscaler_nodes
,worker_number
,worker_vswitch_ids
,worker_instance_types
,worker_instance_charge_type
,worker_period
,worker_period_unit
,worker_auto_renew
,worker_auto_renew_period
,worker_disk_category
,worker_disk_size
,worker_data_disks
,node_port_range
,cpu_policy
,user_data
,taints
,worker_disk_performance_level
,worker_disk_snapshot_policy_id
are deprecated. We Suggest you using resourcealicloud.cs.NodePool
to manage your cluster worker nodes.
NOTE: From version 1.212.0,
exclude_autoscaler_nodes
,worker_number
,worker_vswitch_ids
,worker_instance_types
,worker_instance_charge_type
,worker_period
,worker_period_unit
,worker_auto_renew
,worker_auto_renew_period
,worker_disk_category
,worker_disk_size
,worker_data_disks
,node_port_range
,cpu_policy
,user_data
,taints
,worker_disk_performance_level
,worker_disk_snapshot_policy_id
,kube_config
,availability_zone
are removed. Please use resourcealicloud.cs.NodePool
to manage your cluster worker nodes.
Create Kubernetes Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Kubernetes(name: string, args: KubernetesArgs, opts?: CustomResourceOptions);
@overload
def Kubernetes(resource_name: str,
args: KubernetesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Kubernetes(resource_name: str,
opts: Optional[ResourceOptions] = None,
master_instance_types: Optional[Sequence[str]] = None,
master_vswitch_ids: Optional[Sequence[str]] = None,
master_instance_charge_type: Optional[str] = None,
deletion_protection: Optional[bool] = None,
cluster_ca_cert: Optional[str] = None,
cluster_domain: Optional[str] = None,
custom_san: Optional[str] = None,
delete_options: Optional[Sequence[KubernetesDeleteOptionArgs]] = None,
api_audiences: Optional[Sequence[str]] = None,
enable_ssh: Optional[bool] = None,
image_id: Optional[str] = None,
install_cloud_monitor: Optional[bool] = None,
is_enterprise_security_group: Optional[bool] = None,
name: Optional[str] = None,
kms_encrypted_password: Optional[str] = None,
kms_encryption_context: Optional[Mapping[str, str]] = None,
load_balancer_spec: Optional[str] = None,
master_auto_renew: Optional[bool] = None,
master_auto_renew_period: Optional[int] = None,
master_disk_category: Optional[str] = None,
master_disk_performance_level: Optional[str] = None,
master_disk_size: Optional[int] = None,
master_period_unit: Optional[str] = None,
addons: Optional[Sequence[KubernetesAddonArgs]] = None,
client_cert: Optional[str] = None,
master_period: Optional[int] = None,
master_disk_snapshot_policy_id: Optional[str] = None,
client_key: Optional[str] = None,
key_name: Optional[str] = None,
name_prefix: Optional[str] = None,
new_nat_gateway: Optional[bool] = None,
node_cidr_mask: Optional[int] = None,
node_name_mode: Optional[str] = None,
os_type: Optional[str] = None,
password: Optional[str] = None,
platform: Optional[str] = None,
pod_cidr: Optional[str] = None,
pod_vswitch_ids: Optional[Sequence[str]] = None,
proxy_mode: Optional[str] = None,
rds_instances: Optional[Sequence[str]] = None,
resource_group_id: Optional[str] = None,
retain_resources: Optional[Sequence[str]] = None,
runtime: Optional[KubernetesRuntimeArgs] = None,
security_group_id: Optional[str] = None,
service_account_issuer: Optional[str] = None,
service_cidr: Optional[str] = None,
slb_internet_enabled: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
timezone: Optional[str] = None,
user_ca: Optional[str] = None,
version: Optional[str] = None)
func NewKubernetes(ctx *Context, name string, args KubernetesArgs, opts ...ResourceOption) (*Kubernetes, error)
public Kubernetes(string name, KubernetesArgs args, CustomResourceOptions? opts = null)
public Kubernetes(String name, KubernetesArgs args)
public Kubernetes(String name, KubernetesArgs args, CustomResourceOptions options)
type: alicloud:cs:Kubernetes
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KubernetesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KubernetesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KubernetesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KubernetesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KubernetesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kubernetesResource = new AliCloud.CS.Kubernetes("kubernetesResource", new()
{
MasterInstanceTypes = new[]
{
"string",
},
MasterVswitchIds = new[]
{
"string",
},
MasterInstanceChargeType = "string",
DeletionProtection = false,
ClusterCaCert = "string",
ClusterDomain = "string",
CustomSan = "string",
DeleteOptions = new[]
{
new AliCloud.CS.Inputs.KubernetesDeleteOptionArgs
{
DeleteMode = "string",
ResourceType = "string",
},
},
ApiAudiences = new[]
{
"string",
},
EnableSsh = false,
ImageId = "string",
InstallCloudMonitor = false,
IsEnterpriseSecurityGroup = false,
Name = "string",
KmsEncryptedPassword = "string",
KmsEncryptionContext =
{
{ "string", "string" },
},
MasterAutoRenew = false,
MasterAutoRenewPeriod = 0,
MasterDiskCategory = "string",
MasterDiskPerformanceLevel = "string",
MasterDiskSize = 0,
MasterPeriodUnit = "string",
Addons = new[]
{
new AliCloud.CS.Inputs.KubernetesAddonArgs
{
Config = "string",
Disabled = false,
Name = "string",
Version = "string",
},
},
ClientCert = "string",
MasterPeriod = 0,
MasterDiskSnapshotPolicyId = "string",
ClientKey = "string",
KeyName = "string",
NewNatGateway = false,
NodeCidrMask = 0,
NodeNameMode = "string",
OsType = "string",
Password = "string",
Platform = "string",
PodCidr = "string",
PodVswitchIds = new[]
{
"string",
},
ProxyMode = "string",
RdsInstances = new[]
{
"string",
},
ResourceGroupId = "string",
RetainResources = new[]
{
"string",
},
Runtime = new AliCloud.CS.Inputs.KubernetesRuntimeArgs
{
Name = "string",
Version = "string",
},
SecurityGroupId = "string",
ServiceAccountIssuer = "string",
ServiceCidr = "string",
SlbInternetEnabled = false,
Tags =
{
{ "string", "string" },
},
Timezone = "string",
UserCa = "string",
Version = "string",
});
example, err := cs.NewKubernetes(ctx, "kubernetesResource", &cs.KubernetesArgs{
MasterInstanceTypes: pulumi.StringArray{
pulumi.String("string"),
},
MasterVswitchIds: pulumi.StringArray{
pulumi.String("string"),
},
MasterInstanceChargeType: pulumi.String("string"),
DeletionProtection: pulumi.Bool(false),
ClusterCaCert: pulumi.String("string"),
ClusterDomain: pulumi.String("string"),
CustomSan: pulumi.String("string"),
DeleteOptions: cs.KubernetesDeleteOptionArray{
&cs.KubernetesDeleteOptionArgs{
DeleteMode: pulumi.String("string"),
ResourceType: pulumi.String("string"),
},
},
ApiAudiences: pulumi.StringArray{
pulumi.String("string"),
},
EnableSsh: pulumi.Bool(false),
ImageId: pulumi.String("string"),
InstallCloudMonitor: pulumi.Bool(false),
IsEnterpriseSecurityGroup: pulumi.Bool(false),
Name: pulumi.String("string"),
KmsEncryptedPassword: pulumi.String("string"),
KmsEncryptionContext: pulumi.StringMap{
"string": pulumi.String("string"),
},
MasterAutoRenew: pulumi.Bool(false),
MasterAutoRenewPeriod: pulumi.Int(0),
MasterDiskCategory: pulumi.String("string"),
MasterDiskPerformanceLevel: pulumi.String("string"),
MasterDiskSize: pulumi.Int(0),
MasterPeriodUnit: pulumi.String("string"),
Addons: cs.KubernetesAddonTypeArray{
&cs.KubernetesAddonTypeArgs{
Config: pulumi.String("string"),
Disabled: pulumi.Bool(false),
Name: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
ClientCert: pulumi.String("string"),
MasterPeriod: pulumi.Int(0),
MasterDiskSnapshotPolicyId: pulumi.String("string"),
ClientKey: pulumi.String("string"),
KeyName: pulumi.String("string"),
NewNatGateway: pulumi.Bool(false),
NodeCidrMask: pulumi.Int(0),
NodeNameMode: pulumi.String("string"),
OsType: pulumi.String("string"),
Password: pulumi.String("string"),
Platform: pulumi.String("string"),
PodCidr: pulumi.String("string"),
PodVswitchIds: pulumi.StringArray{
pulumi.String("string"),
},
ProxyMode: pulumi.String("string"),
RdsInstances: pulumi.StringArray{
pulumi.String("string"),
},
ResourceGroupId: pulumi.String("string"),
RetainResources: pulumi.StringArray{
pulumi.String("string"),
},
Runtime: &cs.KubernetesRuntimeArgs{
Name: pulumi.String("string"),
Version: pulumi.String("string"),
},
SecurityGroupId: pulumi.String("string"),
ServiceAccountIssuer: pulumi.String("string"),
ServiceCidr: pulumi.String("string"),
SlbInternetEnabled: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timezone: pulumi.String("string"),
UserCa: pulumi.String("string"),
Version: pulumi.String("string"),
})
var kubernetesResource = new Kubernetes("kubernetesResource", KubernetesArgs.builder()
.masterInstanceTypes("string")
.masterVswitchIds("string")
.masterInstanceChargeType("string")
.deletionProtection(false)
.clusterCaCert("string")
.clusterDomain("string")
.customSan("string")
.deleteOptions(KubernetesDeleteOptionArgs.builder()
.deleteMode("string")
.resourceType("string")
.build())
.apiAudiences("string")
.enableSsh(false)
.imageId("string")
.installCloudMonitor(false)
.isEnterpriseSecurityGroup(false)
.name("string")
.kmsEncryptedPassword("string")
.kmsEncryptionContext(Map.of("string", "string"))
.masterAutoRenew(false)
.masterAutoRenewPeriod(0)
.masterDiskCategory("string")
.masterDiskPerformanceLevel("string")
.masterDiskSize(0)
.masterPeriodUnit("string")
.addons(KubernetesAddonArgs.builder()
.config("string")
.disabled(false)
.name("string")
.version("string")
.build())
.clientCert("string")
.masterPeriod(0)
.masterDiskSnapshotPolicyId("string")
.clientKey("string")
.keyName("string")
.newNatGateway(false)
.nodeCidrMask(0)
.nodeNameMode("string")
.osType("string")
.password("string")
.platform("string")
.podCidr("string")
.podVswitchIds("string")
.proxyMode("string")
.rdsInstances("string")
.resourceGroupId("string")
.retainResources("string")
.runtime(KubernetesRuntimeArgs.builder()
.name("string")
.version("string")
.build())
.securityGroupId("string")
.serviceAccountIssuer("string")
.serviceCidr("string")
.slbInternetEnabled(false)
.tags(Map.of("string", "string"))
.timezone("string")
.userCa("string")
.version("string")
.build());
kubernetes_resource = alicloud.cs.Kubernetes("kubernetesResource",
master_instance_types=["string"],
master_vswitch_ids=["string"],
master_instance_charge_type="string",
deletion_protection=False,
cluster_ca_cert="string",
cluster_domain="string",
custom_san="string",
delete_options=[{
"delete_mode": "string",
"resource_type": "string",
}],
api_audiences=["string"],
enable_ssh=False,
image_id="string",
install_cloud_monitor=False,
is_enterprise_security_group=False,
name="string",
kms_encrypted_password="string",
kms_encryption_context={
"string": "string",
},
master_auto_renew=False,
master_auto_renew_period=0,
master_disk_category="string",
master_disk_performance_level="string",
master_disk_size=0,
master_period_unit="string",
addons=[{
"config": "string",
"disabled": False,
"name": "string",
"version": "string",
}],
client_cert="string",
master_period=0,
master_disk_snapshot_policy_id="string",
client_key="string",
key_name="string",
new_nat_gateway=False,
node_cidr_mask=0,
node_name_mode="string",
os_type="string",
password="string",
platform="string",
pod_cidr="string",
pod_vswitch_ids=["string"],
proxy_mode="string",
rds_instances=["string"],
resource_group_id="string",
retain_resources=["string"],
runtime={
"name": "string",
"version": "string",
},
security_group_id="string",
service_account_issuer="string",
service_cidr="string",
slb_internet_enabled=False,
tags={
"string": "string",
},
timezone="string",
user_ca="string",
version="string")
const kubernetesResource = new alicloud.cs.Kubernetes("kubernetesResource", {
masterInstanceTypes: ["string"],
masterVswitchIds: ["string"],
masterInstanceChargeType: "string",
deletionProtection: false,
clusterCaCert: "string",
clusterDomain: "string",
customSan: "string",
deleteOptions: [{
deleteMode: "string",
resourceType: "string",
}],
apiAudiences: ["string"],
enableSsh: false,
imageId: "string",
installCloudMonitor: false,
isEnterpriseSecurityGroup: false,
name: "string",
kmsEncryptedPassword: "string",
kmsEncryptionContext: {
string: "string",
},
masterAutoRenew: false,
masterAutoRenewPeriod: 0,
masterDiskCategory: "string",
masterDiskPerformanceLevel: "string",
masterDiskSize: 0,
masterPeriodUnit: "string",
addons: [{
config: "string",
disabled: false,
name: "string",
version: "string",
}],
clientCert: "string",
masterPeriod: 0,
masterDiskSnapshotPolicyId: "string",
clientKey: "string",
keyName: "string",
newNatGateway: false,
nodeCidrMask: 0,
nodeNameMode: "string",
osType: "string",
password: "string",
platform: "string",
podCidr: "string",
podVswitchIds: ["string"],
proxyMode: "string",
rdsInstances: ["string"],
resourceGroupId: "string",
retainResources: ["string"],
runtime: {
name: "string",
version: "string",
},
securityGroupId: "string",
serviceAccountIssuer: "string",
serviceCidr: "string",
slbInternetEnabled: false,
tags: {
string: "string",
},
timezone: "string",
userCa: "string",
version: "string",
});
type: alicloud:cs:Kubernetes
properties:
addons:
- config: string
disabled: false
name: string
version: string
apiAudiences:
- string
clientCert: string
clientKey: string
clusterCaCert: string
clusterDomain: string
customSan: string
deleteOptions:
- deleteMode: string
resourceType: string
deletionProtection: false
enableSsh: false
imageId: string
installCloudMonitor: false
isEnterpriseSecurityGroup: false
keyName: string
kmsEncryptedPassword: string
kmsEncryptionContext:
string: string
masterAutoRenew: false
masterAutoRenewPeriod: 0
masterDiskCategory: string
masterDiskPerformanceLevel: string
masterDiskSize: 0
masterDiskSnapshotPolicyId: string
masterInstanceChargeType: string
masterInstanceTypes:
- string
masterPeriod: 0
masterPeriodUnit: string
masterVswitchIds:
- string
name: string
newNatGateway: false
nodeCidrMask: 0
nodeNameMode: string
osType: string
password: string
platform: string
podCidr: string
podVswitchIds:
- string
proxyMode: string
rdsInstances:
- string
resourceGroupId: string
retainResources:
- string
runtime:
name: string
version: string
securityGroupId: string
serviceAccountIssuer: string
serviceCidr: string
slbInternetEnabled: false
tags:
string: string
timezone: string
userCa: string
version: string
Kubernetes Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Kubernetes resource accepts the following input properties:
- Master
Instance List<string>Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- Master
Vswitch List<string>Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- Addons
List<Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Addon> The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- Api
Audiences List<string> - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - Client
Key string - The path of client key, like
~/.kube/client-key.pem
. - Cluster
Ca stringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- Cluster
Domain string - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - Custom
San string - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- Delete
Options List<Pulumi.Ali Cloud. CS. Inputs. Kubernetes Delete Option> - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - Deletion
Protection bool - Whether to enable cluster deletion protection.
- Enable
Ssh bool - Enable login to the node through SSH. Default to
false
. - Image
Id string - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- Install
Cloud boolMonitor - Install cloud monitor agent on ECS. Default to
true
. - Is
Enterprise boolSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- Key
Name string - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encrypted stringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encryption Dictionary<string, string>Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - Load
Balancer stringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - Master
Auto boolRenew - Enable master payment auto-renew, defaults to false.
- Master
Auto intRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- Master
Disk stringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - Master
Disk stringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - Master
Disk intSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- Master
Disk stringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- Master
Instance stringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - Master
Period int - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- Master
Period stringUnit - Master payment period unit, the valid value is
Month
. - Name string
- The kubernetes cluster's name. It is unique in one Alicloud account.
- Name
Prefix string - New
Nat boolGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- Node
Cidr intMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- Node
Name stringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - Os
Type string - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - Password string
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Platform string
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - Pod
Cidr string - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- Pod
Vswitch List<string>Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - Proxy
Mode string - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- Rds
Instances List<string> - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- Resource
Group stringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- Retain
Resources List<string> - Runtime
Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Runtime - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - Security
Group stringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- Service
Account stringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Service
Cidr string - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- Slb
Internet boolEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- Dictionary<string, string>
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- Timezone string
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- User
Ca string - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- Version string
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- Master
Instance []stringTypes - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- Master
Vswitch []stringIds - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- Addons
[]Kubernetes
Addon Type Args The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- Api
Audiences []string - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - Client
Key string - The path of client key, like
~/.kube/client-key.pem
. - Cluster
Ca stringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- Cluster
Domain string - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - Custom
San string - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- Delete
Options []KubernetesDelete Option Args - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - Deletion
Protection bool - Whether to enable cluster deletion protection.
- Enable
Ssh bool - Enable login to the node through SSH. Default to
false
. - Image
Id string - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- Install
Cloud boolMonitor - Install cloud monitor agent on ECS. Default to
true
. - Is
Enterprise boolSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- Key
Name string - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encrypted stringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encryption map[string]stringContext - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - Load
Balancer stringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - Master
Auto boolRenew - Enable master payment auto-renew, defaults to false.
- Master
Auto intRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- Master
Disk stringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - Master
Disk stringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - Master
Disk intSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- Master
Disk stringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- Master
Instance stringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - Master
Period int - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- Master
Period stringUnit - Master payment period unit, the valid value is
Month
. - Name string
- The kubernetes cluster's name. It is unique in one Alicloud account.
- Name
Prefix string - New
Nat boolGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- Node
Cidr intMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- Node
Name stringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - Os
Type string - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - Password string
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Platform string
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - Pod
Cidr string - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- Pod
Vswitch []stringIds - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - Proxy
Mode string - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- Rds
Instances []string - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- Resource
Group stringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- Retain
Resources []string - Runtime
Kubernetes
Runtime Args - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - Security
Group stringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- Service
Account stringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Service
Cidr string - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- Slb
Internet boolEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- map[string]string
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- Timezone string
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- User
Ca string - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- Version string
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- master
Instance List<String>Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master
Vswitch List<String>Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- addons
List<Kubernetes
Addon> The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api
Audiences List<String> - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - client
Cert String - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key String - The path of client key, like
~/.kube/client-key.pem
. - cluster
Ca StringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster
Domain String - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - custom
San String - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete
Options List<KubernetesDelete Option> - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion
Protection Boolean - Whether to enable cluster deletion protection.
- enable
Ssh Boolean - Enable login to the node through SSH. Default to
false
. - image
Id String - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install
Cloud BooleanMonitor - Install cloud monitor agent on ECS. Default to
true
. - is
Enterprise BooleanSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key
Name String - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encrypted StringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encryption Map<String,String>Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load
Balancer StringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master
Auto BooleanRenew - Enable master payment auto-renew, defaults to false.
- master
Auto IntegerRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master
Disk StringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master
Disk StringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master
Disk IntegerSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master
Disk StringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- master
Instance StringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master
Period Integer - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master
Period StringUnit - Master payment period unit, the valid value is
Month
. - name String
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name
Prefix String - new
Nat BooleanGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node
Cidr IntegerMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node
Name StringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os
Type String - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password String
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform String
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod
Cidr String - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod
Vswitch List<String>Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy
Mode String - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds
Instances List<String> - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource
Group StringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain
Resources List<String> - runtime
Kubernetes
Runtime - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security
Group StringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service
Account StringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service
Cidr String - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb
Internet BooleanEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- Map<String,String>
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone String
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user
Ca String - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version String
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- master
Instance string[]Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master
Vswitch string[]Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- addons
Kubernetes
Addon[] The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api
Audiences string[] - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key string - The path of client key, like
~/.kube/client-key.pem
. - cluster
Ca stringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster
Domain string - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - custom
San string - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete
Options KubernetesDelete Option[] - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion
Protection boolean - Whether to enable cluster deletion protection.
- enable
Ssh boolean - Enable login to the node through SSH. Default to
false
. - image
Id string - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install
Cloud booleanMonitor - Install cloud monitor agent on ECS. Default to
true
. - is
Enterprise booleanSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key
Name string - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encrypted stringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encryption {[key: string]: string}Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load
Balancer stringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master
Auto booleanRenew - Enable master payment auto-renew, defaults to false.
- master
Auto numberRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master
Disk stringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master
Disk stringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master
Disk numberSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master
Disk stringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- master
Instance stringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master
Period number - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master
Period stringUnit - Master payment period unit, the valid value is
Month
. - name string
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name
Prefix string - new
Nat booleanGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node
Cidr numberMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node
Name stringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os
Type string - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password string
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform string
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod
Cidr string - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod
Vswitch string[]Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy
Mode string - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds
Instances string[] - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource
Group stringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain
Resources string[] - runtime
Kubernetes
Runtime - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security
Group stringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service
Account stringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service
Cidr string - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb
Internet booleanEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- {[key: string]: string}
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone string
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user
Ca string - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version string
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- master_
instance_ Sequence[str]types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master_
vswitch_ Sequence[str]ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- addons
Sequence[Kubernetes
Addon Args] The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api_
audiences Sequence[str] - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - client_
cert str - The path of client certificate, like
~/.kube/client-cert.pem
. - client_
key str - The path of client key, like
~/.kube/client-key.pem
. - cluster_
ca_ strcert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster_
domain str - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - custom_
san str - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete_
options Sequence[KubernetesDelete Option Args] - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion_
protection bool - Whether to enable cluster deletion protection.
- enable_
ssh bool - Enable login to the node through SSH. Default to
false
. - image_
id str - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install_
cloud_ boolmonitor - Install cloud monitor agent on ECS. Default to
true
. - is_
enterprise_ boolsecurity_ group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key_
name str - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms_
encrypted_ strpassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms_
encryption_ Mapping[str, str]context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load_
balancer_ strspec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master_
auto_ boolrenew - Enable master payment auto-renew, defaults to false.
- master_
auto_ intrenew_ period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master_
disk_ strcategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master_
disk_ strperformance_ level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master_
disk_ intsize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master_
disk_ strsnapshot_ policy_ id Master node system disk auto snapshot policy.
Computed params
- master_
instance_ strcharge_ type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master_
period int - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master_
period_ strunit - Master payment period unit, the valid value is
Month
. - name str
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name_
prefix str - new_
nat_ boolgateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node_
cidr_ intmask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node_
name_ strmode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os_
type str - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password str
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform str
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod_
cidr str - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod_
vswitch_ Sequence[str]ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy_
mode str - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds_
instances Sequence[str] - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource_
group_ strid - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain_
resources Sequence[str] - runtime
Kubernetes
Runtime Args - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security_
group_ strid - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service_
account_ strissuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service_
cidr str - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb_
internet_ boolenabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- Mapping[str, str]
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone str
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user_
ca str - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version str
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- master
Instance List<String>Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master
Vswitch List<String>Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- addons List<Property Map>
The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api
Audiences List<String> - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - client
Cert String - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key String - The path of client key, like
~/.kube/client-key.pem
. - cluster
Ca StringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster
Domain String - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - custom
San String - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete
Options List<Property Map> - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion
Protection Boolean - Whether to enable cluster deletion protection.
- enable
Ssh Boolean - Enable login to the node through SSH. Default to
false
. - image
Id String - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install
Cloud BooleanMonitor - Install cloud monitor agent on ECS. Default to
true
. - is
Enterprise BooleanSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key
Name String - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encrypted StringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encryption Map<String>Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load
Balancer StringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master
Auto BooleanRenew - Enable master payment auto-renew, defaults to false.
- master
Auto NumberRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master
Disk StringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master
Disk StringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master
Disk NumberSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master
Disk StringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- master
Instance StringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master
Period Number - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master
Period StringUnit - Master payment period unit, the valid value is
Month
. - name String
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name
Prefix String - new
Nat BooleanGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node
Cidr NumberMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node
Name StringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os
Type String - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password String
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform String
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod
Cidr String - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod
Vswitch List<String>Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy
Mode String - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds
Instances List<String> - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource
Group StringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain
Resources List<String> - runtime Property Map
- The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security
Group StringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service
Account StringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service
Cidr String - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb
Internet BooleanEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- Map<String>
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone String
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user
Ca String - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version String
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
Outputs
All input properties are implicitly available as output properties. Additionally, the Kubernetes resource produces the following output properties:
- Pulumi.
Ali Cloud. CS. Outputs. Kubernetes Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- Connections
Pulumi.
Ali Cloud. CS. Outputs. Kubernetes Connections - (Map) Map of kubernetes cluster connection information.
- Id string
- The provider-assigned unique ID for this managed resource.
- Master
Nodes List<Pulumi.Ali Cloud. CS. Outputs. Kubernetes Master Node> - (Optional) The master nodes. See
master_nodes
below. - Nat
Gateway stringId - The ID of nat gateway used to launch kubernetes cluster.
- Slb
Id string - The ID of APIServer load balancer.
- Slb
Internet string - The public ip of load balancer.
- Slb
Intranet string - The ID of private load balancer where the current cluster master node is located.
- Vpc
Id string - The ID of VPC where the current cluster is located.
- Worker
Ram stringRole Name - The RamRole Name attached to worker node.
- Kubernetes
Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- Connections
Kubernetes
Connections - (Map) Map of kubernetes cluster connection information.
- Id string
- The provider-assigned unique ID for this managed resource.
- Master
Nodes []KubernetesMaster Node - (Optional) The master nodes. See
master_nodes
below. - Nat
Gateway stringId - The ID of nat gateway used to launch kubernetes cluster.
- Slb
Id string - The ID of APIServer load balancer.
- Slb
Internet string - The public ip of load balancer.
- Slb
Intranet string - The ID of private load balancer where the current cluster master node is located.
- Vpc
Id string - The ID of VPC where the current cluster is located.
- Worker
Ram stringRole Name - The RamRole Name attached to worker node.
- Kubernetes
Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- connections
Kubernetes
Connections - (Map) Map of kubernetes cluster connection information.
- id String
- The provider-assigned unique ID for this managed resource.
- master
Nodes List<KubernetesMaster Node> - (Optional) The master nodes. See
master_nodes
below. - nat
Gateway StringId - The ID of nat gateway used to launch kubernetes cluster.
- slb
Id String - The ID of APIServer load balancer.
- slb
Internet String - The public ip of load balancer.
- slb
Intranet String - The ID of private load balancer where the current cluster master node is located.
- vpc
Id String - The ID of VPC where the current cluster is located.
- worker
Ram StringRole Name - The RamRole Name attached to worker node.
- Kubernetes
Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- connections
Kubernetes
Connections - (Map) Map of kubernetes cluster connection information.
- id string
- The provider-assigned unique ID for this managed resource.
- master
Nodes KubernetesMaster Node[] - (Optional) The master nodes. See
master_nodes
below. - nat
Gateway stringId - The ID of nat gateway used to launch kubernetes cluster.
- slb
Id string - The ID of APIServer load balancer.
- slb
Internet string - The public ip of load balancer.
- slb
Intranet string - The ID of private load balancer where the current cluster master node is located.
- vpc
Id string - The ID of VPC where the current cluster is located.
- worker
Ram stringRole Name - The RamRole Name attached to worker node.
- Kubernetes
Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- connections
Kubernetes
Connections - (Map) Map of kubernetes cluster connection information.
- id str
- The provider-assigned unique ID for this managed resource.
- master_
nodes Sequence[KubernetesMaster Node] - (Optional) The master nodes. See
master_nodes
below. - nat_
gateway_ strid - The ID of nat gateway used to launch kubernetes cluster.
- slb_
id str - The ID of APIServer load balancer.
- slb_
internet str - The public ip of load balancer.
- slb_
intranet str - The ID of private load balancer where the current cluster master node is located.
- vpc_
id str - The ID of VPC where the current cluster is located.
- worker_
ram_ strrole_ name - The RamRole Name attached to worker node.
- Property Map
- (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- connections Property Map
- (Map) Map of kubernetes cluster connection information.
- id String
- The provider-assigned unique ID for this managed resource.
- master
Nodes List<Property Map> - (Optional) The master nodes. See
master_nodes
below. - nat
Gateway StringId - The ID of nat gateway used to launch kubernetes cluster.
- slb
Id String - The ID of APIServer load balancer.
- slb
Internet String - The public ip of load balancer.
- slb
Intranet String - The ID of private load balancer where the current cluster master node is located.
- vpc
Id String - The ID of VPC where the current cluster is located.
- worker
Ram StringRole Name - The RamRole Name attached to worker node.
Look up Existing Kubernetes Resource
Get an existing Kubernetes resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubernetesState, opts?: CustomResourceOptions): Kubernetes
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
addons: Optional[Sequence[KubernetesAddonArgs]] = None,
api_audiences: Optional[Sequence[str]] = None,
certificate_authority: Optional[KubernetesCertificateAuthorityArgs] = None,
client_cert: Optional[str] = None,
client_key: Optional[str] = None,
cluster_ca_cert: Optional[str] = None,
cluster_domain: Optional[str] = None,
connections: Optional[KubernetesConnectionsArgs] = None,
custom_san: Optional[str] = None,
delete_options: Optional[Sequence[KubernetesDeleteOptionArgs]] = None,
deletion_protection: Optional[bool] = None,
enable_ssh: Optional[bool] = None,
image_id: Optional[str] = None,
install_cloud_monitor: Optional[bool] = None,
is_enterprise_security_group: Optional[bool] = None,
key_name: Optional[str] = None,
kms_encrypted_password: Optional[str] = None,
kms_encryption_context: Optional[Mapping[str, str]] = None,
load_balancer_spec: Optional[str] = None,
master_auto_renew: Optional[bool] = None,
master_auto_renew_period: Optional[int] = None,
master_disk_category: Optional[str] = None,
master_disk_performance_level: Optional[str] = None,
master_disk_size: Optional[int] = None,
master_disk_snapshot_policy_id: Optional[str] = None,
master_instance_charge_type: Optional[str] = None,
master_instance_types: Optional[Sequence[str]] = None,
master_nodes: Optional[Sequence[KubernetesMasterNodeArgs]] = None,
master_period: Optional[int] = None,
master_period_unit: Optional[str] = None,
master_vswitch_ids: Optional[Sequence[str]] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
nat_gateway_id: Optional[str] = None,
new_nat_gateway: Optional[bool] = None,
node_cidr_mask: Optional[int] = None,
node_name_mode: Optional[str] = None,
os_type: Optional[str] = None,
password: Optional[str] = None,
platform: Optional[str] = None,
pod_cidr: Optional[str] = None,
pod_vswitch_ids: Optional[Sequence[str]] = None,
proxy_mode: Optional[str] = None,
rds_instances: Optional[Sequence[str]] = None,
resource_group_id: Optional[str] = None,
retain_resources: Optional[Sequence[str]] = None,
runtime: Optional[KubernetesRuntimeArgs] = None,
security_group_id: Optional[str] = None,
service_account_issuer: Optional[str] = None,
service_cidr: Optional[str] = None,
slb_id: Optional[str] = None,
slb_internet: Optional[str] = None,
slb_internet_enabled: Optional[bool] = None,
slb_intranet: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
timezone: Optional[str] = None,
user_ca: Optional[str] = None,
version: Optional[str] = None,
vpc_id: Optional[str] = None,
worker_ram_role_name: Optional[str] = None) -> Kubernetes
func GetKubernetes(ctx *Context, name string, id IDInput, state *KubernetesState, opts ...ResourceOption) (*Kubernetes, error)
public static Kubernetes Get(string name, Input<string> id, KubernetesState? state, CustomResourceOptions? opts = null)
public static Kubernetes get(String name, Output<String> id, KubernetesState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Addons
List<Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Addon> The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- Api
Audiences List<string> - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- Client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - Client
Key string - The path of client key, like
~/.kube/client-key.pem
. - Cluster
Ca stringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- Cluster
Domain string - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - Connections
Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Connections - (Map) Map of kubernetes cluster connection information.
- Custom
San string - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- Delete
Options List<Pulumi.Ali Cloud. CS. Inputs. Kubernetes Delete Option> - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - Deletion
Protection bool - Whether to enable cluster deletion protection.
- Enable
Ssh bool - Enable login to the node through SSH. Default to
false
. - Image
Id string - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- Install
Cloud boolMonitor - Install cloud monitor agent on ECS. Default to
true
. - Is
Enterprise boolSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- Key
Name string - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encrypted stringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encryption Dictionary<string, string>Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - Load
Balancer stringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - Master
Auto boolRenew - Enable master payment auto-renew, defaults to false.
- Master
Auto intRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- Master
Disk stringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - Master
Disk stringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - Master
Disk intSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- Master
Disk stringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- Master
Instance stringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - Master
Instance List<string>Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- Master
Nodes List<Pulumi.Ali Cloud. CS. Inputs. Kubernetes Master Node> - (Optional) The master nodes. See
master_nodes
below. - Master
Period int - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- Master
Period stringUnit - Master payment period unit, the valid value is
Month
. - Master
Vswitch List<string>Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- Name string
- The kubernetes cluster's name. It is unique in one Alicloud account.
- Name
Prefix string - Nat
Gateway stringId - The ID of nat gateway used to launch kubernetes cluster.
- New
Nat boolGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- Node
Cidr intMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- Node
Name stringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - Os
Type string - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - Password string
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Platform string
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - Pod
Cidr string - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- Pod
Vswitch List<string>Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - Proxy
Mode string - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- Rds
Instances List<string> - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- Resource
Group stringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- Retain
Resources List<string> - Runtime
Pulumi.
Ali Cloud. CS. Inputs. Kubernetes Runtime - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - Security
Group stringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- Service
Account stringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Service
Cidr string - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- Slb
Id string - The ID of APIServer load balancer.
- Slb
Internet string - The public ip of load balancer.
- Slb
Internet boolEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- Slb
Intranet string - The ID of private load balancer where the current cluster master node is located.
- Dictionary<string, string>
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- Timezone string
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- User
Ca string - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- Version string
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- Vpc
Id string - The ID of VPC where the current cluster is located.
- Worker
Ram stringRole Name - The RamRole Name attached to worker node.
- Addons
[]Kubernetes
Addon Type Args The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- Api
Audiences []string - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Kubernetes
Certificate Authority Args - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- Client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - Client
Key string - The path of client key, like
~/.kube/client-key.pem
. - Cluster
Ca stringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- Cluster
Domain string - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - Connections
Kubernetes
Connections Args - (Map) Map of kubernetes cluster connection information.
- Custom
San string - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- Delete
Options []KubernetesDelete Option Args - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - Deletion
Protection bool - Whether to enable cluster deletion protection.
- Enable
Ssh bool - Enable login to the node through SSH. Default to
false
. - Image
Id string - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- Install
Cloud boolMonitor - Install cloud monitor agent on ECS. Default to
true
. - Is
Enterprise boolSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- Key
Name string - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encrypted stringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Kms
Encryption map[string]stringContext - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - Load
Balancer stringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - Master
Auto boolRenew - Enable master payment auto-renew, defaults to false.
- Master
Auto intRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- Master
Disk stringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - Master
Disk stringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - Master
Disk intSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- Master
Disk stringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- Master
Instance stringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - Master
Instance []stringTypes - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- Master
Nodes []KubernetesMaster Node Args - (Optional) The master nodes. See
master_nodes
below. - Master
Period int - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- Master
Period stringUnit - Master payment period unit, the valid value is
Month
. - Master
Vswitch []stringIds - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- Name string
- The kubernetes cluster's name. It is unique in one Alicloud account.
- Name
Prefix string - Nat
Gateway stringId - The ID of nat gateway used to launch kubernetes cluster.
- New
Nat boolGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- Node
Cidr intMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- Node
Name stringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - Os
Type string - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - Password string
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - Platform string
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - Pod
Cidr string - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- Pod
Vswitch []stringIds - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - Proxy
Mode string - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- Rds
Instances []string - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- Resource
Group stringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- Retain
Resources []string - Runtime
Kubernetes
Runtime Args - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - Security
Group stringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- Service
Account stringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Service
Cidr string - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- Slb
Id string - The ID of APIServer load balancer.
- Slb
Internet string - The public ip of load balancer.
- Slb
Internet boolEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- Slb
Intranet string - The ID of private load balancer where the current cluster master node is located.
- map[string]string
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- Timezone string
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- User
Ca string - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- Version string
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- Vpc
Id string - The ID of VPC where the current cluster is located.
- Worker
Ram stringRole Name - The RamRole Name attached to worker node.
- addons
List<Kubernetes
Addon> The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api
Audiences List<String> - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Kubernetes
Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- client
Cert String - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key String - The path of client key, like
~/.kube/client-key.pem
. - cluster
Ca StringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster
Domain String - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - connections
Kubernetes
Connections - (Map) Map of kubernetes cluster connection information.
- custom
San String - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete
Options List<KubernetesDelete Option> - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion
Protection Boolean - Whether to enable cluster deletion protection.
- enable
Ssh Boolean - Enable login to the node through SSH. Default to
false
. - image
Id String - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install
Cloud BooleanMonitor - Install cloud monitor agent on ECS. Default to
true
. - is
Enterprise BooleanSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key
Name String - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encrypted StringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encryption Map<String,String>Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load
Balancer StringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master
Auto BooleanRenew - Enable master payment auto-renew, defaults to false.
- master
Auto IntegerRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master
Disk StringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master
Disk StringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master
Disk IntegerSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master
Disk StringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- master
Instance StringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master
Instance List<String>Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master
Nodes List<KubernetesMaster Node> - (Optional) The master nodes. See
master_nodes
below. - master
Period Integer - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master
Period StringUnit - Master payment period unit, the valid value is
Month
. - master
Vswitch List<String>Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- name String
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name
Prefix String - nat
Gateway StringId - The ID of nat gateway used to launch kubernetes cluster.
- new
Nat BooleanGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node
Cidr IntegerMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node
Name StringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os
Type String - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password String
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform String
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod
Cidr String - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod
Vswitch List<String>Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy
Mode String - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds
Instances List<String> - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource
Group StringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain
Resources List<String> - runtime
Kubernetes
Runtime - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security
Group StringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service
Account StringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service
Cidr String - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb
Id String - The ID of APIServer load balancer.
- slb
Internet String - The public ip of load balancer.
- slb
Internet BooleanEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- slb
Intranet String - The ID of private load balancer where the current cluster master node is located.
- Map<String,String>
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone String
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user
Ca String - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version String
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- vpc
Id String - The ID of VPC where the current cluster is located.
- worker
Ram StringRole Name - The RamRole Name attached to worker node.
- addons
Kubernetes
Addon[] The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api
Audiences string[] - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Kubernetes
Certificate Authority - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key string - The path of client key, like
~/.kube/client-key.pem
. - cluster
Ca stringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster
Domain string - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - connections
Kubernetes
Connections - (Map) Map of kubernetes cluster connection information.
- custom
San string - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete
Options KubernetesDelete Option[] - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion
Protection boolean - Whether to enable cluster deletion protection.
- enable
Ssh boolean - Enable login to the node through SSH. Default to
false
. - image
Id string - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install
Cloud booleanMonitor - Install cloud monitor agent on ECS. Default to
true
. - is
Enterprise booleanSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key
Name string - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encrypted stringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encryption {[key: string]: string}Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load
Balancer stringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master
Auto booleanRenew - Enable master payment auto-renew, defaults to false.
- master
Auto numberRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master
Disk stringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master
Disk stringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master
Disk numberSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master
Disk stringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- master
Instance stringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master
Instance string[]Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master
Nodes KubernetesMaster Node[] - (Optional) The master nodes. See
master_nodes
below. - master
Period number - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master
Period stringUnit - Master payment period unit, the valid value is
Month
. - master
Vswitch string[]Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- name string
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name
Prefix string - nat
Gateway stringId - The ID of nat gateway used to launch kubernetes cluster.
- new
Nat booleanGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node
Cidr numberMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node
Name stringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os
Type string - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password string
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform string
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod
Cidr string - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod
Vswitch string[]Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy
Mode string - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds
Instances string[] - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource
Group stringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain
Resources string[] - runtime
Kubernetes
Runtime - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security
Group stringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service
Account stringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service
Cidr string - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb
Id string - The ID of APIServer load balancer.
- slb
Internet string - The public ip of load balancer.
- slb
Internet booleanEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- slb
Intranet string - The ID of private load balancer where the current cluster master node is located.
- {[key: string]: string}
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone string
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user
Ca string - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version string
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- vpc
Id string - The ID of VPC where the current cluster is located.
- worker
Ram stringRole Name - The RamRole Name attached to worker node.
- addons
Sequence[Kubernetes
Addon Args] The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api_
audiences Sequence[str] - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Kubernetes
Certificate Authority Args - (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- client_
cert str - The path of client certificate, like
~/.kube/client-cert.pem
. - client_
key str - The path of client key, like
~/.kube/client-key.pem
. - cluster_
ca_ strcert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster_
domain str - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - connections
Kubernetes
Connections Args - (Map) Map of kubernetes cluster connection information.
- custom_
san str - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete_
options Sequence[KubernetesDelete Option Args] - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion_
protection bool - Whether to enable cluster deletion protection.
- enable_
ssh bool - Enable login to the node through SSH. Default to
false
. - image_
id str - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install_
cloud_ boolmonitor - Install cloud monitor agent on ECS. Default to
true
. - is_
enterprise_ boolsecurity_ group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key_
name str - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms_
encrypted_ strpassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms_
encryption_ Mapping[str, str]context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load_
balancer_ strspec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master_
auto_ boolrenew - Enable master payment auto-renew, defaults to false.
- master_
auto_ intrenew_ period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master_
disk_ strcategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master_
disk_ strperformance_ level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master_
disk_ intsize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master_
disk_ strsnapshot_ policy_ id Master node system disk auto snapshot policy.
Computed params
- master_
instance_ strcharge_ type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master_
instance_ Sequence[str]types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master_
nodes Sequence[KubernetesMaster Node Args] - (Optional) The master nodes. See
master_nodes
below. - master_
period int - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master_
period_ strunit - Master payment period unit, the valid value is
Month
. - master_
vswitch_ Sequence[str]ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- name str
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name_
prefix str - nat_
gateway_ strid - The ID of nat gateway used to launch kubernetes cluster.
- new_
nat_ boolgateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node_
cidr_ intmask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node_
name_ strmode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os_
type str - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password str
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform str
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod_
cidr str - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod_
vswitch_ Sequence[str]ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy_
mode str - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds_
instances Sequence[str] - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource_
group_ strid - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain_
resources Sequence[str] - runtime
Kubernetes
Runtime Args - The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security_
group_ strid - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service_
account_ strissuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service_
cidr str - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb_
id str - The ID of APIServer load balancer.
- slb_
internet str - The public ip of load balancer.
- slb_
internet_ boolenabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- slb_
intranet str - The ID of private load balancer where the current cluster master node is located.
- Mapping[str, str]
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone str
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user_
ca str - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version str
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- vpc_
id str - The ID of VPC where the current cluster is located.
- worker_
ram_ strrole_ name - The RamRole Name attached to worker node.
- addons List<Property Map>
The addon you want to install in cluster. See
addons
below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.Network params
- api
Audiences List<String> - A list of API audiences for Service Account Token Volume Projection. Set this to
["https://kubernetes.default.svc"]
if you want to enable the Token Volume Projection feature requires specifyingservice_account_issuer
as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - Property Map
- (Map, Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
- client
Cert String - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key String - The path of client key, like
~/.kube/client-key.pem
. - cluster
Ca StringCert The path of cluster ca certificate, like
~/.kube/cluster-ca-cert.pem
Removed params
- cluster
Domain String - Cluster local domain name, Default to
cluster.local
. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end. - connections Property Map
- (Map) Map of kubernetes cluster connection information.
- custom
San String - Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
- delete
Options List<Property Map> - Delete options, only work for deleting resource. Make sure you have run
pulumi up
to make the configuration applied. Seedelete_options
below. - deletion
Protection Boolean - Whether to enable cluster deletion protection.
- enable
Ssh Boolean - Enable login to the node through SSH. Default to
false
. - image
Id String - Custom Image support. Must based on CentOS7 or AliyunLinux2.
- install
Cloud BooleanMonitor - Install cloud monitor agent on ECS. Default to
true
. - is
Enterprise BooleanSecurity Group - Enable to create advanced security group. default: false. See Advanced security group. Only works for Create Operation.
- key
Name String - The keypair of ssh login cluster node, you have to create it first. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encrypted StringPassword - An KMS encrypts password used to a cs kubernetes. You have to specify one of
password
key_name
kms_encrypted_password
fields. - kms
Encryption Map<String>Context - An KMS encryption context used to decrypt
kms_encrypted_password
before creating or updating a cs kubernetes withkms_encrypted_password
. See Encryption Context. It is valid whenkms_encrypted_password
is set. - load
Balancer StringSpec - The cluster api server load balance instance specification, default
slb.s1.small
. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation. - master
Auto BooleanRenew - Enable master payment auto-renew, defaults to false.
- master
Auto NumberRenew Period - Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.
- master
Disk StringCategory - The system disk category of master node. Its valid value are
cloud_ssd
,cloud_essd
andcloud_efficiency
. Default tocloud_efficiency
. - master
Disk StringPerformance Level - Master node system disk performance level. When
master_disk_category
valuescloud_essd
, the optional values arePL0
,PL1
,PL2
orPL3
, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default isPL1
. - master
Disk NumberSize - The system disk size of master node. Its valid value range [20~500] in GB. Default to 20.
- master
Disk StringSnapshot Policy Id Master node system disk auto snapshot policy.
Computed params
- master
Instance StringCharge Type - Master payment type. or
PostPaid
orPrePaid
, defaults toPostPaid
. If value isPrePaid
, the filesmaster_period
,master_period_unit
,master_auto_renew
andmaster_auto_renew_period
are required. - master
Instance List<String>Types - The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.
- master
Nodes List<Property Map> - (Optional) The master nodes. See
master_nodes
below. - master
Period Number - Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.
- master
Period StringUnit - Master payment period unit, the valid value is
Month
. - master
Vswitch List<String>Ids - The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.
- name String
- The kubernetes cluster's name. It is unique in one Alicloud account.
- name
Prefix String - nat
Gateway StringId - The ID of nat gateway used to launch kubernetes cluster.
- new
Nat BooleanGateway - Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules. Only works for Create Operation.
- node
Cidr NumberMask - The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
- node
Name StringMode - Each node name consists of a prefix, an IP substring, and a suffix, the input format is
customized,<prefix>,IPSubStringLen,<suffix>
. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test. - os
Type String - The operating system of the nodes that run pods, its valid value is either
Linux
orWindows
. Default toLinux
. - password String
- The password of ssh login cluster node. You have to specify one of
password
key_name
kms_encrypted_password
fields. - platform String
- The architecture of the nodes that run pods, its valid value is either
CentOS
orAliyunLinux
. Default toCentOS
. - pod
Cidr String - [Flannel Specific] The CIDR block for the pod network when using Flannel.
- pod
Vswitch List<String>Ids - [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that
pod_vswitch_ids
is not belong toworker_vswitch_ids
andmaster_vswitch_ids
but must be in same availability zones. Only works for Create Operation. - proxy
Mode String - Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
- rds
Instances List<String> - RDS instance list, You can choose which RDS instances whitelist to add instances to.
- resource
Group StringId - The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
- retain
Resources List<String> - runtime Property Map
- The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. See
runtime
below. - security
Group StringId - The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
- service
Account StringIssuer - The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the
iss
field in the token payload. Set this to"https://kubernetes.default.svc"
to enable the Token Volume Projection feature (requires specifyingapi_audiences
as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default. - service
Cidr String - The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
- slb
Id String - The ID of APIServer load balancer.
- slb
Internet String - The public ip of load balancer.
- slb
Internet BooleanEnabled Whether to create internet load balancer for API Server. Default to true. Only works for Create Operation.
NOTE: If you want to use
Terway
as CNI network plugin, You need to specify thepod_vswitch_ids
field and addons withterway-eniip
. If you want to useFlannel
as CNI network plugin, You need to specify thepod_cidr
field and addons withflannel
.Master params
- slb
Intranet String - The ID of private load balancer where the current cluster master node is located.
- Map<String>
- Default nil, A map of tags assigned to the kubernetes cluster and work nodes.
- timezone String
- When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
- user
Ca String - The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
- version String
- Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
- vpc
Id String - The ID of VPC where the current cluster is located.
- worker
Ram StringRole Name - The RamRole Name attached to worker node.
Supporting Types
KubernetesAddon, KubernetesAddonArgs
- Config string
- The ACK add-on configurations. For more config information, see cs_kubernetes_addon_metadata.
- Disabled bool
Disables the automatic installation of a component. Default is
false
.The following example is the definition of addons block, The type of this field is list:
# install nginx ingress, conflict with SLB ingress addons { name = "nginx-ingress-controller" # use internet config = "{\"IngressSlbNetworkType\":\"internet",\"IngressSlbSpec\":\"slb.s2.small\"}" # if use intranet, detail below. # config = "{\"IngressSlbNetworkType\":\"intranet",\"IngressSlbSpec\":\"slb.s2.small\"}" }
- Name string
- Name of the ACK add-on. The name must match one of the names returned by DescribeAddons.
- Version string
- The version of the component.
- Config string
- The ACK add-on configurations. For more config information, see cs_kubernetes_addon_metadata.
- Disabled bool
Disables the automatic installation of a component. Default is
false
.The following example is the definition of addons block, The type of this field is list:
# install nginx ingress, conflict with SLB ingress addons { name = "nginx-ingress-controller" # use internet config = "{\"IngressSlbNetworkType\":\"internet",\"IngressSlbSpec\":\"slb.s2.small\"}" # if use intranet, detail below. # config = "{\"IngressSlbNetworkType\":\"intranet",\"IngressSlbSpec\":\"slb.s2.small\"}" }
- Name string
- Name of the ACK add-on. The name must match one of the names returned by DescribeAddons.
- Version string
- The version of the component.
- config String
- The ACK add-on configurations. For more config information, see cs_kubernetes_addon_metadata.
- disabled Boolean
Disables the automatic installation of a component. Default is
false
.The following example is the definition of addons block, The type of this field is list:
# install nginx ingress, conflict with SLB ingress addons { name = "nginx-ingress-controller" # use internet config = "{\"IngressSlbNetworkType\":\"internet",\"IngressSlbSpec\":\"slb.s2.small\"}" # if use intranet, detail below. # config = "{\"IngressSlbNetworkType\":\"intranet",\"IngressSlbSpec\":\"slb.s2.small\"}" }
- name String
- Name of the ACK add-on. The name must match one of the names returned by DescribeAddons.
- version String
- The version of the component.
- config string
- The ACK add-on configurations. For more config information, see cs_kubernetes_addon_metadata.
- disabled boolean
Disables the automatic installation of a component. Default is
false
.The following example is the definition of addons block, The type of this field is list:
# install nginx ingress, conflict with SLB ingress addons { name = "nginx-ingress-controller" # use internet config = "{\"IngressSlbNetworkType\":\"internet",\"IngressSlbSpec\":\"slb.s2.small\"}" # if use intranet, detail below. # config = "{\"IngressSlbNetworkType\":\"intranet",\"IngressSlbSpec\":\"slb.s2.small\"}" }
- name string
- Name of the ACK add-on. The name must match one of the names returned by DescribeAddons.
- version string
- The version of the component.
- config str
- The ACK add-on configurations. For more config information, see cs_kubernetes_addon_metadata.
- disabled bool
Disables the automatic installation of a component. Default is
false
.The following example is the definition of addons block, The type of this field is list:
# install nginx ingress, conflict with SLB ingress addons { name = "nginx-ingress-controller" # use internet config = "{\"IngressSlbNetworkType\":\"internet",\"IngressSlbSpec\":\"slb.s2.small\"}" # if use intranet, detail below. # config = "{\"IngressSlbNetworkType\":\"intranet",\"IngressSlbSpec\":\"slb.s2.small\"}" }
- name str
- Name of the ACK add-on. The name must match one of the names returned by DescribeAddons.
- version str
- The version of the component.
- config String
- The ACK add-on configurations. For more config information, see cs_kubernetes_addon_metadata.
- disabled Boolean
Disables the automatic installation of a component. Default is
false
.The following example is the definition of addons block, The type of this field is list:
# install nginx ingress, conflict with SLB ingress addons { name = "nginx-ingress-controller" # use internet config = "{\"IngressSlbNetworkType\":\"internet",\"IngressSlbSpec\":\"slb.s2.small\"}" # if use intranet, detail below. # config = "{\"IngressSlbNetworkType\":\"intranet",\"IngressSlbSpec\":\"slb.s2.small\"}" }
- name String
- Name of the ACK add-on. The name must match one of the names returned by DescribeAddons.
- version String
- The version of the component.
KubernetesCertificateAuthority, KubernetesCertificateAuthorityArgs
- Client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - Client
Key string - The path of client key, like
~/.kube/client-key.pem
. - Cluster
Cert string - The base64 encoded cluster certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
- Client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - Client
Key string - The path of client key, like
~/.kube/client-key.pem
. - Cluster
Cert string - The base64 encoded cluster certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
- client
Cert String - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key String - The path of client key, like
~/.kube/client-key.pem
. - cluster
Cert String - The base64 encoded cluster certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
- client
Cert string - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key string - The path of client key, like
~/.kube/client-key.pem
. - cluster
Cert string - The base64 encoded cluster certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
- client_
cert str - The path of client certificate, like
~/.kube/client-cert.pem
. - client_
key str - The path of client key, like
~/.kube/client-key.pem
. - cluster_
cert str - The base64 encoded cluster certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
- client
Cert String - The path of client certificate, like
~/.kube/client-cert.pem
. - client
Key String - The path of client key, like
~/.kube/client-key.pem
. - cluster
Cert String - The base64 encoded cluster certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
KubernetesConnections, KubernetesConnectionsArgs
- Api
Server stringInternet - API Server Internet endpoint.
- Api
Server stringIntranet - API Server Intranet endpoint.
- Master
Public stringIp - Master node SSH IP address.
- Service
Domain string - Service Access Domain.
- Api
Server stringInternet - API Server Internet endpoint.
- Api
Server stringIntranet - API Server Intranet endpoint.
- Master
Public stringIp - Master node SSH IP address.
- Service
Domain string - Service Access Domain.
- api
Server StringInternet - API Server Internet endpoint.
- api
Server StringIntranet - API Server Intranet endpoint.
- master
Public StringIp - Master node SSH IP address.
- service
Domain String - Service Access Domain.
- api
Server stringInternet - API Server Internet endpoint.
- api
Server stringIntranet - API Server Intranet endpoint.
- master
Public stringIp - Master node SSH IP address.
- service
Domain string - Service Access Domain.
- api_
server_ strinternet - API Server Internet endpoint.
- api_
server_ strintranet - API Server Intranet endpoint.
- master_
public_ strip - Master node SSH IP address.
- service_
domain str - Service Access Domain.
- api
Server StringInternet - API Server Internet endpoint.
- api
Server StringIntranet - API Server Intranet endpoint.
- master
Public StringIp - Master node SSH IP address.
- service
Domain String - Service Access Domain.
KubernetesDeleteOption, KubernetesDeleteOptionArgs
- Delete
Mode string - The deletion mode of the cluster. Different resources may have different default behavior, see
resource_type
for details. Valid values: - Resource
Type string - The type of resources that are created by cluster. Valid values:
SLB
: SLB resources created by the Nginx Ingress Service, default behavior is to delete, option to retain is available.ALB
: ALB resources created by the ALB Ingress Controller, default behavior is to retain, option to delete is available.SLS_Data
: SLS Project used by the cluster logging feature, default behavior is to retain, option to delete is available.SLS_ControlPlane
: SLS Project used for the managed cluster control plane logs, default behavior is to retain, option to delete is available.
... // Specify delete_options as below when deleting cluster // delete SLB resources created by the Nginx Ingress Service delete_options { delete_mode = "delete" resource_type = "SLB" } // delete ALB resources created by the ALB Ingress Controller delete_options { delete_mode = "delete" resource_type = "ALB" } // delete SLS Project used by the cluster logging feature delete_options { delete_mode = "delete" resource_type = "SLS_Data" } // delete SLS Project used for the managed cluster control plane logs delete_options { delete_mode = "delete" resource_type = "SLS_ControlPlane" }
- Delete
Mode string - The deletion mode of the cluster. Different resources may have different default behavior, see
resource_type
for details. Valid values: - Resource
Type string - The type of resources that are created by cluster. Valid values:
SLB
: SLB resources created by the Nginx Ingress Service, default behavior is to delete, option to retain is available.ALB
: ALB resources created by the ALB Ingress Controller, default behavior is to retain, option to delete is available.SLS_Data
: SLS Project used by the cluster logging feature, default behavior is to retain, option to delete is available.SLS_ControlPlane
: SLS Project used for the managed cluster control plane logs, default behavior is to retain, option to delete is available.
... // Specify delete_options as below when deleting cluster // delete SLB resources created by the Nginx Ingress Service delete_options { delete_mode = "delete" resource_type = "SLB" } // delete ALB resources created by the ALB Ingress Controller delete_options { delete_mode = "delete" resource_type = "ALB" } // delete SLS Project used by the cluster logging feature delete_options { delete_mode = "delete" resource_type = "SLS_Data" } // delete SLS Project used for the managed cluster control plane logs delete_options { delete_mode = "delete" resource_type = "SLS_ControlPlane" }
- delete
Mode String - The deletion mode of the cluster. Different resources may have different default behavior, see
resource_type
for details. Valid values: - resource
Type String - The type of resources that are created by cluster. Valid values:
SLB
: SLB resources created by the Nginx Ingress Service, default behavior is to delete, option to retain is available.ALB
: ALB resources created by the ALB Ingress Controller, default behavior is to retain, option to delete is available.SLS_Data
: SLS Project used by the cluster logging feature, default behavior is to retain, option to delete is available.SLS_ControlPlane
: SLS Project used for the managed cluster control plane logs, default behavior is to retain, option to delete is available.
... // Specify delete_options as below when deleting cluster // delete SLB resources created by the Nginx Ingress Service delete_options { delete_mode = "delete" resource_type = "SLB" } // delete ALB resources created by the ALB Ingress Controller delete_options { delete_mode = "delete" resource_type = "ALB" } // delete SLS Project used by the cluster logging feature delete_options { delete_mode = "delete" resource_type = "SLS_Data" } // delete SLS Project used for the managed cluster control plane logs delete_options { delete_mode = "delete" resource_type = "SLS_ControlPlane" }
- delete
Mode string - The deletion mode of the cluster. Different resources may have different default behavior, see
resource_type
for details. Valid values: - resource
Type string - The type of resources that are created by cluster. Valid values:
SLB
: SLB resources created by the Nginx Ingress Service, default behavior is to delete, option to retain is available.ALB
: ALB resources created by the ALB Ingress Controller, default behavior is to retain, option to delete is available.SLS_Data
: SLS Project used by the cluster logging feature, default behavior is to retain, option to delete is available.SLS_ControlPlane
: SLS Project used for the managed cluster control plane logs, default behavior is to retain, option to delete is available.
... // Specify delete_options as below when deleting cluster // delete SLB resources created by the Nginx Ingress Service delete_options { delete_mode = "delete" resource_type = "SLB" } // delete ALB resources created by the ALB Ingress Controller delete_options { delete_mode = "delete" resource_type = "ALB" } // delete SLS Project used by the cluster logging feature delete_options { delete_mode = "delete" resource_type = "SLS_Data" } // delete SLS Project used for the managed cluster control plane logs delete_options { delete_mode = "delete" resource_type = "SLS_ControlPlane" }
- delete_
mode str - The deletion mode of the cluster. Different resources may have different default behavior, see
resource_type
for details. Valid values: - resource_
type str - The type of resources that are created by cluster. Valid values:
SLB
: SLB resources created by the Nginx Ingress Service, default behavior is to delete, option to retain is available.ALB
: ALB resources created by the ALB Ingress Controller, default behavior is to retain, option to delete is available.SLS_Data
: SLS Project used by the cluster logging feature, default behavior is to retain, option to delete is available.SLS_ControlPlane
: SLS Project used for the managed cluster control plane logs, default behavior is to retain, option to delete is available.
... // Specify delete_options as below when deleting cluster // delete SLB resources created by the Nginx Ingress Service delete_options { delete_mode = "delete" resource_type = "SLB" } // delete ALB resources created by the ALB Ingress Controller delete_options { delete_mode = "delete" resource_type = "ALB" } // delete SLS Project used by the cluster logging feature delete_options { delete_mode = "delete" resource_type = "SLS_Data" } // delete SLS Project used for the managed cluster control plane logs delete_options { delete_mode = "delete" resource_type = "SLS_ControlPlane" }
- delete
Mode String - The deletion mode of the cluster. Different resources may have different default behavior, see
resource_type
for details. Valid values: - resource
Type String - The type of resources that are created by cluster. Valid values:
SLB
: SLB resources created by the Nginx Ingress Service, default behavior is to delete, option to retain is available.ALB
: ALB resources created by the ALB Ingress Controller, default behavior is to retain, option to delete is available.SLS_Data
: SLS Project used by the cluster logging feature, default behavior is to retain, option to delete is available.SLS_ControlPlane
: SLS Project used for the managed cluster control plane logs, default behavior is to retain, option to delete is available.
... // Specify delete_options as below when deleting cluster // delete SLB resources created by the Nginx Ingress Service delete_options { delete_mode = "delete" resource_type = "SLB" } // delete ALB resources created by the ALB Ingress Controller delete_options { delete_mode = "delete" resource_type = "ALB" } // delete SLS Project used by the cluster logging feature delete_options { delete_mode = "delete" resource_type = "SLS_Data" } // delete SLS Project used for the managed cluster control plane logs delete_options { delete_mode = "delete" resource_type = "SLS_ControlPlane" }
KubernetesMasterNode, KubernetesMasterNodeArgs
- id str
- ID of the node.
- name str
- The kubernetes cluster's name. It is unique in one Alicloud account.
- private_
ip str - The private IP address of node.
KubernetesRuntime, KubernetesRuntimeArgs
Import
Kubernetes cluster can be imported using the id, e.g. Then complete the main.tf accords to the result of pulumi preview
.
$ pulumi import alicloud:cs/kubernetes:Kubernetes main cluster-id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.