pulumi-alicloud 3.61.1__py3-none-any.whl → 3.61.2__py3-none-any.whl

pulumi_alicloud/cs/managed_kubernetes.py

@@ -54,11 +54,52 @@ class ManagedKubernetesArgs:
                  version: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a ManagedKubernetes resource.
-        :param pulumi.Input[str] client_cert: The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] client_key: The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] cluster_domain: cluster local domain
-        :param pulumi.Input[str] encryption_provider_key: disk encryption key, only in ack-pro
-        :param pulumi.Input[str] name: Node name.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] worker_vswitch_ids: The vswitches used by control plane.  See `worker_vswitch_ids` below.
+        :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]] addons: The addon you want to install in cluster. See `addons` to manage addons if cluster is created.
+               
+               *Network params*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input[str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
+        :param pulumi.Input[str] client_key: The path of client key, like `~/.kube/client-key.pem`.
+        :param pulumi.Input[str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+               
+               *Removed params*
+        :param pulumi.Input[str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
+        :param pulumi.Input[str] cluster_spec: The cluster specifications of kubernetes cluster,which can be empty. Valid values:
+               * ack.standard : Standard managed clusters.
+               * ack.pro.small : Professional managed clusters.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] control_plane_log_components: List of target components for which logs need to be collected. Supports `apiserver`, `kcm`, `scheduler`, `ccm` and `controlplane-events`.
+        :param pulumi.Input[str] control_plane_log_project: Control plane log project. If this field is not set, a log service project named k8s-log-{ClusterID} will be automatically created.
+        :param pulumi.Input[str] control_plane_log_ttl: Control plane log retention duration (unit: day). Default `30`. If control plane logs are to be collected, `control_plane_log_ttl` and `control_plane_log_components` must be specified.
+        :param pulumi.Input[str] custom_san: Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
+               > **NOTE:** Make sure you have specified all certificate SANs before updating. Updating this field will lead APIServer to restart.
+        :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesDeleteOptionArgs']]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
+        :param pulumi.Input[bool] deletion_protection: Whether to enable cluster deletion protection.
+        :param pulumi.Input[bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
+        :param pulumi.Input[str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[bool] is_enterprise_security_group: Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
+        :param pulumi.Input[str] load_balancer_spec: The cluster api server load balance instance specification, default `slb.s1.small`. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html).
+        :param pulumi.Input['ManagedKubernetesMaintenanceWindowArgs'] maintenance_window: The cluster maintenance window，effective only in the professional managed cluster. Managed node pool will use it. See `maintenance_window` below.
+        :param pulumi.Input[str] name: The kubernetes cluster's name. It is unique in one Alicloud account.
+        :param pulumi.Input[bool] new_nat_gateway: Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.
+        :param pulumi.Input[int] node_cidr_mask: The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
+        :param pulumi.Input[str] pod_cidr: [Flannel Specific] The CIDR block for the pod network when using Flannel.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] pod_vswitch_ids: [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that `pod_vswitch_ids` is not belong to `worker_vswitch_ids` but must be in same availability zones.
+        :param pulumi.Input[str] proxy_mode: Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.
+        :param pulumi.Input[str] resource_group_id: The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
+        :param pulumi.Input[str] security_group_id: The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
+        :param pulumi.Input[str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input[str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        :param pulumi.Input[bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true.
+               
+               > **NOTE:** If you want to use `Terway` as CNI network plugin, You need to specify the `pod_vswitch_ids` field and addons with `terway-eniip`.
+               If you want to use `Flannel` as CNI network plugin, You need to specify the `pod_cidr` field and addons with `flannel`.
+               
+               *Computed params*
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
+        :param pulumi.Input[str] timezone: When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
+        :param pulumi.Input[str] user_ca: The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
+        :param pulumi.Input[str] version: Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
         """
         pulumi.set(__self__, "worker_vswitch_ids", worker_vswitch_ids)
         if addons is not None:
@@ -135,6 +176,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="workerVswitchIds")
     def worker_vswitch_ids(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        The vswitches used by control plane.  See `worker_vswitch_ids` below.
+        """
         return pulumi.get(self, "worker_vswitch_ids")
 
     @worker_vswitch_ids.setter
@@ -144,6 +188,11 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter
     def addons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]]]:
+        """
+        The addon you want to install in cluster. See `addons` to manage addons if cluster is created.
+
+        *Network params*
+        """
         return pulumi.get(self, "addons")
 
     @addons.setter
@@ -153,6 +202,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="apiAudiences")
     def api_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        """
         return pulumi.get(self, "api_audiences")
 
     @api_audiences.setter
@@ -163,7 +215,7 @@ class ManagedKubernetesArgs:
     @pulumi.getter(name="clientCert")
     def client_cert(self) -> Optional[pulumi.Input[str]]:
         """
-        The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.
+        The path of client certificate, like `~/.kube/client-cert.pem`.
         """
         return pulumi.get(self, "client_cert")
 
@@ -175,7 +227,7 @@ class ManagedKubernetesArgs:
     @pulumi.getter(name="clientKey")
     def client_key(self) -> Optional[pulumi.Input[str]]:
         """
-        The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.
+        The path of client key, like `~/.kube/client-key.pem`.
         """
         return pulumi.get(self, "client_key")
 
@@ -186,6 +238,11 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="clusterCaCert")
     def cluster_ca_cert(self) -> Optional[pulumi.Input[str]]:
+        """
+        The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+
+        *Removed params*
+        """
         return pulumi.get(self, "cluster_ca_cert")
 
     @cluster_ca_cert.setter
@@ -196,7 +253,7 @@ class ManagedKubernetesArgs:
     @pulumi.getter(name="clusterDomain")
     def cluster_domain(self) -> Optional[pulumi.Input[str]]:
         """
-        cluster local domain
+        Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
         """
         return pulumi.get(self, "cluster_domain")
 
@@ -207,6 +264,11 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="clusterSpec")
     def cluster_spec(self) -> Optional[pulumi.Input[str]]:
+        """
+        The cluster specifications of kubernetes cluster,which can be empty. Valid values:
+        * ack.standard : Standard managed clusters.
+        * ack.pro.small : Professional managed clusters.
+        """
         return pulumi.get(self, "cluster_spec")
 
     @cluster_spec.setter
@@ -216,6 +278,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="controlPlaneLogComponents")
     def control_plane_log_components(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of target components for which logs need to be collected. Supports `apiserver`, `kcm`, `scheduler`, `ccm` and `controlplane-events`.
+        """
         return pulumi.get(self, "control_plane_log_components")
 
     @control_plane_log_components.setter
@@ -225,6 +290,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="controlPlaneLogProject")
     def control_plane_log_project(self) -> Optional[pulumi.Input[str]]:
+        """
+        Control plane log project. If this field is not set, a log service project named k8s-log-{ClusterID} will be automatically created.
+        """
         return pulumi.get(self, "control_plane_log_project")
 
     @control_plane_log_project.setter
@@ -234,6 +302,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="controlPlaneLogTtl")
     def control_plane_log_ttl(self) -> Optional[pulumi.Input[str]]:
+        """
+        Control plane log retention duration (unit: day). Default `30`. If control plane logs are to be collected, `control_plane_log_ttl` and `control_plane_log_components` must be specified.
+        """
         return pulumi.get(self, "control_plane_log_ttl")
 
     @control_plane_log_ttl.setter
@@ -243,6 +314,10 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="customSan")
     def custom_san(self) -> Optional[pulumi.Input[str]]:
+        """
+        Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
+        > **NOTE:** Make sure you have specified all certificate SANs before updating. Updating this field will lead APIServer to restart.
+        """
         return pulumi.get(self, "custom_san")
 
     @custom_san.setter
@@ -252,6 +327,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="deleteOptions")
     def delete_options(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesDeleteOptionArgs']]]]:
+        """
+        Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
+        """
         return pulumi.get(self, "delete_options")
 
     @delete_options.setter
@@ -261,6 +339,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to enable cluster deletion protection.
+        """
         return pulumi.get(self, "deletion_protection")
 
     @deletion_protection.setter
@@ -270,6 +351,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="enableRrsa")
     def enable_rrsa(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
+        """
         return pulumi.get(self, "enable_rrsa")
 
     @enable_rrsa.setter
@@ -280,7 +364,7 @@ class ManagedKubernetesArgs:
     @pulumi.getter(name="encryptionProviderKey")
     def encryption_provider_key(self) -> Optional[pulumi.Input[str]]:
         """
-        disk encryption key, only in ack-pro
+        The disk encryption key.
         """
         return pulumi.get(self, "encryption_provider_key")
 
@@ -291,6 +375,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="isEnterpriseSecurityGroup")
     def is_enterprise_security_group(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
+        """
         return pulumi.get(self, "is_enterprise_security_group")
 
     @is_enterprise_security_group.setter
@@ -300,6 +387,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="loadBalancerSpec")
     def load_balancer_spec(self) -> Optional[pulumi.Input[str]]:
+        """
+        The cluster api server load balance instance specification, default `slb.s1.small`. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html).
+        """
         return pulumi.get(self, "load_balancer_spec")
 
     @load_balancer_spec.setter
@@ -309,6 +399,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="maintenanceWindow")
     def maintenance_window(self) -> Optional[pulumi.Input['ManagedKubernetesMaintenanceWindowArgs']]:
+        """
+        The cluster maintenance window，effective only in the professional managed cluster. Managed node pool will use it. See `maintenance_window` below.
+        """
         return pulumi.get(self, "maintenance_window")
 
     @maintenance_window.setter
@@ -319,7 +412,7 @@ class ManagedKubernetesArgs:
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[str]]:
         """
-        Node name.
+        The kubernetes cluster's name. It is unique in one Alicloud account.
         """
         return pulumi.get(self, "name")
 
@@ -339,6 +432,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="newNatGateway")
     def new_nat_gateway(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.
+        """
         return pulumi.get(self, "new_nat_gateway")
 
     @new_nat_gateway.setter
@@ -348,6 +444,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="nodeCidrMask")
     def node_cidr_mask(self) -> Optional[pulumi.Input[int]]:
+        """
+        The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
+        """
         return pulumi.get(self, "node_cidr_mask")
 
     @node_cidr_mask.setter
@@ -357,6 +456,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="podCidr")
     def pod_cidr(self) -> Optional[pulumi.Input[str]]:
+        """
+        [Flannel Specific] The CIDR block for the pod network when using Flannel.
+        """
         return pulumi.get(self, "pod_cidr")
 
     @pod_cidr.setter
@@ -366,6 +468,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="podVswitchIds")
     def pod_vswitch_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that `pod_vswitch_ids` is not belong to `worker_vswitch_ids` but must be in same availability zones.
+        """
         return pulumi.get(self, "pod_vswitch_ids")
 
     @pod_vswitch_ids.setter
@@ -375,6 +480,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="proxyMode")
     def proxy_mode(self) -> Optional[pulumi.Input[str]]:
+        """
+        Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.
+        """
         return pulumi.get(self, "proxy_mode")
 
     @proxy_mode.setter
@@ -384,6 +492,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="resourceGroupId")
     def resource_group_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
+        """
         return pulumi.get(self, "resource_group_id")
 
     @resource_group_id.setter
@@ -402,6 +513,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="securityGroupId")
     def security_group_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
+        """
         return pulumi.get(self, "security_group_id")
 
     @security_group_id.setter
@@ -411,6 +525,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="serviceAccountIssuer")
     def service_account_issuer(self) -> Optional[pulumi.Input[str]]:
+        """
+        The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        """
         return pulumi.get(self, "service_account_issuer")
 
     @service_account_issuer.setter
@@ -420,6 +537,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="serviceCidr")
     def service_cidr(self) -> Optional[pulumi.Input[str]]:
+        """
+        The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        """
         return pulumi.get(self, "service_cidr")
 
     @service_cidr.setter
@@ -429,6 +549,14 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="slbInternetEnabled")
     def slb_internet_enabled(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to create internet load balancer for API Server. Default to true.
+
+        > **NOTE:** If you want to use `Terway` as CNI network plugin, You need to specify the `pod_vswitch_ids` field and addons with `terway-eniip`.
+        If you want to use `Flannel` as CNI network plugin, You need to specify the `pod_cidr` field and addons with `flannel`.
+
+        *Computed params*
+        """
         return pulumi.get(self, "slb_internet_enabled")
 
     @slb_internet_enabled.setter
@@ -438,6 +566,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter
     def tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
+        """
         return pulumi.get(self, "tags")
 
     @tags.setter
@@ -447,6 +578,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter
     def timezone(self) -> Optional[pulumi.Input[str]]:
+        """
+        When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
+        """
         return pulumi.get(self, "timezone")
 
     @timezone.setter
@@ -456,6 +590,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="userCa")
     def user_ca(self) -> Optional[pulumi.Input[str]]:
+        """
+        The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
+        """
         return pulumi.get(self, "user_ca")
 
     @user_ca.setter
@@ -465,6 +602,9 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter
     def version(self) -> Optional[pulumi.Input[str]]:
+        """
+        Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
+        """
         return pulumi.get(self, "version")
 
     @version.setter
@@ -522,20 +662,61 @@ class _ManagedKubernetesState:
                  worker_vswitch_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
         Input properties used for looking up and filtering ManagedKubernetes resources.
-        :param pulumi.Input['ManagedKubernetesCertificateAuthorityArgs'] certificate_authority: (Available in 1.105.0+) Nested attribute containing certificate authority data for your cluster.
-        :param pulumi.Input[str] client_cert: The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] client_key: The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] cluster_domain: cluster local domain
+        :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]] addons: The addon you want to install in cluster. See `addons` to manage addons if cluster is created.
+               
+               *Network params*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input['ManagedKubernetesCertificateAuthorityArgs'] certificate_authority: (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
+        :param pulumi.Input[str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
+        :param pulumi.Input[str] client_key: The path of client key, like `~/.kube/client-key.pem`.
+        :param pulumi.Input[str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+               
+               *Removed params*
+        :param pulumi.Input[str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
+        :param pulumi.Input[str] cluster_spec: The cluster specifications of kubernetes cluster,which can be empty. Valid values:
+               * ack.standard : Standard managed clusters.
+               * ack.pro.small : Professional managed clusters.
         :param pulumi.Input['ManagedKubernetesConnectionsArgs'] connections: Map of kubernetes cluster connection information.
-        :param pulumi.Input[str] encryption_provider_key: disk encryption key, only in ack-pro
-        :param pulumi.Input[str] name: Node name.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] control_plane_log_components: List of target components for which logs need to be collected. Supports `apiserver`, `kcm`, `scheduler`, `ccm` and `controlplane-events`.
+        :param pulumi.Input[str] control_plane_log_project: Control plane log project. If this field is not set, a log service project named k8s-log-{ClusterID} will be automatically created.
+        :param pulumi.Input[str] control_plane_log_ttl: Control plane log retention duration (unit: day). Default `30`. If control plane logs are to be collected, `control_plane_log_ttl` and `control_plane_log_components` must be specified.
+        :param pulumi.Input[str] custom_san: Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
+               > **NOTE:** Make sure you have specified all certificate SANs before updating. Updating this field will lead APIServer to restart.
+        :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesDeleteOptionArgs']]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
+        :param pulumi.Input[bool] deletion_protection: Whether to enable cluster deletion protection.
+        :param pulumi.Input[bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
+        :param pulumi.Input[str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[bool] is_enterprise_security_group: Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
+        :param pulumi.Input[str] load_balancer_spec: The cluster api server load balance instance specification, default `slb.s1.small`. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html).
+        :param pulumi.Input['ManagedKubernetesMaintenanceWindowArgs'] maintenance_window: The cluster maintenance window，effective only in the professional managed cluster. Managed node pool will use it. See `maintenance_window` below.
+        :param pulumi.Input[str] name: The kubernetes cluster's name. It is unique in one Alicloud account.
         :param pulumi.Input[str] nat_gateway_id: The ID of nat gateway used to launch kubernetes cluster.
-        :param pulumi.Input['ManagedKubernetesRrsaMetadataArgs'] rrsa_metadata: (Optional, Available in v1.185.0+) Nested attribute containing RRSA related data for your cluster.
+        :param pulumi.Input[bool] new_nat_gateway: Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.
+        :param pulumi.Input[int] node_cidr_mask: The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
+        :param pulumi.Input[str] pod_cidr: [Flannel Specific] The CIDR block for the pod network when using Flannel.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] pod_vswitch_ids: [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that `pod_vswitch_ids` is not belong to `worker_vswitch_ids` but must be in same availability zones.
+        :param pulumi.Input[str] proxy_mode: Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.
+        :param pulumi.Input[str] resource_group_id: The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
+        :param pulumi.Input['ManagedKubernetesRrsaMetadataArgs'] rrsa_metadata: (Optional, Available since v1.185.0) Nested attribute containing RRSA related data for your cluster.
+        :param pulumi.Input[str] security_group_id: The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
+        :param pulumi.Input[str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input[str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
         :param pulumi.Input[str] slb_id: The ID of APIServer load balancer.
         :param pulumi.Input[str] slb_internet: The public ip of load balancer.
+        :param pulumi.Input[bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true.
+               
+               > **NOTE:** If you want to use `Terway` as CNI network plugin, You need to specify the `pod_vswitch_ids` field and addons with `terway-eniip`.
+               If you want to use `Flannel` as CNI network plugin, You need to specify the `pod_cidr` field and addons with `flannel`.
+               
+               *Computed params*
         :param pulumi.Input[str] slb_intranet: The ID of private load balancer where the current cluster master node is located.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
+        :param pulumi.Input[str] timezone: When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
+        :param pulumi.Input[str] user_ca: The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
+        :param pulumi.Input[str] version: Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
         :param pulumi.Input[str] vpc_id: The ID of VPC where the current cluster is located.
         :param pulumi.Input[str] worker_ram_role_name: The RamRole Name attached to worker node.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] worker_vswitch_ids: The vswitches used by control plane.  See `worker_vswitch_ids` below.
         """
         if addons is not None:
             pulumi.set(__self__, "addons", addons)
@@ -631,6 +812,11 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter
     def addons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]]]:
+        """
+        The addon you want to install in cluster. See `addons` to manage addons if cluster is created.
+
+        *Network params*
+        """
         return pulumi.get(self, "addons")
 
     @addons.setter
@@ -640,6 +826,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="apiAudiences")
     def api_audiences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        """
         return pulumi.get(self, "api_audiences")
 
     @api_audiences.setter
@@ -650,7 +839,7 @@ class _ManagedKubernetesState:
     @pulumi.getter(name="certificateAuthority")
     def certificate_authority(self) -> Optional[pulumi.Input['ManagedKubernetesCertificateAuthorityArgs']]:
         """
-        (Available in 1.105.0+) Nested attribute containing certificate authority data for your cluster.
+        (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
         """
         return pulumi.get(self, "certificate_authority")
 
@@ -662,7 +851,7 @@ class _ManagedKubernetesState:
     @pulumi.getter(name="clientCert")
     def client_cert(self) -> Optional[pulumi.Input[str]]:
         """
-        The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.
+        The path of client certificate, like `~/.kube/client-cert.pem`.
         """
         return pulumi.get(self, "client_cert")
 
@@ -674,7 +863,7 @@ class _ManagedKubernetesState:
     @pulumi.getter(name="clientKey")
     def client_key(self) -> Optional[pulumi.Input[str]]:
         """
-        The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.
+        The path of client key, like `~/.kube/client-key.pem`.
         """
         return pulumi.get(self, "client_key")
 
@@ -685,6 +874,11 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="clusterCaCert")
     def cluster_ca_cert(self) -> Optional[pulumi.Input[str]]:
+        """
+        The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+
+        *Removed params*
+        """
         return pulumi.get(self, "cluster_ca_cert")
 
     @cluster_ca_cert.setter
@@ -695,7 +889,7 @@ class _ManagedKubernetesState:
     @pulumi.getter(name="clusterDomain")
     def cluster_domain(self) -> Optional[pulumi.Input[str]]:
         """
-        cluster local domain
+        Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
         """
         return pulumi.get(self, "cluster_domain")
 
@@ -706,6 +900,11 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="clusterSpec")
     def cluster_spec(self) -> Optional[pulumi.Input[str]]:
+        """
+        The cluster specifications of kubernetes cluster,which can be empty. Valid values:
+        * ack.standard : Standard managed clusters.
+        * ack.pro.small : Professional managed clusters.
+        """
         return pulumi.get(self, "cluster_spec")
 
     @cluster_spec.setter
@@ -727,6 +926,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="controlPlaneLogComponents")
     def control_plane_log_components(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of target components for which logs need to be collected. Supports `apiserver`, `kcm`, `scheduler`, `ccm` and `controlplane-events`.
+        """
         return pulumi.get(self, "control_plane_log_components")
 
     @control_plane_log_components.setter
@@ -736,6 +938,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="controlPlaneLogProject")
     def control_plane_log_project(self) -> Optional[pulumi.Input[str]]:
+        """
+        Control plane log project. If this field is not set, a log service project named k8s-log-{ClusterID} will be automatically created.
+        """
         return pulumi.get(self, "control_plane_log_project")
 
     @control_plane_log_project.setter
@@ -745,6 +950,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="controlPlaneLogTtl")
     def control_plane_log_ttl(self) -> Optional[pulumi.Input[str]]:
+        """
+        Control plane log retention duration (unit: day). Default `30`. If control plane logs are to be collected, `control_plane_log_ttl` and `control_plane_log_components` must be specified.
+        """
         return pulumi.get(self, "control_plane_log_ttl")
 
     @control_plane_log_ttl.setter
@@ -754,6 +962,10 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="customSan")
     def custom_san(self) -> Optional[pulumi.Input[str]]:
+        """
+        Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
+        > **NOTE:** Make sure you have specified all certificate SANs before updating. Updating this field will lead APIServer to restart.
+        """
         return pulumi.get(self, "custom_san")
 
     @custom_san.setter
@@ -763,6 +975,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="deleteOptions")
     def delete_options(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesDeleteOptionArgs']]]]:
+        """
+        Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
+        """
         return pulumi.get(self, "delete_options")
 
     @delete_options.setter
@@ -772,6 +987,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to enable cluster deletion protection.
+        """
         return pulumi.get(self, "deletion_protection")
 
     @deletion_protection.setter
@@ -781,6 +999,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="enableRrsa")
     def enable_rrsa(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
+        """
         return pulumi.get(self, "enable_rrsa")
 
     @enable_rrsa.setter
@@ -791,7 +1012,7 @@ class _ManagedKubernetesState:
     @pulumi.getter(name="encryptionProviderKey")
     def encryption_provider_key(self) -> Optional[pulumi.Input[str]]:
         """
-        disk encryption key, only in ack-pro
+        The disk encryption key.
         """
         return pulumi.get(self, "encryption_provider_key")
 
@@ -802,6 +1023,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="isEnterpriseSecurityGroup")
     def is_enterprise_security_group(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
+        """
         return pulumi.get(self, "is_enterprise_security_group")
 
     @is_enterprise_security_group.setter
@@ -811,6 +1035,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="loadBalancerSpec")
     def load_balancer_spec(self) -> Optional[pulumi.Input[str]]:
+        """
+        The cluster api server load balance instance specification, default `slb.s1.small`. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html).
+        """
         return pulumi.get(self, "load_balancer_spec")
 
     @load_balancer_spec.setter
@@ -820,6 +1047,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="maintenanceWindow")
     def maintenance_window(self) -> Optional[pulumi.Input['ManagedKubernetesMaintenanceWindowArgs']]:
+        """
+        The cluster maintenance window，effective only in the professional managed cluster. Managed node pool will use it. See `maintenance_window` below.
+        """
         return pulumi.get(self, "maintenance_window")
 
     @maintenance_window.setter
@@ -830,7 +1060,7 @@ class _ManagedKubernetesState:
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[str]]:
         """
-        Node name.
+        The kubernetes cluster's name. It is unique in one Alicloud account.
         """
         return pulumi.get(self, "name")
 
@@ -862,6 +1092,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="newNatGateway")
     def new_nat_gateway(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.
+        """
         return pulumi.get(self, "new_nat_gateway")
 
     @new_nat_gateway.setter
@@ -871,6 +1104,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="nodeCidrMask")
     def node_cidr_mask(self) -> Optional[pulumi.Input[int]]:
+        """
+        The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
+        """
         return pulumi.get(self, "node_cidr_mask")
 
     @node_cidr_mask.setter
@@ -880,6 +1116,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="podCidr")
     def pod_cidr(self) -> Optional[pulumi.Input[str]]:
+        """
+        [Flannel Specific] The CIDR block for the pod network when using Flannel.
+        """
         return pulumi.get(self, "pod_cidr")
 
     @pod_cidr.setter
@@ -889,6 +1128,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="podVswitchIds")
     def pod_vswitch_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that `pod_vswitch_ids` is not belong to `worker_vswitch_ids` but must be in same availability zones.
+        """
         return pulumi.get(self, "pod_vswitch_ids")
 
     @pod_vswitch_ids.setter
@@ -898,6 +1140,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="proxyMode")
     def proxy_mode(self) -> Optional[pulumi.Input[str]]:
+        """
+        Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.
+        """
         return pulumi.get(self, "proxy_mode")
 
     @proxy_mode.setter
@@ -907,6 +1152,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="resourceGroupId")
     def resource_group_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
+        """
         return pulumi.get(self, "resource_group_id")
 
     @resource_group_id.setter
@@ -926,7 +1174,7 @@ class _ManagedKubernetesState:
     @pulumi.getter(name="rrsaMetadata")
     def rrsa_metadata(self) -> Optional[pulumi.Input['ManagedKubernetesRrsaMetadataArgs']]:
         """
-        (Optional, Available in v1.185.0+) Nested attribute containing RRSA related data for your cluster.
+        (Optional, Available since v1.185.0) Nested attribute containing RRSA related data for your cluster.
         """
         return pulumi.get(self, "rrsa_metadata")
 
@@ -937,6 +1185,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="securityGroupId")
     def security_group_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
+        """
         return pulumi.get(self, "security_group_id")
 
     @security_group_id.setter
@@ -946,6 +1197,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="serviceAccountIssuer")
     def service_account_issuer(self) -> Optional[pulumi.Input[str]]:
+        """
+        The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        """
         return pulumi.get(self, "service_account_issuer")
 
     @service_account_issuer.setter
@@ -955,6 +1209,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="serviceCidr")
     def service_cidr(self) -> Optional[pulumi.Input[str]]:
+        """
+        The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        """
         return pulumi.get(self, "service_cidr")
 
     @service_cidr.setter
@@ -988,6 +1245,14 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="slbInternetEnabled")
     def slb_internet_enabled(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether to create internet load balancer for API Server. Default to true.
+
+        > **NOTE:** If you want to use `Terway` as CNI network plugin, You need to specify the `pod_vswitch_ids` field and addons with `terway-eniip`.
+        If you want to use `Flannel` as CNI network plugin, You need to specify the `pod_cidr` field and addons with `flannel`.
+
+        *Computed params*
+        """
         return pulumi.get(self, "slb_internet_enabled")
 
     @slb_internet_enabled.setter
@@ -1009,6 +1274,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter
     def tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
+        """
+        Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
+        """
         return pulumi.get(self, "tags")
 
     @tags.setter
@@ -1018,6 +1286,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter
     def timezone(self) -> Optional[pulumi.Input[str]]:
+        """
+        When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
+        """
         return pulumi.get(self, "timezone")
 
     @timezone.setter
@@ -1027,6 +1298,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="userCa")
     def user_ca(self) -> Optional[pulumi.Input[str]]:
+        """
+        The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
+        """
         return pulumi.get(self, "user_ca")
 
     @user_ca.setter
@@ -1036,6 +1310,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter
     def version(self) -> Optional[pulumi.Input[str]]:
+        """
+        Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
+        """
         return pulumi.get(self, "version")
 
     @version.setter
@@ -1069,6 +1346,9 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="workerVswitchIds")
     def worker_vswitch_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        The vswitches used by control plane.  See `worker_vswitch_ids` below.
+        """
         return pulumi.get(self, "worker_vswitch_ids")
 
     @worker_vswitch_ids.setter
@@ -1145,7 +1425,7 @@ class ManagedKubernetes(pulumi.CustomResource):
 
         > **NOTE:** From version 1.120.0, Support for cluster migration from Standard cluster to professional.
 
-        > **NOTE:** From version 1.177.0+, `runtime`,`enable_ssh`,`rds_instances`,`exclude_autoscaler_nodes`,`worker_number`,`worker_instance_types`,`password`,`key_name`,`kms_encrypted_password`,`kms_encryption_context`,`worker_instance_charge_type`,`worker_period`,`worker_period_unit`,`worker_auto_renew`,`worker_auto_renew_period`,`worker_disk_category`,`worker_disk_size`,`worker_data_disks`,`node_name_mode`,`node_port_range`,`os_type`,`platform`,`image_id`,`cpu_policy`,`user_data`,`taints`,`worker_disk_performance_level`,`worker_disk_snapshot_policy_id`,`install_cloud_monitor` are deprecated.
+        > **NOTE:** From version 1.177.0, `runtime`,`enable_ssh`,`rds_instances`,`exclude_autoscaler_nodes`,`worker_number`,`worker_instance_types`,`password`,`key_name`,`kms_encrypted_password`,`kms_encryption_context`,`worker_instance_charge_type`,`worker_period`,`worker_period_unit`,`worker_auto_renew`,`worker_auto_renew_period`,`worker_disk_category`,`worker_disk_size`,`worker_data_disks`,`node_name_mode`,`node_port_range`,`os_type`,`platform`,`image_id`,`cpu_policy`,`user_data`,`taints`,`worker_disk_performance_level`,`worker_disk_snapshot_policy_id`,`install_cloud_monitor` are deprecated.
         We Suggest you using resource **`cs.NodePool`** to manage your cluster worker nodes.
 
         > **NOTE:** From version 1.212.0, `runtime`,`enable_ssh`,`rds_instances`,`exclude_autoscaler_nodes`,`worker_number`,`worker_instance_types`,`password`,`key_name`,`kms_encrypted_password`,`kms_encryption_context`,`worker_instance_charge_type`,`worker_period`,`worker_period_unit`,`worker_auto_renew`,`worker_auto_renew_period`,`worker_disk_category`,`worker_disk_size`,`worker_data_disks`,`node_name_mode`,`node_port_range`,`os_type`,`platform`,`image_id`,`cpu_policy`,`user_data`,`taints`,`worker_disk_performance_level`,`worker_disk_snapshot_policy_id`,`install_cloud_monitor`,`kube_config`,`availability_zone` are removed.
@@ -1161,11 +1441,52 @@ class ManagedKubernetes(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] client_cert: The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] client_key: The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] cluster_domain: cluster local domain
-        :param pulumi.Input[str] encryption_provider_key: disk encryption key, only in ack-pro
-        :param pulumi.Input[str] name: Node name.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesAddonArgs', 'ManagedKubernetesAddonArgsDict']]]] addons: The addon you want to install in cluster. See `addons` to manage addons if cluster is created.
+               
+               *Network params*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input[str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
+        :param pulumi.Input[str] client_key: The path of client key, like `~/.kube/client-key.pem`.
+        :param pulumi.Input[str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+               
+               *Removed params*
+        :param pulumi.Input[str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
+        :param pulumi.Input[str] cluster_spec: The cluster specifications of kubernetes cluster,which can be empty. Valid values:
+               * ack.standard : Standard managed clusters.
+               * ack.pro.small : Professional managed clusters.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] control_plane_log_components: List of target components for which logs need to be collected. Supports `apiserver`, `kcm`, `scheduler`, `ccm` and `controlplane-events`.
+        :param pulumi.Input[str] control_plane_log_project: Control plane log project. If this field is not set, a log service project named k8s-log-{ClusterID} will be automatically created.
+        :param pulumi.Input[str] control_plane_log_ttl: Control plane log retention duration (unit: day). Default `30`. If control plane logs are to be collected, `control_plane_log_ttl` and `control_plane_log_components` must be specified.
+        :param pulumi.Input[str] custom_san: Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
+               > **NOTE:** Make sure you have specified all certificate SANs before updating. Updating this field will lead APIServer to restart.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesDeleteOptionArgs', 'ManagedKubernetesDeleteOptionArgsDict']]]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
+        :param pulumi.Input[bool] deletion_protection: Whether to enable cluster deletion protection.
+        :param pulumi.Input[bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
+        :param pulumi.Input[str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[bool] is_enterprise_security_group: Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
+        :param pulumi.Input[str] load_balancer_spec: The cluster api server load balance instance specification, default `slb.s1.small`. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html).
+        :param pulumi.Input[Union['ManagedKubernetesMaintenanceWindowArgs', 'ManagedKubernetesMaintenanceWindowArgsDict']] maintenance_window: The cluster maintenance window，effective only in the professional managed cluster. Managed node pool will use it. See `maintenance_window` below.
+        :param pulumi.Input[str] name: The kubernetes cluster's name. It is unique in one Alicloud account.
+        :param pulumi.Input[bool] new_nat_gateway: Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.
+        :param pulumi.Input[int] node_cidr_mask: The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
+        :param pulumi.Input[str] pod_cidr: [Flannel Specific] The CIDR block for the pod network when using Flannel.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] pod_vswitch_ids: [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that `pod_vswitch_ids` is not belong to `worker_vswitch_ids` but must be in same availability zones.
+        :param pulumi.Input[str] proxy_mode: Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.
+        :param pulumi.Input[str] resource_group_id: The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
+        :param pulumi.Input[str] security_group_id: The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
+        :param pulumi.Input[str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input[str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        :param pulumi.Input[bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true.
+               
+               > **NOTE:** If you want to use `Terway` as CNI network plugin, You need to specify the `pod_vswitch_ids` field and addons with `terway-eniip`.
+               If you want to use `Flannel` as CNI network plugin, You need to specify the `pod_cidr` field and addons with `flannel`.
+               
+               *Computed params*
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
+        :param pulumi.Input[str] timezone: When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
+        :param pulumi.Input[str] user_ca: The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
+        :param pulumi.Input[str] version: Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] worker_vswitch_ids: The vswitches used by control plane.  See `worker_vswitch_ids` below.
         """
         ...
     @overload
@@ -1200,7 +1521,7 @@ class ManagedKubernetes(pulumi.CustomResource):
 
         > **NOTE:** From version 1.120.0, Support for cluster migration from Standard cluster to professional.
 
-        > **NOTE:** From version 1.177.0+, `runtime`,`enable_ssh`,`rds_instances`,`exclude_autoscaler_nodes`,`worker_number`,`worker_instance_types`,`password`,`key_name`,`kms_encrypted_password`,`kms_encryption_context`,`worker_instance_charge_type`,`worker_period`,`worker_period_unit`,`worker_auto_renew`,`worker_auto_renew_period`,`worker_disk_category`,`worker_disk_size`,`worker_data_disks`,`node_name_mode`,`node_port_range`,`os_type`,`platform`,`image_id`,`cpu_policy`,`user_data`,`taints`,`worker_disk_performance_level`,`worker_disk_snapshot_policy_id`,`install_cloud_monitor` are deprecated.
+        > **NOTE:** From version 1.177.0, `runtime`,`enable_ssh`,`rds_instances`,`exclude_autoscaler_nodes`,`worker_number`,`worker_instance_types`,`password`,`key_name`,`kms_encrypted_password`,`kms_encryption_context`,`worker_instance_charge_type`,`worker_period`,`worker_period_unit`,`worker_auto_renew`,`worker_auto_renew_period`,`worker_disk_category`,`worker_disk_size`,`worker_data_disks`,`node_name_mode`,`node_port_range`,`os_type`,`platform`,`image_id`,`cpu_policy`,`user_data`,`taints`,`worker_disk_performance_level`,`worker_disk_snapshot_policy_id`,`install_cloud_monitor` are deprecated.
         We Suggest you using resource **`cs.NodePool`** to manage your cluster worker nodes.
 
         > **NOTE:** From version 1.212.0, `runtime`,`enable_ssh`,`rds_instances`,`exclude_autoscaler_nodes`,`worker_number`,`worker_instance_types`,`password`,`key_name`,`kms_encrypted_password`,`kms_encryption_context`,`worker_instance_charge_type`,`worker_period`,`worker_period_unit`,`worker_auto_renew`,`worker_auto_renew_period`,`worker_disk_category`,`worker_disk_size`,`worker_data_disks`,`node_name_mode`,`node_port_range`,`os_type`,`platform`,`image_id`,`cpu_policy`,`user_data`,`taints`,`worker_disk_performance_level`,`worker_disk_snapshot_policy_id`,`install_cloud_monitor`,`kube_config`,`availability_zone` are removed.
@@ -1383,20 +1704,61 @@ class ManagedKubernetes(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[Union['ManagedKubernetesCertificateAuthorityArgs', 'ManagedKubernetesCertificateAuthorityArgsDict']] certificate_authority: (Available in 1.105.0+) Nested attribute containing certificate authority data for your cluster.
-        :param pulumi.Input[str] client_cert: The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] client_key: The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.
-        :param pulumi.Input[str] cluster_domain: cluster local domain
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesAddonArgs', 'ManagedKubernetesAddonArgsDict']]]] addons: The addon you want to install in cluster. See `addons` to manage addons if cluster is created.
+               
+               *Network params*
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input[Union['ManagedKubernetesCertificateAuthorityArgs', 'ManagedKubernetesCertificateAuthorityArgsDict']] certificate_authority: (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
+        :param pulumi.Input[str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
+        :param pulumi.Input[str] client_key: The path of client key, like `~/.kube/client-key.pem`.
+        :param pulumi.Input[str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+               
+               *Removed params*
+        :param pulumi.Input[str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
+        :param pulumi.Input[str] cluster_spec: The cluster specifications of kubernetes cluster,which can be empty. Valid values:
+               * ack.standard : Standard managed clusters.
+               * ack.pro.small : Professional managed clusters.
         :param pulumi.Input[Union['ManagedKubernetesConnectionsArgs', 'ManagedKubernetesConnectionsArgsDict']] connections: Map of kubernetes cluster connection information.
-        :param pulumi.Input[str] encryption_provider_key: disk encryption key, only in ack-pro
-        :param pulumi.Input[str] name: Node name.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] control_plane_log_components: List of target components for which logs need to be collected. Supports `apiserver`, `kcm`, `scheduler`, `ccm` and `controlplane-events`.
+        :param pulumi.Input[str] control_plane_log_project: Control plane log project. If this field is not set, a log service project named k8s-log-{ClusterID} will be automatically created.
+        :param pulumi.Input[str] control_plane_log_ttl: Control plane log retention duration (unit: day). Default `30`. If control plane logs are to be collected, `control_plane_log_ttl` and `control_plane_log_components` must be specified.
+        :param pulumi.Input[str] custom_san: Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
+               > **NOTE:** Make sure you have specified all certificate SANs before updating. Updating this field will lead APIServer to restart.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesDeleteOptionArgs', 'ManagedKubernetesDeleteOptionArgsDict']]]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
+        :param pulumi.Input[bool] deletion_protection: Whether to enable cluster deletion protection.
+        :param pulumi.Input[bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
+        :param pulumi.Input[str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[bool] is_enterprise_security_group: Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
+        :param pulumi.Input[str] load_balancer_spec: The cluster api server load balance instance specification, default `slb.s1.small`. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html).
+        :param pulumi.Input[Union['ManagedKubernetesMaintenanceWindowArgs', 'ManagedKubernetesMaintenanceWindowArgsDict']] maintenance_window: The cluster maintenance window，effective only in the professional managed cluster. Managed node pool will use it. See `maintenance_window` below.
+        :param pulumi.Input[str] name: The kubernetes cluster's name. It is unique in one Alicloud account.
         :param pulumi.Input[str] nat_gateway_id: The ID of nat gateway used to launch kubernetes cluster.
-        :param pulumi.Input[Union['ManagedKubernetesRrsaMetadataArgs', 'ManagedKubernetesRrsaMetadataArgsDict']] rrsa_metadata: (Optional, Available in v1.185.0+) Nested attribute containing RRSA related data for your cluster.
+        :param pulumi.Input[bool] new_nat_gateway: Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.
+        :param pulumi.Input[int] node_cidr_mask: The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
+        :param pulumi.Input[str] pod_cidr: [Flannel Specific] The CIDR block for the pod network when using Flannel.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] pod_vswitch_ids: [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that `pod_vswitch_ids` is not belong to `worker_vswitch_ids` but must be in same availability zones.
+        :param pulumi.Input[str] proxy_mode: Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.
+        :param pulumi.Input[str] resource_group_id: The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
+        :param pulumi.Input[Union['ManagedKubernetesRrsaMetadataArgs', 'ManagedKubernetesRrsaMetadataArgsDict']] rrsa_metadata: (Optional, Available since v1.185.0) Nested attribute containing RRSA related data for your cluster.
+        :param pulumi.Input[str] security_group_id: The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
+        :param pulumi.Input[str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        :param pulumi.Input[str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
         :param pulumi.Input[str] slb_id: The ID of APIServer load balancer.
         :param pulumi.Input[str] slb_internet: The public ip of load balancer.
+        :param pulumi.Input[bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true.
+               
+               > **NOTE:** If you want to use `Terway` as CNI network plugin, You need to specify the `pod_vswitch_ids` field and addons with `terway-eniip`.
+               If you want to use `Flannel` as CNI network plugin, You need to specify the `pod_cidr` field and addons with `flannel`.
+               
+               *Computed params*
         :param pulumi.Input[str] slb_intranet: The ID of private load balancer where the current cluster master node is located.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
+        :param pulumi.Input[str] timezone: When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
+        :param pulumi.Input[str] user_ca: The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
+        :param pulumi.Input[str] version: Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
         :param pulumi.Input[str] vpc_id: The ID of VPC where the current cluster is located.
         :param pulumi.Input[str] worker_ram_role_name: The RamRole Name attached to worker node.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] worker_vswitch_ids: The vswitches used by control plane.  See `worker_vswitch_ids` below.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -1452,18 +1814,26 @@ class ManagedKubernetes(pulumi.CustomResource):
     @property
     @pulumi.getter
     def addons(self) -> pulumi.Output[Optional[Sequence['outputs.ManagedKubernetesAddon']]]:
+        """
+        The addon you want to install in cluster. See `addons` to manage addons if cluster is created.
+
+        *Network params*
+        """
         return pulumi.get(self, "addons")
 
     @property
     @pulumi.getter(name="apiAudiences")
     def api_audiences(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        """
         return pulumi.get(self, "api_audiences")
 
     @property
     @pulumi.getter(name="certificateAuthority")
     def certificate_authority(self) -> pulumi.Output['outputs.ManagedKubernetesCertificateAuthority']:
         """
-        (Available in 1.105.0+) Nested attribute containing certificate authority data for your cluster.
+        (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
         """
         return pulumi.get(self, "certificate_authority")
 
@@ -1471,7 +1841,7 @@ class ManagedKubernetes(pulumi.CustomResource):
     @pulumi.getter(name="clientCert")
     def client_cert(self) -> pulumi.Output[Optional[str]]:
         """
-        The base64 encoded client certificate data required to communicate with your cluster. Add this to the client-certificate-data section of the kubeconfig file for your cluster.
+        The path of client certificate, like `~/.kube/client-cert.pem`.
         """
         return pulumi.get(self, "client_cert")
 
@@ -1479,26 +1849,36 @@ class ManagedKubernetes(pulumi.CustomResource):
     @pulumi.getter(name="clientKey")
     def client_key(self) -> pulumi.Output[Optional[str]]:
         """
-        The base64 encoded client key data required to communicate with your cluster. Add this to the client-key-data section of the kubeconfig file for your cluster.
+        The path of client key, like `~/.kube/client-key.pem`.
         """
         return pulumi.get(self, "client_key")
 
     @property
     @pulumi.getter(name="clusterCaCert")
     def cluster_ca_cert(self) -> pulumi.Output[Optional[str]]:
+        """
+        The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+
+        *Removed params*
+        """
         return pulumi.get(self, "cluster_ca_cert")
 
     @property
     @pulumi.getter(name="clusterDomain")
     def cluster_domain(self) -> pulumi.Output[Optional[str]]:
         """
-        cluster local domain
+        Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
         """
         return pulumi.get(self, "cluster_domain")
 
     @property
     @pulumi.getter(name="clusterSpec")
     def cluster_spec(self) -> pulumi.Output[str]:
+        """
+        The cluster specifications of kubernetes cluster,which can be empty. Valid values:
+        * ack.standard : Standard managed clusters.
+        * ack.pro.small : Professional managed clusters.
+        """
         return pulumi.get(self, "cluster_spec")
 
     @property
@@ -1512,66 +1892,97 @@ class ManagedKubernetes(pulumi.CustomResource):
     @property
     @pulumi.getter(name="controlPlaneLogComponents")
     def control_plane_log_components(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        List of target components for which logs need to be collected. Supports `apiserver`, `kcm`, `scheduler`, `ccm` and `controlplane-events`.
+        """
         return pulumi.get(self, "control_plane_log_components")
 
     @property
     @pulumi.getter(name="controlPlaneLogProject")
     def control_plane_log_project(self) -> pulumi.Output[str]:
+        """
+        Control plane log project. If this field is not set, a log service project named k8s-log-{ClusterID} will be automatically created.
+        """
         return pulumi.get(self, "control_plane_log_project")
 
     @property
     @pulumi.getter(name="controlPlaneLogTtl")
     def control_plane_log_ttl(self) -> pulumi.Output[str]:
+        """
+        Control plane log retention duration (unit: day). Default `30`. If control plane logs are to be collected, `control_plane_log_ttl` and `control_plane_log_components` must be specified.
+        """
         return pulumi.get(self, "control_plane_log_ttl")
 
     @property
     @pulumi.getter(name="customSan")
     def custom_san(self) -> pulumi.Output[Optional[str]]:
+        """
+        Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
+        > **NOTE:** Make sure you have specified all certificate SANs before updating. Updating this field will lead APIServer to restart.
+        """
         return pulumi.get(self, "custom_san")
 
     @property
     @pulumi.getter(name="deleteOptions")
     def delete_options(self) -> pulumi.Output[Optional[Sequence['outputs.ManagedKubernetesDeleteOption']]]:
+        """
+        Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
+        """
         return pulumi.get(self, "delete_options")
 
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Whether to enable cluster deletion protection.
+        """
         return pulumi.get(self, "deletion_protection")
 
     @property
     @pulumi.getter(name="enableRrsa")
     def enable_rrsa(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
+        """
         return pulumi.get(self, "enable_rrsa")
 
     @property
     @pulumi.getter(name="encryptionProviderKey")
     def encryption_provider_key(self) -> pulumi.Output[Optional[str]]:
         """
-        disk encryption key, only in ack-pro
+        The disk encryption key.
         """
         return pulumi.get(self, "encryption_provider_key")
 
     @property
     @pulumi.getter(name="isEnterpriseSecurityGroup")
     def is_enterprise_security_group(self) -> pulumi.Output[bool]:
+        """
+        Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
+        """
         return pulumi.get(self, "is_enterprise_security_group")
 
     @property
     @pulumi.getter(name="loadBalancerSpec")
     def load_balancer_spec(self) -> pulumi.Output[Optional[str]]:
+        """
+        The cluster api server load balance instance specification, default `slb.s1.small`. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html).
+        """
         return pulumi.get(self, "load_balancer_spec")
 
     @property
     @pulumi.getter(name="maintenanceWindow")
     def maintenance_window(self) -> pulumi.Output['outputs.ManagedKubernetesMaintenanceWindow']:
+        """
+        The cluster maintenance window，effective only in the professional managed cluster. Managed node pool will use it. See `maintenance_window` below.
+        """
         return pulumi.get(self, "maintenance_window")
 
     @property
     @pulumi.getter
     def name(self) -> pulumi.Output[str]:
         """
-        Node name.
+        The kubernetes cluster's name. It is unique in one Alicloud account.
         """
         return pulumi.get(self, "name")
 
@@ -1591,31 +2002,49 @@ class ManagedKubernetes(pulumi.CustomResource):
     @property
     @pulumi.getter(name="newNatGateway")
     def new_nat_gateway(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Whether to create a new nat gateway while creating kubernetes cluster. Default to true. Then openapi in Alibaba Cloud are not all on intranet, So turn this option on is a good choice.
+        """
         return pulumi.get(self, "new_nat_gateway")
 
     @property
     @pulumi.getter(name="nodeCidrMask")
     def node_cidr_mask(self) -> pulumi.Output[Optional[int]]:
+        """
+        The node cidr block to specific how many pods can run on single node. 24-28 is allowed. 24 means 2^(32-24)-1=255 and the node can run at most 255 pods. default: 24
+        """
         return pulumi.get(self, "node_cidr_mask")
 
     @property
     @pulumi.getter(name="podCidr")
     def pod_cidr(self) -> pulumi.Output[Optional[str]]:
+        """
+        [Flannel Specific] The CIDR block for the pod network when using Flannel.
+        """
         return pulumi.get(self, "pod_cidr")
 
     @property
     @pulumi.getter(name="podVswitchIds")
     def pod_vswitch_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        [Terway Specific] The vswitches for the pod network when using Terway. It is recommended that `pod_vswitch_ids` is not belong to `worker_vswitch_ids` but must be in same availability zones.
+        """
         return pulumi.get(self, "pod_vswitch_ids")
 
     @property
     @pulumi.getter(name="proxyMode")
     def proxy_mode(self) -> pulumi.Output[Optional[str]]:
+        """
+        Proxy mode is option of kube-proxy. options: iptables|ipvs. default: ipvs.
+        """
         return pulumi.get(self, "proxy_mode")
 
     @property
     @pulumi.getter(name="resourceGroupId")
     def resource_group_id(self) -> pulumi.Output[str]:
+        """
+        The ID of the resource group,by default these cloud resources are automatically assigned to the default resource group.
+        """
         return pulumi.get(self, "resource_group_id")
 
     @property
@@ -1627,23 +2056,32 @@ class ManagedKubernetes(pulumi.CustomResource):
     @pulumi.getter(name="rrsaMetadata")
     def rrsa_metadata(self) -> pulumi.Output['outputs.ManagedKubernetesRrsaMetadata']:
         """
-        (Optional, Available in v1.185.0+) Nested attribute containing RRSA related data for your cluster.
+        (Optional, Available since v1.185.0) Nested attribute containing RRSA related data for your cluster.
         """
         return pulumi.get(self, "rrsa_metadata")
 
     @property
     @pulumi.getter(name="securityGroupId")
     def security_group_id(self) -> pulumi.Output[str]:
+        """
+        The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
+        """
         return pulumi.get(self, "security_group_id")
 
     @property
     @pulumi.getter(name="serviceAccountIssuer")
     def service_account_issuer(self) -> pulumi.Output[Optional[str]]:
+        """
+        The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
+        """
         return pulumi.get(self, "service_account_issuer")
 
     @property
     @pulumi.getter(name="serviceCidr")
     def service_cidr(self) -> pulumi.Output[Optional[str]]:
+        """
+        The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        """
         return pulumi.get(self, "service_cidr")
 
     @property
@@ -1665,6 +2103,14 @@ class ManagedKubernetes(pulumi.CustomResource):
     @property
     @pulumi.getter(name="slbInternetEnabled")
     def slb_internet_enabled(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Whether to create internet load balancer for API Server. Default to true.
+
+        > **NOTE:** If you want to use `Terway` as CNI network plugin, You need to specify the `pod_vswitch_ids` field and addons with `terway-eniip`.
+        If you want to use `Flannel` as CNI network plugin, You need to specify the `pod_cidr` field and addons with `flannel`.
+
+        *Computed params*
+        """
         return pulumi.get(self, "slb_internet_enabled")
 
     @property
@@ -1678,21 +2124,33 @@ class ManagedKubernetes(pulumi.CustomResource):
     @property
     @pulumi.getter
     def tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
+        """
+        Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
+        """
         return pulumi.get(self, "tags")
 
     @property
     @pulumi.getter
     def timezone(self) -> pulumi.Output[Optional[str]]:
+        """
+        When you create a cluster, set the time zones for the Master and Worker nodes. You can only change the managed node time zone if you create a cluster. Once the cluster is created, you can only change the time zone of the Worker node.
+        """
         return pulumi.get(self, "timezone")
 
     @property
     @pulumi.getter(name="userCa")
     def user_ca(self) -> pulumi.Output[Optional[str]]:
+        """
+        The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
+        """
         return pulumi.get(self, "user_ca")
 
     @property
     @pulumi.getter
     def version(self) -> pulumi.Output[str]:
+        """
+        Desired Kubernetes version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except you set a higher version number. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by ACK.
+        """
         return pulumi.get(self, "version")
 
     @property
@@ -1714,5 +2172,8 @@ class ManagedKubernetes(pulumi.CustomResource):
     @property
     @pulumi.getter(name="workerVswitchIds")
     def worker_vswitch_ids(self) -> pulumi.Output[Sequence[str]]:
+        """
+        The vswitches used by control plane.  See `worker_vswitch_ids` below.
+        """
         return pulumi.get(self, "worker_vswitch_ids")