Serverless
This resource will help you to manager a Serverless Kubernetes Cluster, see What is serverless kubernetes. The cluster is same as container service created by web console.
NOTE: Available since v1.58.0. NOTE: Serverless Kubernetes cluster only supports VPC network and it can access internet while creating kubernetes cluster. A Nat Gateway and configuring a SNAT for it can ensure one VPC network access internet. If there is no nat gateway in the VPC, you can set
new_nat_gatewayto "true" to create one automatically. NOTE: Creating serverless kubernetes cluster need to install several packages and it will cost about 5 minutes. Please be patient. NOTE: The provider supports to download kube config, client certificate, client key and cluster ca certificate after creating cluster successfully, and you can put them into the specified location, like '~/.kube/config'. NOTE: If you want to manage serverless Kubernetes, you can use Kubernetes Provider. NOTE: You need to activate several other products and confirm Authorization Policy used by Container Service before using this resource. Please refer to theAuthorization managementandCluster managementsections in the Document Center. NOTE: From version 1.162.0, support for creating professional serverless cluster. NOTE: From version 1.229.1, support to migrate basic serverless cluster to professional serverless cluster.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "ask-example-pro";
const _default = alicloud.getZones({
availableResourceCreation: "VSwitch",
});
const defaultNetwork = new alicloud.vpc.Network("default", {
vpcName: name,
cidrBlock: "10.2.0.0/21",
});
const defaultSwitch = new alicloud.vpc.Switch("default", {
vswitchName: name,
vpcId: defaultNetwork.id,
cidrBlock: "10.2.1.0/24",
zoneId: _default.then(_default => _default.zones?.[0]?.id),
});
const serverless = new alicloud.cs.ServerlessKubernetes("serverless", {
namePrefix: name,
clusterSpec: "ack.pro.small",
vpcId: defaultNetwork.id,
vswitchIds: [defaultSwitch.id],
newNatGateway: true,
endpointPublicAccessEnabled: true,
deletionProtection: false,
timeZone: "Asia/Shanghai",
serviceCidr: "172.21.0.0/20",
tags: {
"k-aa": "v-aa",
"k-bb": "v-bb",
},
});import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "ask-example-pro"
default = alicloud.get_zones(available_resource_creation="VSwitch")
default_network = alicloud.vpc.Network("default",
vpc_name=name,
cidr_block="10.2.0.0/21")
default_switch = alicloud.vpc.Switch("default",
vswitch_name=name,
vpc_id=default_network.id,
cidr_block="10.2.1.0/24",
zone_id=default.zones[0].id)
serverless = alicloud.cs.ServerlessKubernetes("serverless",
name_prefix=name,
cluster_spec="ack.pro.small",
vpc_id=default_network.id,
vswitch_ids=[default_switch.id],
new_nat_gateway=True,
endpoint_public_access_enabled=True,
deletion_protection=False,
time_zone="Asia/Shanghai",
service_cidr="172.21.0.0/20",
tags={
"k-aa": "v-aa",
"k-bb": "v-bb",
})using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "ask-example-pro";
var @default = AliCloud.GetZones.Invoke(new()
{
AvailableResourceCreation = "VSwitch",
});
var defaultNetwork = new AliCloud.Vpc.Network("default", new()
{
VpcName = name,
CidrBlock = "10.2.0.0/21",
});
var defaultSwitch = new AliCloud.Vpc.Switch("default", new()
{
VswitchName = name,
VpcId = defaultNetwork.Id,
CidrBlock = "10.2.1.0/24",
ZoneId = @default.Apply(@default => @default.Apply(getZonesResult => getZonesResult.Zones[0]?.Id)),
});
var serverless = new AliCloud.CS.ServerlessKubernetes("serverless", new()
{
NamePrefix = name,
ClusterSpec = "ack.pro.small",
VpcId = defaultNetwork.Id,
VswitchIds = new[]
{
defaultSwitch.Id,
},
NewNatGateway = true,
EndpointPublicAccessEnabled = true,
DeletionProtection = false,
TimeZone = "Asia/Shanghai",
ServiceCidr = "172.21.0.0/20",
Tags =
{
{ "k-aa", "v-aa" },
{ "k-bb", "v-bb" },
},
});
});package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cs"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpc"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "ask-example-pro"
if param := cfg.Get("name"); param != "" {
name = param
}
_default, err := alicloud.GetZones(ctx, &alicloud.GetZonesArgs{
AvailableResourceCreation: pulumi.StringRef("VSwitch"),
}, nil)
if err != nil {
return err
}
defaultNetwork, err := vpc.NewNetwork(ctx, "default", &vpc.NetworkArgs{
VpcName: pulumi.String(name),
CidrBlock: pulumi.String("10.2.0.0/21"),
})
if err != nil {
return err
}
defaultSwitch, err := vpc.NewSwitch(ctx, "default", &vpc.SwitchArgs{
VswitchName: pulumi.String(name),
VpcId: defaultNetwork.ID(),
CidrBlock: pulumi.String("10.2.1.0/24"),
ZoneId: pulumi.String(_default.Zones[0].Id),
})
if err != nil {
return err
}
_, err = cs.NewServerlessKubernetes(ctx, "serverless", &cs.ServerlessKubernetesArgs{
NamePrefix: pulumi.String(name),
ClusterSpec: pulumi.String("ack.pro.small"),
VpcId: defaultNetwork.ID(),
VswitchIds: pulumi.StringArray{
defaultSwitch.ID(),
},
NewNatGateway: pulumi.Bool(true),
EndpointPublicAccessEnabled: pulumi.Bool(true),
DeletionProtection: pulumi.Bool(false),
TimeZone: pulumi.String("Asia/Shanghai"),
ServiceCidr: pulumi.String("172.21.0.0/20"),
Tags: pulumi.StringMap{
"k-aa": pulumi.String("v-aa"),
"k-bb": pulumi.String("v-bb"),
},
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetZonesArgs;
import com.pulumi.alicloud.vpc.Network;
import com.pulumi.alicloud.vpc.NetworkArgs;
import com.pulumi.alicloud.vpc.Switch;
import com.pulumi.alicloud.vpc.SwitchArgs;
import com.pulumi.alicloud.cs.ServerlessKubernetes;
import com.pulumi.alicloud.cs.ServerlessKubernetesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("ask-example-pro");
final var default = AlicloudFunctions.getZones(GetZonesArgs.builder()
.availableResourceCreation("VSwitch")
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.vpcName(name)
.cidrBlock("10.2.0.0/21")
.build());
var defaultSwitch = new Switch("defaultSwitch", SwitchArgs.builder()
.vswitchName(name)
.vpcId(defaultNetwork.id())
.cidrBlock("10.2.1.0/24")
.zoneId(default_.zones()[0].id())
.build());
var serverless = new ServerlessKubernetes("serverless", ServerlessKubernetesArgs.builder()
.namePrefix(name)
.clusterSpec("ack.pro.small")
.vpcId(defaultNetwork.id())
.vswitchIds(defaultSwitch.id())
.newNatGateway(true)
.endpointPublicAccessEnabled(true)
.deletionProtection(false)
.timeZone("Asia/Shanghai")
.serviceCidr("172.21.0.0/20")
.tags(Map.ofEntries(
Map.entry("k-aa", "v-aa"),
Map.entry("k-bb", "v-bb")
))
.build());
}
}configuration:
name:
type: string
default: ask-example-pro
resources:
defaultNetwork:
type: alicloud:vpc:Network
name: default
properties:
vpcName: ${name}
cidrBlock: 10.2.0.0/21
defaultSwitch:
type: alicloud:vpc:Switch
name: default
properties:
vswitchName: ${name}
vpcId: ${defaultNetwork.id}
cidrBlock: 10.2.1.0/24
zoneId: ${default.zones[0].id}
serverless:
type: alicloud:cs:ServerlessKubernetes
properties:
namePrefix: ${name}
clusterSpec: ack.pro.small
vpcId: ${defaultNetwork.id}
vswitchIds:
- ${defaultSwitch.id}
newNatGateway: true
endpointPublicAccessEnabled: true
deletionProtection: false
timeZone: Asia/Shanghai
serviceCidr: 172.21.0.0/20
tags:
k-aa: v-aa
k-bb: v-bb
variables:
default:
fn::invoke:
function: alicloud:getZones
arguments:
availableResourceCreation: VSwitchImport
Serverless Kubernetes cluster can be imported using the id, e.g. Then complete the main.tf accords to the result of pulumi preview.
$ pulumi import alicloud:cs/serverlessKubernetes:ServerlessKubernetes main ce4273f9156874b46bbConstructors
Properties
You can specific network plugin, log component, ingress component and so on. See addons below. Only works for Create Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
From version 1.248.0, new DataSource alicloud.cs.getClusterCredential is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource alicloud.cs.getClusterCredential to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
From version 1.248.0, new DataSource alicloud.cs.getClusterCredential is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource alicloud.cs.getClusterCredential to an appropriate path(like ~/.kube/client-key.pem) for replace it.
From version 1.248.0, new DataSource alicloud.cs.getClusterCredential is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource alicloud.cs.getClusterCredential to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
The cluster specifications of serverless kubernetes cluster, which can be empty. Valid values:
Delete options, only work for deleting resource. Make sure you have run pulumi up to make the configuration applied. See delete_options below.
Whether enable the deletion protection or not.
Whether to enable cluster to support RRSA for version 1.22.3+. Default to false. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more RAM Roles for Service Accounts.
Whether to create internet eip for API Server. Default to false. Only works for Create Operation.
The path of kube config, like ~/.kube/config. Please use the attribute output_file of new DataSource alicloud.cs.getClusterCredential to replace it.
The cluster api server load balance instance specification, default slb.s2.small. For more information on how to select a LB instance specification, see SLB instance overview. Only works for Create Operation.
Enable log service, Valid value SLS. Only works for Create Operation.
The cluster maintenance window,effective only in the professional managed cluster. Managed node pool will use it. See maintenance_window below.
Whether to create a new nat gateway while creating kubernetes cluster. SNAT must be configured when a new VPC is automatically created. Default is true.
The cluster automatic operation policy. See operation_policy below. Removed params
Has been deprecated from provider version 1.123.1. PrivateZone is used as the enumeration value of service_discovery_types.
The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
CIDR block of the service network. The specified CIDR block cannot overlap with that of the VPC or those of the ACK clusters that are deployed in the VPC. The CIDR block cannot be modified after the cluster is created.
Service discovery type. Only works for Create Operation. If the value is empty, it means that service discovery is not enabled. Valid values are CoreDNS and PrivateZone.
If you use an existing SLS project, you must specify sls_project_name. Only works for Create Operation.
The vswitches where new kubernetes cluster will be located.