PyPI - pulumi-alicloud - Versions diffs - 3.77.0a1746076596__py3-none-any.whl → 3.77.0a1746220593__py3-none-any.whl - Mend

pulumi-alicloud 3.77.0a1746076596py3-none-any.whl → 3.77.0a1746220593py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pulumi-alicloud might be problematic. Click here for more details.

Files changed (83) hide show

pulumi_alicloud/__init__.py +72 -0
pulumi_alicloud/_inputs.py +13 -0
pulumi_alicloud/adb/db_cluster_lake_version.py +94 -0
pulumi_alicloud/alb/_inputs.py +6 -3
pulumi_alicloud/alb/outputs.py +4 -2
pulumi_alicloud/apig/environment.py +2 -2
pulumi_alicloud/apig/http_api.py +2 -2
pulumi_alicloud/arms/grafana_workspace.py +56 -14
pulumi_alicloud/cloudfirewall/instance_member.py +4 -4
pulumi_alicloud/cloudfirewall/vpc_cen_tr_firewall.py +2 -2
pulumi_alicloud/cloudsso/_inputs.py +697 -7
pulumi_alicloud/cloudsso/directory.py +345 -65
pulumi_alicloud/cloudsso/outputs.py +557 -8
pulumi_alicloud/config/outputs.py +8 -0
pulumi_alicloud/cs/_inputs.py +18 -18
pulumi_alicloud/cs/edge_kubernetes.py +136 -100
pulumi_alicloud/cs/get_kubernetes_node_pools.py +21 -1
pulumi_alicloud/cs/kubernetes.py +118 -39
pulumi_alicloud/cs/managed_kubernetes.py +125 -46
pulumi_alicloud/cs/outputs.py +14 -14
pulumi_alicloud/cs/serverless_kubernetes.py +66 -73
pulumi_alicloud/ddos/ddos_coo_instance.py +175 -25
pulumi_alicloud/dns/ddos_coo_instance.py +175 -25
pulumi_alicloud/dts/job_monitor_rule.py +2 -2
pulumi_alicloud/dts/synchronization_job.py +2 -2
pulumi_alicloud/ecs/get_instance_types.py +4 -4
pulumi_alicloud/ecs/instance.py +28 -28
pulumi_alicloud/ecs/outputs.py +2 -2
pulumi_alicloud/ecs/security_group_rule.py +32 -4
pulumi_alicloud/eflo/__init__.py +3 -0
pulumi_alicloud/eflo/_inputs.py +623 -0
pulumi_alicloud/eflo/experiment_plan.py +573 -0
pulumi_alicloud/eflo/experiment_plan_template.py +464 -0
pulumi_alicloud/eflo/outputs.py +476 -0
pulumi_alicloud/eflo/resource.py +388 -0
pulumi_alicloud/ens/disk.py +120 -69
pulumi_alicloud/ens/eip.py +45 -41
pulumi_alicloud/esa/__init__.py +2 -0
pulumi_alicloud/esa/scheduled_preload_execution.py +479 -0
pulumi_alicloud/esa/scheduled_preload_job.py +467 -0
pulumi_alicloud/gwlb/listener.py +2 -2
pulumi_alicloud/gwlb/load_balancer.py +2 -2
pulumi_alicloud/gwlb/server_group.py +2 -2
pulumi_alicloud/ims/__init__.py +2 -0
pulumi_alicloud/ims/get_oidc_providers.py +216 -0
pulumi_alicloud/ims/outputs.py +138 -0
pulumi_alicloud/mongodb/__init__.py +2 -0
pulumi_alicloud/mongodb/_inputs.py +154 -0
pulumi_alicloud/mongodb/instance.py +7 -7
pulumi_alicloud/mongodb/outputs.py +121 -0
pulumi_alicloud/mongodb/public_network_address.py +275 -0
pulumi_alicloud/mongodb/replica_set_role.py +533 -0
pulumi_alicloud/nas/_inputs.py +252 -18
pulumi_alicloud/nas/file_system.py +649 -264
pulumi_alicloud/nas/outputs.py +198 -12
pulumi_alicloud/nlb/server_group_server_attachment.py +4 -0
pulumi_alicloud/pai/__init__.py +1 -0
pulumi_alicloud/pai/flow_pipeline.py +491 -0
pulumi_alicloud/pulumi-plugin.json +1 -1
pulumi_alicloud/ram/__init__.py +1 -0
pulumi_alicloud/ram/get_role_policy_attachments.py +272 -0
pulumi_alicloud/ram/outputs.py +63 -0
pulumi_alicloud/ram/security_preference.py +496 -110
pulumi_alicloud/rdc/organization.py +2 -2
pulumi_alicloud/rds/instance.py +1 -1
pulumi_alicloud/sae/application_scaling_rule.py +2 -2
pulumi_alicloud/sae/ingress.py +2 -2
pulumi_alicloud/schedulerx/app_group.py +2 -2
pulumi_alicloud/schedulerx/job.py +2 -2
pulumi_alicloud/selectdb/db_cluster.py +2 -0
pulumi_alicloud/selectdb/db_instance.py +43 -13
pulumi_alicloud/selectdb/get_db_clusters.py +2 -0
pulumi_alicloud/selectdb/get_db_instances.py +2 -0
pulumi_alicloud/selectdb/outputs.py +3 -3
pulumi_alicloud/sls/__init__.py +1 -0
pulumi_alicloud/sls/_inputs.py +295 -0
pulumi_alicloud/sls/etl.py +516 -0
pulumi_alicloud/sls/outputs.py +209 -0
pulumi_alicloud/vpc/network.py +156 -88
{pulumi_alicloud-3.77.0a1746076596.dist-info → pulumi_alicloud-3.77.0a1746220593.dist-info}/METADATA +1 -1
{pulumi_alicloud-3.77.0a1746076596.dist-info → pulumi_alicloud-3.77.0a1746220593.dist-info}/RECORD +83 -71
{pulumi_alicloud-3.77.0a1746076596.dist-info → pulumi_alicloud-3.77.0a1746220593.dist-info}/WHEEL +0 -0
{pulumi_alicloud-3.77.0a1746076596.dist-info → pulumi_alicloud-3.77.0a1746220593.dist-info}/top_level.txt +0 -0

pulumi_alicloud/cs/managed_kubernetes.py CHANGED Viewed

@@ -54,6 +54,7 @@ class ManagedKubernetesArgs:
                  security_group_id: Optional[pulumi.Input[builtins.str]] = None,
                  service_account_issuer: Optional[pulumi.Input[builtins.str]] = None,
                  service_cidr: Optional[pulumi.Input[builtins.str]] = None,
+                 skip_set_certificate_authority: Optional[pulumi.Input[builtins.bool]] = None,
                  slb_internet_enabled: Optional[pulumi.Input[builtins.bool]] = None,
                  tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
                  timezone: Optional[pulumi.Input[builtins.str]] = None,
@@ -65,12 +66,10 @@ class ManagedKubernetesArgs:
         """
         The set of arguments for constructing a ManagedKubernetes resource.
         :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]] addons: The addon you want to install in cluster. See `addons` below. Only works for **Create** Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
-               *Network params*
         :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
-        :param pulumi.Input[builtins.str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
-        :param pulumi.Input[builtins.str] client_key: The path of client key, like `~/.kube/client-key.pem`.
-        :param pulumi.Input[builtins.str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+        :param pulumi.Input[builtins.str] client_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
+        :param pulumi.Input[builtins.str] client_key: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-key.pem) for replace it.
+        :param pulumi.Input[builtins.str] cluster_ca_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
                *Removed params*
         :param pulumi.Input[builtins.str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
@@ -85,7 +84,7 @@ class ManagedKubernetesArgs:
         :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesDeleteOptionArgs']]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
         :param pulumi.Input[builtins.bool] deletion_protection: Whether to enable cluster deletion protection.
         :param pulumi.Input[builtins.bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
-        :param pulumi.Input[builtins.str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[builtins.str] encryption_provider_key: The ID of the Key Management Service (KMS) key that is used to encrypt Kubernetes Secrets.
         :param pulumi.Input[builtins.str] ip_stack: The IP address family that the cluster network uses. Valid values:
         :param pulumi.Input[builtins.bool] is_enterprise_security_group: Enable to create advanced security group. default: false. Only works for **Create** Operation. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
         :param pulumi.Input[builtins.str] load_balancer_spec: The cluster api server load balancer instance specification. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html). Only works for **Create** Operation. The spec will not take effect because the charge of the load balancer has been changed to PayByCLCU.
@@ -105,6 +104,9 @@ class ManagedKubernetesArgs:
                * After updating the control plane security group, the Elastic Network Interfaces (ENIs) used by the control plane and managed components will automatically join the new security group.
         :param pulumi.Input[builtins.str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
         :param pulumi.Input[builtins.str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        :param pulumi.Input[builtins.bool] skip_set_certificate_authority: Configure whether to save certificate authority data for your cluster to attribute `certificate_authority`. For cluster security, recommended configuration as `true`. Will be removed with attribute certificate_authority removed.
+               *Network params*
         :param pulumi.Input[builtins.bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true. Only works for **Create** Operation.
         :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] tags: Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
         :param pulumi.Input[builtins.str] timezone: Cluster timezone, works for control plane and Worker nodes.
@@ -127,10 +129,19 @@ class ManagedKubernetesArgs:
             pulumi.set(__self__, "addons", addons)
         if api_audiences is not None:
             pulumi.set(__self__, "api_audiences", api_audiences)
+        if client_cert is not None:
+            warnings.warn("""Field 'client_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-cert.pem) for replace it.""", DeprecationWarning)
+            pulumi.log.warn("""client_cert is deprecated: Field 'client_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-cert.pem) for replace it.""")
         if client_cert is not None:
             pulumi.set(__self__, "client_cert", client_cert)
+        if client_key is not None:
+            warnings.warn("""Field 'client_key' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_key' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-key.pem) for replace it.""", DeprecationWarning)
+            pulumi.log.warn("""client_key is deprecated: Field 'client_key' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_key' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-key.pem) for replace it.""")
         if client_key is not None:
             pulumi.set(__self__, "client_key", client_key)
+        if cluster_ca_cert is not None:
+            warnings.warn("""Field 'cluster_ca_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.cluster_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.""", DeprecationWarning)
+            pulumi.log.warn("""cluster_ca_cert is deprecated: Field 'cluster_ca_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.cluster_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.""")
         if cluster_ca_cert is not None:
             pulumi.set(__self__, "cluster_ca_cert", cluster_ca_cert)
         if cluster_domain is not None:
@@ -190,6 +201,8 @@ class ManagedKubernetesArgs:
             pulumi.set(__self__, "service_account_issuer", service_account_issuer)
         if service_cidr is not None:
             pulumi.set(__self__, "service_cidr", service_cidr)
+        if skip_set_certificate_authority is not None:
+            pulumi.set(__self__, "skip_set_certificate_authority", skip_set_certificate_authority)
         if slb_internet_enabled is not None:
             pulumi.set(__self__, "slb_internet_enabled", slb_internet_enabled)
         if tags is not None:
@@ -215,8 +228,6 @@ class ManagedKubernetesArgs:
     def addons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]]]:
         """
         The addon you want to install in cluster. See `addons` below. Only works for **Create** Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
-        *Network params*
         """
         return pulumi.get(self, "addons")
@@ -238,9 +249,10 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="clientCert")
+    @_utilities.deprecated("""Field 'client_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-cert.pem) for replace it.""")
     def client_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The path of client certificate, like `~/.kube/client-cert.pem`.
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
         """
         return pulumi.get(self, "client_cert")
@@ -250,9 +262,10 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="clientKey")
+    @_utilities.deprecated("""Field 'client_key' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_key' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-key.pem) for replace it.""")
     def client_key(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The path of client key, like `~/.kube/client-key.pem`.
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-key.pem) for replace it.
         """
         return pulumi.get(self, "client_key")
@@ -262,9 +275,10 @@ class ManagedKubernetesArgs:
     @property
     @pulumi.getter(name="clusterCaCert")
+    @_utilities.deprecated("""Field 'cluster_ca_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.cluster_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.""")
     def cluster_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
         *Removed params*
         """
@@ -389,7 +403,7 @@ class ManagedKubernetesArgs:
     @pulumi.getter(name="encryptionProviderKey")
     def encryption_provider_key(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The disk encryption key.
+        The ID of the Key Management Service (KMS) key that is used to encrypt Kubernetes Secrets.
         """
         return pulumi.get(self, "encryption_provider_key")
@@ -600,6 +614,20 @@ class ManagedKubernetesArgs:
     def service_cidr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "service_cidr", value)
+    @property
+    @pulumi.getter(name="skipSetCertificateAuthority")
+    def skip_set_certificate_authority(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Configure whether to save certificate authority data for your cluster to attribute `certificate_authority`. For cluster security, recommended configuration as `true`. Will be removed with attribute certificate_authority removed.
+        *Network params*
+        """
+        return pulumi.get(self, "skip_set_certificate_authority")
+    @skip_set_certificate_authority.setter
+    def skip_set_certificate_authority(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "skip_set_certificate_authority", value)
     @property
     @pulumi.getter(name="slbInternetEnabled")
     def slb_internet_enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
@@ -746,6 +774,7 @@ class _ManagedKubernetesState:
                  security_group_id: Optional[pulumi.Input[builtins.str]] = None,
                  service_account_issuer: Optional[pulumi.Input[builtins.str]] = None,
                  service_cidr: Optional[pulumi.Input[builtins.str]] = None,
+                 skip_set_certificate_authority: Optional[pulumi.Input[builtins.bool]] = None,
                  slb_id: Optional[pulumi.Input[builtins.str]] = None,
                  slb_internet: Optional[pulumi.Input[builtins.str]] = None,
                  slb_internet_enabled: Optional[pulumi.Input[builtins.bool]] = None,
@@ -762,13 +791,11 @@ class _ManagedKubernetesState:
         """
         Input properties used for looking up and filtering ManagedKubernetes resources.
         :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]] addons: The addon you want to install in cluster. See `addons` below. Only works for **Create** Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
-               *Network params*
         :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
-        :param pulumi.Input['ManagedKubernetesCertificateAuthorityArgs'] certificate_authority: (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
-        :param pulumi.Input[builtins.str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
-        :param pulumi.Input[builtins.str] client_key: The path of client key, like `~/.kube/client-key.pem`.
-        :param pulumi.Input[builtins.str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+        :param pulumi.Input['ManagedKubernetesCertificateAuthorityArgs'] certificate_authority: (Map, Deprecated from v1.248.0) Nested attribute containing certificate authority data for your cluster. Please use the attribute certificate_authority of new DataSource `cs_get_cluster_credential` to replace it.
+        :param pulumi.Input[builtins.str] client_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
+        :param pulumi.Input[builtins.str] client_key: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-key.pem) for replace it.
+        :param pulumi.Input[builtins.str] cluster_ca_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
                *Removed params*
         :param pulumi.Input[builtins.str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
@@ -784,7 +811,7 @@ class _ManagedKubernetesState:
         :param pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesDeleteOptionArgs']]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
         :param pulumi.Input[builtins.bool] deletion_protection: Whether to enable cluster deletion protection.
         :param pulumi.Input[builtins.bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
-        :param pulumi.Input[builtins.str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[builtins.str] encryption_provider_key: The ID of the Key Management Service (KMS) key that is used to encrypt Kubernetes Secrets.
         :param pulumi.Input[builtins.str] ip_stack: The IP address family that the cluster network uses. Valid values:
         :param pulumi.Input[builtins.bool] is_enterprise_security_group: Enable to create advanced security group. default: false. Only works for **Create** Operation. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
         :param pulumi.Input[builtins.str] load_balancer_spec: The cluster api server load balancer instance specification. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html). Only works for **Create** Operation. The spec will not take effect because the charge of the load balancer has been changed to PayByCLCU.
@@ -806,6 +833,9 @@ class _ManagedKubernetesState:
                * After updating the control plane security group, the Elastic Network Interfaces (ENIs) used by the control plane and managed components will automatically join the new security group.
         :param pulumi.Input[builtins.str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
         :param pulumi.Input[builtins.str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        :param pulumi.Input[builtins.bool] skip_set_certificate_authority: Configure whether to save certificate authority data for your cluster to attribute `certificate_authority`. For cluster security, recommended configuration as `true`. Will be removed with attribute certificate_authority removed.
+               *Network params*
         :param pulumi.Input[builtins.str] slb_id: The ID of APIServer load balancer.
         :param pulumi.Input[builtins.str] slb_internet: The public ip of load balancer.
         :param pulumi.Input[builtins.bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true. Only works for **Create** Operation.
@@ -833,12 +863,24 @@ class _ManagedKubernetesState:
             pulumi.set(__self__, "addons", addons)
         if api_audiences is not None:
             pulumi.set(__self__, "api_audiences", api_audiences)
+        if certificate_authority is not None:
+            warnings.warn("""Field 'certificate_authority' has been deprecated from provider version 1.248.0. Please use the attribute 'certificate_authority' of new DataSource 'alicloud_cs_cluster_credential' to replace it.""", DeprecationWarning)
+            pulumi.log.warn("""certificate_authority is deprecated: Field 'certificate_authority' has been deprecated from provider version 1.248.0. Please use the attribute 'certificate_authority' of new DataSource 'alicloud_cs_cluster_credential' to replace it.""")
         if certificate_authority is not None:
             pulumi.set(__self__, "certificate_authority", certificate_authority)
+        if client_cert is not None:
+            warnings.warn("""Field 'client_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-cert.pem) for replace it.""", DeprecationWarning)
+            pulumi.log.warn("""client_cert is deprecated: Field 'client_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-cert.pem) for replace it.""")
         if client_cert is not None:
             pulumi.set(__self__, "client_cert", client_cert)
+        if client_key is not None:
+            warnings.warn("""Field 'client_key' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_key' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-key.pem) for replace it.""", DeprecationWarning)
+            pulumi.log.warn("""client_key is deprecated: Field 'client_key' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_key' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-key.pem) for replace it.""")
         if client_key is not None:
             pulumi.set(__self__, "client_key", client_key)
+        if cluster_ca_cert is not None:
+            warnings.warn("""Field 'cluster_ca_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.cluster_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.""", DeprecationWarning)
+            pulumi.log.warn("""cluster_ca_cert is deprecated: Field 'cluster_ca_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.cluster_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.""")
         if cluster_ca_cert is not None:
             pulumi.set(__self__, "cluster_ca_cert", cluster_ca_cert)
         if cluster_domain is not None:
@@ -904,6 +946,8 @@ class _ManagedKubernetesState:
             pulumi.set(__self__, "service_account_issuer", service_account_issuer)
         if service_cidr is not None:
             pulumi.set(__self__, "service_cidr", service_cidr)
+        if skip_set_certificate_authority is not None:
+            pulumi.set(__self__, "skip_set_certificate_authority", skip_set_certificate_authority)
         if slb_id is not None:
             pulumi.set(__self__, "slb_id", slb_id)
         if slb_internet is not None:
@@ -939,8 +983,6 @@ class _ManagedKubernetesState:
     def addons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ManagedKubernetesAddonArgs']]]]:
         """
         The addon you want to install in cluster. See `addons` below. Only works for **Create** Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
-        *Network params*
         """
         return pulumi.get(self, "addons")
@@ -962,9 +1004,10 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="certificateAuthority")
+    @_utilities.deprecated("""Field 'certificate_authority' has been deprecated from provider version 1.248.0. Please use the attribute 'certificate_authority' of new DataSource 'alicloud_cs_cluster_credential' to replace it.""")
     def certificate_authority(self) -> Optional[pulumi.Input['ManagedKubernetesCertificateAuthorityArgs']]:
         """
-        (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
+        (Map, Deprecated from v1.248.0) Nested attribute containing certificate authority data for your cluster. Please use the attribute certificate_authority of new DataSource `cs_get_cluster_credential` to replace it.
         """
         return pulumi.get(self, "certificate_authority")
@@ -974,9 +1017,10 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="clientCert")
+    @_utilities.deprecated("""Field 'client_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-cert.pem) for replace it.""")
     def client_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The path of client certificate, like `~/.kube/client-cert.pem`.
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
         """
         return pulumi.get(self, "client_cert")
@@ -986,9 +1030,10 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="clientKey")
+    @_utilities.deprecated("""Field 'client_key' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_key' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-key.pem) for replace it.""")
     def client_key(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The path of client key, like `~/.kube/client-key.pem`.
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-key.pem) for replace it.
         """
         return pulumi.get(self, "client_key")
@@ -998,9 +1043,10 @@ class _ManagedKubernetesState:
     @property
     @pulumi.getter(name="clusterCaCert")
+    @_utilities.deprecated("""Field 'cluster_ca_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.cluster_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.""")
     def cluster_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
         *Removed params*
         """
@@ -1137,7 +1183,7 @@ class _ManagedKubernetesState:
     @pulumi.getter(name="encryptionProviderKey")
     def encryption_provider_key(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The disk encryption key.
+        The ID of the Key Management Service (KMS) key that is used to encrypt Kubernetes Secrets.
         """
         return pulumi.get(self, "encryption_provider_key")
@@ -1372,6 +1418,20 @@ class _ManagedKubernetesState:
     def service_cidr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "service_cidr", value)
+    @property
+    @pulumi.getter(name="skipSetCertificateAuthority")
+    def skip_set_certificate_authority(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Configure whether to save certificate authority data for your cluster to attribute `certificate_authority`. For cluster security, recommended configuration as `true`. Will be removed with attribute certificate_authority removed.
+        *Network params*
+        """
+        return pulumi.get(self, "skip_set_certificate_authority")
+    @skip_set_certificate_authority.setter
+    def skip_set_certificate_authority(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "skip_set_certificate_authority", value)
     @property
     @pulumi.getter(name="slbId")
     def slb_id(self) -> Optional[pulumi.Input[builtins.str]]:
@@ -1579,6 +1639,7 @@ class ManagedKubernetes(pulumi.CustomResource):
                  security_group_id: Optional[pulumi.Input[builtins.str]] = None,
                  service_account_issuer: Optional[pulumi.Input[builtins.str]] = None,
                  service_cidr: Optional[pulumi.Input[builtins.str]] = None,
+                 skip_set_certificate_authority: Optional[pulumi.Input[builtins.bool]] = None,
                  slb_internet_enabled: Optional[pulumi.Input[builtins.bool]] = None,
                  tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
                  timezone: Optional[pulumi.Input[builtins.str]] = None,
@@ -1632,12 +1693,10 @@ class ManagedKubernetes(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesAddonArgs', 'ManagedKubernetesAddonArgsDict']]]] addons: The addon you want to install in cluster. See `addons` below. Only works for **Create** Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
-               *Network params*
         :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
-        :param pulumi.Input[builtins.str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
-        :param pulumi.Input[builtins.str] client_key: The path of client key, like `~/.kube/client-key.pem`.
-        :param pulumi.Input[builtins.str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+        :param pulumi.Input[builtins.str] client_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
+        :param pulumi.Input[builtins.str] client_key: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-key.pem) for replace it.
+        :param pulumi.Input[builtins.str] cluster_ca_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
                *Removed params*
         :param pulumi.Input[builtins.str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
@@ -1652,7 +1711,7 @@ class ManagedKubernetes(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesDeleteOptionArgs', 'ManagedKubernetesDeleteOptionArgsDict']]]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
         :param pulumi.Input[builtins.bool] deletion_protection: Whether to enable cluster deletion protection.
         :param pulumi.Input[builtins.bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
-        :param pulumi.Input[builtins.str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[builtins.str] encryption_provider_key: The ID of the Key Management Service (KMS) key that is used to encrypt Kubernetes Secrets.
         :param pulumi.Input[builtins.str] ip_stack: The IP address family that the cluster network uses. Valid values:
         :param pulumi.Input[builtins.bool] is_enterprise_security_group: Enable to create advanced security group. default: false. Only works for **Create** Operation. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
         :param pulumi.Input[builtins.str] load_balancer_spec: The cluster api server load balancer instance specification. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html). Only works for **Create** Operation. The spec will not take effect because the charge of the load balancer has been changed to PayByCLCU.
@@ -1672,6 +1731,9 @@ class ManagedKubernetes(pulumi.CustomResource):
                * After updating the control plane security group, the Elastic Network Interfaces (ENIs) used by the control plane and managed components will automatically join the new security group.
         :param pulumi.Input[builtins.str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
         :param pulumi.Input[builtins.str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        :param pulumi.Input[builtins.bool] skip_set_certificate_authority: Configure whether to save certificate authority data for your cluster to attribute `certificate_authority`. For cluster security, recommended configuration as `true`. Will be removed with attribute certificate_authority removed.
+               *Network params*
         :param pulumi.Input[builtins.bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true. Only works for **Create** Operation.
         :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] tags: Default nil, A map of tags assigned to the kubernetes cluster and work nodes. See `tags` below.
         :param pulumi.Input[builtins.str] timezone: Cluster timezone, works for control plane and Worker nodes.
@@ -1784,6 +1846,7 @@ class ManagedKubernetes(pulumi.CustomResource):
                  security_group_id: Optional[pulumi.Input[builtins.str]] = None,
                  service_account_issuer: Optional[pulumi.Input[builtins.str]] = None,
                  service_cidr: Optional[pulumi.Input[builtins.str]] = None,
+                 skip_set_certificate_authority: Optional[pulumi.Input[builtins.bool]] = None,
                  slb_internet_enabled: Optional[pulumi.Input[builtins.bool]] = None,
                  tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
                  timezone: Optional[pulumi.Input[builtins.str]] = None,
@@ -1833,6 +1896,7 @@ class ManagedKubernetes(pulumi.CustomResource):
             __props__.__dict__["security_group_id"] = security_group_id
             __props__.__dict__["service_account_issuer"] = service_account_issuer
             __props__.__dict__["service_cidr"] = service_cidr
+            __props__.__dict__["skip_set_certificate_authority"] = skip_set_certificate_authority
             __props__.__dict__["slb_internet_enabled"] = slb_internet_enabled
             __props__.__dict__["tags"] = tags
             __props__.__dict__["timezone"] = timezone
@@ -1896,6 +1960,7 @@ class ManagedKubernetes(pulumi.CustomResource):
             security_group_id: Optional[pulumi.Input[builtins.str]] = None,
             service_account_issuer: Optional[pulumi.Input[builtins.str]] = None,
             service_cidr: Optional[pulumi.Input[builtins.str]] = None,
+            skip_set_certificate_authority: Optional[pulumi.Input[builtins.bool]] = None,
             slb_id: Optional[pulumi.Input[builtins.str]] = None,
             slb_internet: Optional[pulumi.Input[builtins.str]] = None,
             slb_internet_enabled: Optional[pulumi.Input[builtins.bool]] = None,
@@ -1917,13 +1982,11 @@ class ManagedKubernetes(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesAddonArgs', 'ManagedKubernetesAddonArgsDict']]]] addons: The addon you want to install in cluster. See `addons` below. Only works for **Create** Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
-               *Network params*
         :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] api_audiences: A list of API audiences for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm). Set this to `["https://kubernetes.default.svc"]` if you want to enable the Token Volume Projection feature (requires specifying `service_account_issuer` as well. From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
-        :param pulumi.Input[Union['ManagedKubernetesCertificateAuthorityArgs', 'ManagedKubernetesCertificateAuthorityArgsDict']] certificate_authority: (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
-        :param pulumi.Input[builtins.str] client_cert: The path of client certificate, like `~/.kube/client-cert.pem`.
-        :param pulumi.Input[builtins.str] client_key: The path of client key, like `~/.kube/client-key.pem`.
-        :param pulumi.Input[builtins.str] cluster_ca_cert: The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+        :param pulumi.Input[Union['ManagedKubernetesCertificateAuthorityArgs', 'ManagedKubernetesCertificateAuthorityArgsDict']] certificate_authority: (Map, Deprecated from v1.248.0) Nested attribute containing certificate authority data for your cluster. Please use the attribute certificate_authority of new DataSource `cs_get_cluster_credential` to replace it.
+        :param pulumi.Input[builtins.str] client_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
+        :param pulumi.Input[builtins.str] client_key: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-key.pem) for replace it.
+        :param pulumi.Input[builtins.str] cluster_ca_cert: From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
                *Removed params*
         :param pulumi.Input[builtins.str] cluster_domain: Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
@@ -1939,7 +2002,7 @@ class ManagedKubernetes(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[Union['ManagedKubernetesDeleteOptionArgs', 'ManagedKubernetesDeleteOptionArgsDict']]]] delete_options: Delete options, only work for deleting resource. Make sure you have run `pulumi up` to make the configuration applied. See `delete_options` below.
         :param pulumi.Input[builtins.bool] deletion_protection: Whether to enable cluster deletion protection.
         :param pulumi.Input[builtins.bool] enable_rrsa: Whether to enable cluster to support RRSA for kubernetes version 1.22.3+. Default to `false`. Once the RRSA function is turned on, it is not allowed to turn off. If your cluster has enabled this function, please manually modify your tf file and add the rrsa configuration to the file, learn more [RAM Roles for Service Accounts](https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/use-rrsa-to-enforce-access-control).
-        :param pulumi.Input[builtins.str] encryption_provider_key: The disk encryption key.
+        :param pulumi.Input[builtins.str] encryption_provider_key: The ID of the Key Management Service (KMS) key that is used to encrypt Kubernetes Secrets.
         :param pulumi.Input[builtins.str] ip_stack: The IP address family that the cluster network uses. Valid values:
         :param pulumi.Input[builtins.bool] is_enterprise_security_group: Enable to create advanced security group. default: false. Only works for **Create** Operation. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm).
         :param pulumi.Input[builtins.str] load_balancer_spec: The cluster api server load balancer instance specification. For more information on how to select a LB instance specification, see [SLB instance overview](https://help.aliyun.com/document_detail/85931.html). Only works for **Create** Operation. The spec will not take effect because the charge of the load balancer has been changed to PayByCLCU.
@@ -1961,6 +2024,9 @@ class ManagedKubernetes(pulumi.CustomResource):
                * After updating the control plane security group, the Elastic Network Interfaces (ENIs) used by the control plane and managed components will automatically join the new security group.
         :param pulumi.Input[builtins.str] service_account_issuer: The issuer of the Service Account token for [Service Account Token Volume Projection](https://www.alibabacloud.com/help/doc-detail/160384.htm), corresponds to the `iss` field in the token payload. Set this to `"https://kubernetes.default.svc"` to enable the Token Volume Projection feature (requires specifying `api_audiences` as well). From cluster version 1.22, Service Account Token Volume Projection will be enabled by default.
         :param pulumi.Input[builtins.str] service_cidr: The CIDR block for the service network. It cannot be duplicated with the VPC CIDR and CIDR used by Kubernetes cluster in VPC, cannot be modified after creation.
+        :param pulumi.Input[builtins.bool] skip_set_certificate_authority: Configure whether to save certificate authority data for your cluster to attribute `certificate_authority`. For cluster security, recommended configuration as `true`. Will be removed with attribute certificate_authority removed.
+               *Network params*
         :param pulumi.Input[builtins.str] slb_id: The ID of APIServer load balancer.
         :param pulumi.Input[builtins.str] slb_internet: The public ip of load balancer.
         :param pulumi.Input[builtins.bool] slb_internet_enabled: Whether to create internet load balancer for API Server. Default to true. Only works for **Create** Operation.
@@ -2024,6 +2090,7 @@ class ManagedKubernetes(pulumi.CustomResource):
         __props__.__dict__["security_group_id"] = security_group_id
         __props__.__dict__["service_account_issuer"] = service_account_issuer
         __props__.__dict__["service_cidr"] = service_cidr
+        __props__.__dict__["skip_set_certificate_authority"] = skip_set_certificate_authority
         __props__.__dict__["slb_id"] = slb_id
         __props__.__dict__["slb_internet"] = slb_internet
         __props__.__dict__["slb_internet_enabled"] = slb_internet_enabled
@@ -2044,8 +2111,6 @@ class ManagedKubernetes(pulumi.CustomResource):
     def addons(self) -> pulumi.Output[Optional[Sequence['outputs.ManagedKubernetesAddon']]]:
         """
         The addon you want to install in cluster. See `addons` below. Only works for **Create** Operation, use resource cs_kubernetes_addon to manage addons if cluster is created.
-        *Network params*
         """
         return pulumi.get(self, "addons")
@@ -2059,33 +2124,37 @@ class ManagedKubernetes(pulumi.CustomResource):
     @property
     @pulumi.getter(name="certificateAuthority")
+    @_utilities.deprecated("""Field 'certificate_authority' has been deprecated from provider version 1.248.0. Please use the attribute 'certificate_authority' of new DataSource 'alicloud_cs_cluster_credential' to replace it.""")
     def certificate_authority(self) -> pulumi.Output['outputs.ManagedKubernetesCertificateAuthority']:
         """
-        (Available since v1.105.0) Nested attribute containing certificate authority data for your cluster.
+        (Map, Deprecated from v1.248.0) Nested attribute containing certificate authority data for your cluster. Please use the attribute certificate_authority of new DataSource `cs_get_cluster_credential` to replace it.
         """
         return pulumi.get(self, "certificate_authority")
     @property
     @pulumi.getter(name="clientCert")
+    @_utilities.deprecated("""Field 'client_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-cert.pem) for replace it.""")
     def client_cert(self) -> pulumi.Output[Optional[builtins.str]]:
         """
-        The path of client certificate, like `~/.kube/client-cert.pem`.
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-cert.pem) for replace it.
         """
         return pulumi.get(self, "client_cert")
     @property
     @pulumi.getter(name="clientKey")
+    @_utilities.deprecated("""Field 'client_key' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.client_key' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/client-key.pem) for replace it.""")
     def client_key(self) -> pulumi.Output[Optional[builtins.str]]:
         """
-        The path of client key, like `~/.kube/client-key.pem`.
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.client_key attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/client-key.pem) for replace it.
         """
         return pulumi.get(self, "client_key")
     @property
     @pulumi.getter(name="clusterCaCert")
+    @_utilities.deprecated("""Field 'cluster_ca_cert' has been deprecated from provider version 1.248.0. From version 1.248.0, new DataSource 'alicloud_cs_cluster_credential' is recommended to manage cluster's kubeconfig, you can also save the 'certificate_authority.cluster_cert' attribute content of new DataSource 'alicloud_cs_cluster_credential' to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.""")
     def cluster_ca_cert(self) -> pulumi.Output[Optional[builtins.str]]:
         """
-        The path of cluster ca certificate, like `~/.kube/cluster-ca-cert.pem`
+        From version 1.248.0, new DataSource `cs_get_cluster_credential` is recommended to manage cluster's kubeconfig, you can also save the certificate_authority.cluster_cert attribute content of new DataSource `cs_get_cluster_credential` to an appropriate path(like ~/.kube/cluster-ca-cert.pem) for replace it.
         *Removed params*
         """
@@ -2178,7 +2247,7 @@ class ManagedKubernetes(pulumi.CustomResource):
     @pulumi.getter(name="encryptionProviderKey")
     def encryption_provider_key(self) -> pulumi.Output[Optional[builtins.str]]:
         """
-        The disk encryption key.
+        The ID of the Key Management Service (KMS) key that is used to encrypt Kubernetes Secrets.
         """
         return pulumi.get(self, "encryption_provider_key")
@@ -2333,6 +2402,16 @@ class ManagedKubernetes(pulumi.CustomResource):
         """
         return pulumi.get(self, "service_cidr")
+    @property
+    @pulumi.getter(name="skipSetCertificateAuthority")
+    def skip_set_certificate_authority(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        Configure whether to save certificate authority data for your cluster to attribute `certificate_authority`. For cluster security, recommended configuration as `true`. Will be removed with attribute certificate_authority removed.
+        *Network params*
+        """
+        return pulumi.get(self, "skip_set_certificate_authority")
     @property
     @pulumi.getter(name="slbId")
     def slb_id(self) -> pulumi.Output[builtins.str]:

pulumi-alicloud 3.77.0a1746076596__py3-none-any.whl → 3.77.0a1746220593__py3-none-any.whl

Potentially problematic release.

pulumi-alicloud 3.77.0a1746076596py3-none-any.whl → 3.77.0a1746220593py3-none-any.whl