Kubernetes

The addon you want to install in cluster.

A list of API audiences for Service Account Token Volume Projection. Set this to ["https://kubernetes.default.svc"] if you want to enable the Token Volume Projection feature (requires specifying service_account_issuer as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default.

The Zone where new kubernetes cluster will be located. If it is not be specified, the vswitch_ids should be set, its value will be vswitch's zone.

(Available in 1.105.0+) Nested attribute containing certificate authority data for your cluster.

The path of client certificate, like ~/.kube/client-cert.pem.

The path of client key, like ~/.kube/client-key.pem.

The path of cluster ca certificate, like ~/.kube/cluster-ca-cert.pem

Cluster local domain name, Default to cluster.local. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.

Map of kubernetes cluster connection information.

(Optional) Kubelet cpu policy. For Kubernetes 1.12.6 and later, its valid value is either static or none. Default to none.

Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).

Whether to enable cluster deletion protection.

Enable login to the node through SSH. Default to false.

(Optional, Available in 1.88.0+) Exclude autoscaler nodes from worker_nodes. Default to false.

Custom Image support. Must based on CentOS7 or AliyunLinux2.

Install cloud monitor agent on ECS. Default to true.

Enable to create advanced security group. default: false. See Advanced security group.

The keypair of ssh login cluster node, you have to create it first. You have to specify one of password key_name kms_encrypted_password fields.

An KMS encrypts password used to a cs kubernetes. You have to specify one of password key_name kms_encrypted_password fields.

An KMS encryption context used to decrypt kms_encrypted_password before creating or updating a cs kubernetes with kms_encrypted_password. See Encryption Context. It is valid when kms_encrypted_password is set.

The path of kube config, like ~/.kube/config.

The cluster api server load balance instance specification, default slb.s1.small. For more information on how to select a LB instance specification, see SLB instance overview.

Enable master payment auto-renew, defaults to false.

Master payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.

The system disk category of master node. Its valid value are cloud_ssd, cloud_essd and cloud_efficiency. Default to cloud_efficiency.

Master node system disk performance level. When master_disk_category values cloud_essd, the optional values are PL0, PL1, PL2 or PL3, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default is PL1.

The system disk size of master node. Its valid value range 20~500 in GB. Default to 20.

Master node system disk auto snapshot policy.

Master payment type. or PostPaid or PrePaid, defaults to PostPaid. If value is PrePaid, the files master_period, master_period_unit, master_auto_renew and master_auto_renew_period are required.

The instance type of master node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.

List of cluster master nodes.

Master payment period.Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.

Master payment period unit, the valid value is Month.

The vswitches used by master, you can specific 3 or 5 vswitches because of the amount of masters. Detailed below.

The kubernetes cluster's name. It is unique in one Alicloud account.

The ID of nat gateway used to launch kubernetes cluster.

Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice. Your cluster nodes and applications will have public network access. If there is a NAT gateway in the selected VPC, ACK will use this gateway by default; if there is no NAT gateway in the selected VPC, ACK will create a new NAT gateway for you and automatically configure SNAT rules.

The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24

Each node name consists of a prefix, an IP substring, and a suffix, the input format is customized,<prefix>,IPSubStringLen,<suffix>. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test.

(Optional, ForceNew, Available in 1.103.2+) The service port range of nodes, valid values: 30000 to 65535. Default to 30000-32767.

The operating system of the nodes that run pods, its valid value is either Linux or Windows. Default to Linux.

The password of ssh login cluster node. You have to specify one of password key_name kms_encrypted_password fields.

The architecture of the nodes that run pods, its valid value is either CentOS or AliyunLinux. Default to CentOS.

Flannel Specific The CIDR block for the pod network when using Flannel.

Terway Specific The vswitches for the pod network when using Terway.Be careful the pod_vswitch_ids can not equal to worker_vswitch_ids or master_vswitch_ids but must be in same availability zones.

Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.

RDS instance list, You can choose which RDS instances whitelist to add instances to.

The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.

The runtime of containers. If you select another container runtime, see How do I select between Docker and Sandboxed-Container. Detailed below.

The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.

The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the iss field in the token payload. Set this to "https://kubernetes.default.svc" to enable the Token Volume Projection feature (requires specifying api_audiences as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default.

The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.

The ID of load balancer.

The public ip of load balancer.

Whether to create internet load balancer for API Server. Default to true.

The ID of private load balancer where the current cluster master node is located.

Default nil, A map of tags assigned to the kubernetes cluster and work nodes. Detailed below.

(Optional, Available in 1.103.2+) Taints ensure pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. For more information, see Taints and Tolerations. Detailed below.

When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.

The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.

(Optional, Available in 1.81.0+) Custom data that can execute on nodes. For more information, see Prepare user data.

Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.

The ID of VPC where the current cluster is located.

(Optional) Enable worker payment auto-renew, defaults to false.

(Optional) Worker payment auto-renew period, it can be one of {1, 2, 3, 6, 12}.

The data disk category of worker, use worker_data_disks to instead it.

(Optional, Available in 1.91.0+) The data disk configurations of worker nodes, such as the disk type and disk size.

The data disk size of worker, use worker_data_disks to instead it.

(Optional) The system disk category of worker node. Its valid value are cloud, cloud_ssd, cloud_essd and cloud_efficiency. Default to cloud_efficiency.

(Optional, Available in 1.120.0+) Worker node system disk performance level, when worker_disk_category values cloud_essd, the optional values are PL0, PL1, PL2 or PL3, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default is PL1.

(Optional) The system disk size of worker node. Its valid value range 40~500 in GB.

(Optional, Available in 1.120.0+) Worker node system disk auto snapshot policy.

(Optional, Force new resource) Worker payment type, its valid value is either or PostPaid or PrePaid. Defaults to PostPaid. If value is PrePaid, the files worker_period, worker_period_unit, worker_auto_renew and worker_auto_renew_period are required, default is PostPaid.

(Optional) The instance type of worker node. Specify one type for single AZ Cluster, three types for MultiAZ Cluster.

(Deprecated from version 1.177.0)List of cluster worker nodes.

(Optional) The worker node number of the kubernetes cluster. Default to 3. It is limited up to 50 and if you want to enlarge it, please apply white list or contact with us.

(Optional) Worker payment period. The unit is Month. Its valid value is one of {1, 2, 3, 6, 12, 24, 36, 48, 60}.

(Optional) Worker payment period unit, the valid value is Month.

The RamRole Name attached to worker node.

(Optional) The vswitches used by workers.