Managed
This resource will help you to manage a ManagedKubernetes Cluster in Alibaba Cloud Kubernetes Service.
NOTE: It is recommended to create a cluster with zero worker nodes, and then use a node pool to manage the cluster nodes. NOTE: Kubernetes cluster only supports VPC network and it can access internet while creating kubernetes cluster. A Nat Gateway and configuring a SNAT for it can ensure one VPC network access internet. If there is no nat gateway in the VPC, you can set
new_nat_gatewayto "true" to create one automatically. NOTE: Creating kubernetes cluster need to install several packages and it will cost about 15 minutes. Please be patient. NOTE: From version 1.9.4, the provider supports to download kube config, client certificate, client key and cluster ca certificate after creating cluster successfully, and you can put them into the specified location, like '~/.kube/config'. NOTE: From version 1.20.0, the provider supports disabling internet load balancer for API Server by settingfalsetoslb_internet_enabled. NOTE: If you want to manage Kubernetes, you can use Kubernetes Provider. NOTE: You need to activate several other products and confirm Authorization Policy used by Container Service before using this resource. Please refer to theAuthorization managementandCluster managementsections in the Document Center. NOTE: From version 1.72.0, Some parameters have been removed from resource,You can check them below and re-import the cluster if necessary. NOTE: From version 1.120.0, Support for cluster migration from Standard cluster to professional. NOTE: From version 1.177.0+,runtime,enable_ssh,rds_instances,exclude_autoscaler_nodes,worker_number,worker_instance_types,password,key_name,kms_encrypted_password,kms_encryption_context,worker_instance_charge_type,worker_period,worker_period_unit,worker_auto_renew,worker_auto_renew_period,worker_disk_category,worker_disk_size,worker_data_disks,node_name_mode,node_port_range,os_type,platform,image_id,cpu_policy,user_data,taints,worker_disk_performance_level,worker_disk_snapshot_policy_id,install_cloud_monitorare deprecated. We Suggest you using resourcealicloud.cs.NodePoolto manage your cluster worker nodes.
Import
Kubernetes managed cluster can be imported using the id, e.g. Then complete the main.tf accords to the result of pulumi preview.
$ pulumi import alicloud:cs/managedKubernetes:ManagedKubernetes main cluster_idProperties
A list of API audiences for Service Account Token Volume Projection. Set this to ["https://kubernetes.default.svc"] if you want to enable the Token Volume Projection feature (requires specifying service_account_issuer as well. From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default.
Whether to enable cluster to support RRSA for version 1.22.3+. Default to false. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more RAM Roles for Service Accounts.
Enable to create advanced security group. default: false. See Advanced security group.
(Optional, MapString, Available in 1.57.1+) An KMS encryption context used to decrypt kms_encrypted_password before creating or updating a cs kubernetes with kms_encrypted_password. See Encryption Context. It is valid when kms_encrypted_password is set.
The cluster api server load balance instance specification, default slb.s1.small. For more information on how to select a LB instance specification, see SLB instance overview.
(Optional, Available in 1.88.0+) Each node name consists of a prefix, an IP substring, and a suffix, the input format is customized,<prefix>,IPSubStringLen,<suffix>. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test.
(Optional, Available in 1.103.2+) The runtime of containers. If you select another container runtime, see Comparison of Docker, containerd, and Sandboxed-Container. Detailed below.
The issuer of the Service Account token for Service Account Token Volume Projection, corresponds to the iss field in the token payload. Set this to "https://kubernetes.default.svc" to enable the Token Volume Projection feature (requires specifying api_audiences as well). From cluster version 1.22+, Service Account Token Volume Projection will be enabled by default.
(Optional, Available in 1.103.2+) Taints ensure pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. For more information, see Taints and Tolerations. Detailed below.
(Optional, Available in 1.81.0+) Custom data that can execute on nodes. For more information, see Prepare user data.
Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
(Optional, Available in 1.120.0+) Worker node system disk performance level, when worker_disk_category values cloud_essd, the optional values are PL0, PL1, PL2 or PL3, but the specific performance level is related to the disk capacity. For more information, see Enhanced SSDs. Default is PL1.