Docs Home
tencentcloud 1.81.183 published on Wednesday, Apr 16, 2025 by tencentcloudstack
tencentcloud.KubernetesAuthAttachment
Explore with Pulumi AI
tencentcloud 1.81.183 published on Wednesday, Apr 16, 2025 by tencentcloudstack
Provide a resource to configure kubernetes cluster authentication info.
NOTE: Only available for cluster version >= 1.20
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const config = new pulumi.Config();
const availabilityZone = config.get("availabilityZone") || "ap-guangzhou-3";
const clusterCidr = config.get("clusterCidr") || "172.16.0.0/16";
const defaultInstanceType = config.get("defaultInstanceType") || "S1.SMALL1";
const _default = tencentcloud.getImages({
imageTypes: ["PUBLIC_IMAGE"],
osName: "centos",
});
const vpc = tencentcloud.getVpcSubnets({
isDefault: true,
availabilityZone: availabilityZone,
});
const managedCluster = new tencentcloud.KubernetesCluster("managedCluster", {
vpcId: vpc.then(vpc => vpc.instanceLists?.[0]?.vpcId),
clusterCidr: "10.31.0.0/16",
clusterMaxPodNum: 32,
clusterName: "keep",
clusterDesc: "test cluster desc",
clusterVersion: "1.20.6",
clusterMaxServiceNum: 32,
workerConfigs: [{
count: 1,
availabilityZone: availabilityZone,
instanceType: defaultInstanceType,
systemDiskType: "CLOUD_SSD",
systemDiskSize: 60,
internetChargeType: "TRAFFIC_POSTPAID_BY_HOUR",
internetMaxBandwidthOut: 100,
publicIpAssigned: true,
subnetId: vpc.then(vpc => vpc.instanceLists?.[0]?.subnetId),
dataDisks: [{
diskType: "CLOUD_PREMIUM",
diskSize: 50,
}],
enhancedSecurityService: false,
enhancedMonitorService: false,
userData: "dGVzdA==",
password: "ZZXXccvv1212",
}],
clusterDeployType: "MANAGED_CLUSTER",
});
const example = new tencentcloud.KubernetesAuthAttachment("example", {
clusterId: managedCluster.kubernetesClusterId,
jwksUri: pulumi.interpolate`https://${managedCluster.kubernetesClusterId}.ccs.tencent-cloud.com/openid/v1/jwks`,
issuer: pulumi.interpolate`https://${managedCluster.kubernetesClusterId}.ccs.tencent-cloud.com`,
autoCreateDiscoveryAnonymousAuth: true,
});
import pulumi
import pulumi_tencentcloud as tencentcloud
config = pulumi.Config()
availability_zone = config.get("availabilityZone")
if availability_zone is None:
availability_zone = "ap-guangzhou-3"
cluster_cidr = config.get("clusterCidr")
if cluster_cidr is None:
cluster_cidr = "172.16.0.0/16"
default_instance_type = config.get("defaultInstanceType")
if default_instance_type is None:
default_instance_type = "S1.SMALL1"
default = tencentcloud.get_images(image_types=["PUBLIC_IMAGE"],
os_name="centos")
vpc = tencentcloud.get_vpc_subnets(is_default=True,
availability_zone=availability_zone)
managed_cluster = tencentcloud.KubernetesCluster("managedCluster",
vpc_id=vpc.instance_lists[0].vpc_id,
cluster_cidr="10.31.0.0/16",
cluster_max_pod_num=32,
cluster_name="keep",
cluster_desc="test cluster desc",
cluster_version="1.20.6",
cluster_max_service_num=32,
worker_configs=[{
"count": 1,
"availability_zone": availability_zone,
"instance_type": default_instance_type,
"system_disk_type": "CLOUD_SSD",
"system_disk_size": 60,
"internet_charge_type": "TRAFFIC_POSTPAID_BY_HOUR",
"internet_max_bandwidth_out": 100,
"public_ip_assigned": True,
"subnet_id": vpc.instance_lists[0].subnet_id,
"data_disks": [{
"disk_type": "CLOUD_PREMIUM",
"disk_size": 50,
}],
"enhanced_security_service": False,
"enhanced_monitor_service": False,
"user_data": "dGVzdA==",
"password": "ZZXXccvv1212",
}],
cluster_deploy_type="MANAGED_CLUSTER")
example = tencentcloud.KubernetesAuthAttachment("example",
cluster_id=managed_cluster.kubernetes_cluster_id,
jwks_uri=managed_cluster.kubernetes_cluster_id.apply(lambda kubernetes_cluster_id: f"https://{kubernetes_cluster_id}.ccs.tencent-cloud.com/openid/v1/jwks"),
issuer=managed_cluster.kubernetes_cluster_id.apply(lambda kubernetes_cluster_id: f"https://{kubernetes_cluster_id}.ccs.tencent-cloud.com"),
auto_create_discovery_anonymous_auth=True)
package main
import (
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
availabilityZone := "ap-guangzhou-3"
if param := cfg.Get("availabilityZone"); param != "" {
availabilityZone = param
}
clusterCidr := "172.16.0.0/16"
if param := cfg.Get("clusterCidr"); param != "" {
clusterCidr = param
}
defaultInstanceType := "S1.SMALL1"
if param := cfg.Get("defaultInstanceType"); param != "" {
defaultInstanceType = param
}
_, err := tencentcloud.GetImages(ctx, &tencentcloud.GetImagesArgs{
ImageTypes: []string{
"PUBLIC_IMAGE",
},
OsName: pulumi.StringRef("centos"),
}, nil)
if err != nil {
return err
}
vpc, err := tencentcloud.GetVpcSubnets(ctx, &tencentcloud.GetVpcSubnetsArgs{
IsDefault: pulumi.BoolRef(true),
AvailabilityZone: pulumi.StringRef(availabilityZone),
}, nil)
if err != nil {
return err
}
managedCluster, err := tencentcloud.NewKubernetesCluster(ctx, "managedCluster", &tencentcloud.KubernetesClusterArgs{
VpcId: pulumi.String(vpc.InstanceLists[0].VpcId),
ClusterCidr: pulumi.String("10.31.0.0/16"),
ClusterMaxPodNum: pulumi.Float64(32),
ClusterName: pulumi.String("keep"),
ClusterDesc: pulumi.String("test cluster desc"),
ClusterVersion: pulumi.String("1.20.6"),
ClusterMaxServiceNum: pulumi.Float64(32),
WorkerConfigs: tencentcloud.KubernetesClusterWorkerConfigArray{
&tencentcloud.KubernetesClusterWorkerConfigArgs{
Count: pulumi.Float64(1),
AvailabilityZone: pulumi.String(availabilityZone),
InstanceType: pulumi.String(defaultInstanceType),
SystemDiskType: pulumi.String("CLOUD_SSD"),
SystemDiskSize: pulumi.Float64(60),
InternetChargeType: pulumi.String("TRAFFIC_POSTPAID_BY_HOUR"),
InternetMaxBandwidthOut: pulumi.Float64(100),
PublicIpAssigned: pulumi.Bool(true),
SubnetId: pulumi.String(vpc.InstanceLists[0].SubnetId),
DataDisks: tencentcloud.KubernetesClusterWorkerConfigDataDiskArray{
&tencentcloud.KubernetesClusterWorkerConfigDataDiskArgs{
DiskType: pulumi.String("CLOUD_PREMIUM"),
DiskSize: pulumi.Float64(50),
},
},
EnhancedSecurityService: pulumi.Bool(false),
EnhancedMonitorService: pulumi.Bool(false),
UserData: pulumi.String("dGVzdA=="),
Password: pulumi.String("ZZXXccvv1212"),
},
},
ClusterDeployType: pulumi.String("MANAGED_CLUSTER"),
})
if err != nil {
return err
}
_, err = tencentcloud.NewKubernetesAuthAttachment(ctx, "example", &tencentcloud.KubernetesAuthAttachmentArgs{
ClusterId: managedCluster.KubernetesClusterId,
JwksUri: managedCluster.KubernetesClusterId.ApplyT(func(kubernetesClusterId string) (string, error) {
return fmt.Sprintf("https://%v.ccs.tencent-cloud.com/openid/v1/jwks", kubernetesClusterId), nil
}).(pulumi.StringOutput),
Issuer: managedCluster.KubernetesClusterId.ApplyT(func(kubernetesClusterId string) (string, error) {
return fmt.Sprintf("https://%v.ccs.tencent-cloud.com", kubernetesClusterId), nil
}).(pulumi.StringOutput),
AutoCreateDiscoveryAnonymousAuth: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var availabilityZone = config.Get("availabilityZone") ?? "ap-guangzhou-3";
var clusterCidr = config.Get("clusterCidr") ?? "172.16.0.0/16";
var defaultInstanceType = config.Get("defaultInstanceType") ?? "S1.SMALL1";
var @default = Tencentcloud.GetImages.Invoke(new()
{
ImageTypes = new[]
{
"PUBLIC_IMAGE",
},
OsName = "centos",
});
var vpc = Tencentcloud.GetVpcSubnets.Invoke(new()
{
IsDefault = true,
AvailabilityZone = availabilityZone,
});
var managedCluster = new Tencentcloud.KubernetesCluster("managedCluster", new()
{
VpcId = vpc.Apply(getVpcSubnetsResult => getVpcSubnetsResult.InstanceLists[0]?.VpcId),
ClusterCidr = "10.31.0.0/16",
ClusterMaxPodNum = 32,
ClusterName = "keep",
ClusterDesc = "test cluster desc",
ClusterVersion = "1.20.6",
ClusterMaxServiceNum = 32,
WorkerConfigs = new[]
{
new Tencentcloud.Inputs.KubernetesClusterWorkerConfigArgs
{
Count = 1,
AvailabilityZone = availabilityZone,
InstanceType = defaultInstanceType,
SystemDiskType = "CLOUD_SSD",
SystemDiskSize = 60,
InternetChargeType = "TRAFFIC_POSTPAID_BY_HOUR",
InternetMaxBandwidthOut = 100,
PublicIpAssigned = true,
SubnetId = vpc.Apply(getVpcSubnetsResult => getVpcSubnetsResult.InstanceLists[0]?.SubnetId),
DataDisks = new[]
{
new Tencentcloud.Inputs.KubernetesClusterWorkerConfigDataDiskArgs
{
DiskType = "CLOUD_PREMIUM",
DiskSize = 50,
},
},
EnhancedSecurityService = false,
EnhancedMonitorService = false,
UserData = "dGVzdA==",
Password = "ZZXXccvv1212",
},
},
ClusterDeployType = "MANAGED_CLUSTER",
});
var example = new Tencentcloud.KubernetesAuthAttachment("example", new()
{
ClusterId = managedCluster.KubernetesClusterId,
JwksUri = managedCluster.KubernetesClusterId.Apply(kubernetesClusterId => $"https://{kubernetesClusterId}.ccs.tencent-cloud.com/openid/v1/jwks"),
Issuer = managedCluster.KubernetesClusterId.Apply(kubernetesClusterId => $"https://{kubernetesClusterId}.ccs.tencent-cloud.com"),
AutoCreateDiscoveryAnonymousAuth = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.TencentcloudFunctions;
import com.pulumi.tencentcloud.inputs.GetImagesArgs;
import com.pulumi.tencentcloud.inputs.GetVpcSubnetsArgs;
import com.pulumi.tencentcloud.KubernetesCluster;
import com.pulumi.tencentcloud.KubernetesClusterArgs;
import com.pulumi.tencentcloud.inputs.KubernetesClusterWorkerConfigArgs;
import com.pulumi.tencentcloud.KubernetesAuthAttachment;
import com.pulumi.tencentcloud.KubernetesAuthAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var availabilityZone = config.get("availabilityZone").orElse("ap-guangzhou-3");
final var clusterCidr = config.get("clusterCidr").orElse("172.16.0.0/16");
final var defaultInstanceType = config.get("defaultInstanceType").orElse("S1.SMALL1");
final var default = TencentcloudFunctions.getImages(GetImagesArgs.builder()
.imageTypes("PUBLIC_IMAGE")
.osName("centos")
.build());
final var vpc = TencentcloudFunctions.getVpcSubnets(GetVpcSubnetsArgs.builder()
.isDefault(true)
.availabilityZone(availabilityZone)
.build());
var managedCluster = new KubernetesCluster("managedCluster", KubernetesClusterArgs.builder()
.vpcId(vpc.applyValue(getVpcSubnetsResult -> getVpcSubnetsResult.instanceLists()[0].vpcId()))
.clusterCidr("10.31.0.0/16")
.clusterMaxPodNum(32)
.clusterName("keep")
.clusterDesc("test cluster desc")
.clusterVersion("1.20.6")
.clusterMaxServiceNum(32)
.workerConfigs(KubernetesClusterWorkerConfigArgs.builder()
.count(1)
.availabilityZone(availabilityZone)
.instanceType(defaultInstanceType)
.systemDiskType("CLOUD_SSD")
.systemDiskSize(60)
.internetChargeType("TRAFFIC_POSTPAID_BY_HOUR")
.internetMaxBandwidthOut(100)
.publicIpAssigned(true)
.subnetId(vpc.applyValue(getVpcSubnetsResult -> getVpcSubnetsResult.instanceLists()[0].subnetId()))
.dataDisks(KubernetesClusterWorkerConfigDataDiskArgs.builder()
.diskType("CLOUD_PREMIUM")
.diskSize(50)
.build())
.enhancedSecurityService(false)
.enhancedMonitorService(false)
.userData("dGVzdA==")
.password("ZZXXccvv1212")
.build())
.clusterDeployType("MANAGED_CLUSTER")
.build());
var example = new KubernetesAuthAttachment("example", KubernetesAuthAttachmentArgs.builder()
.clusterId(managedCluster.kubernetesClusterId())
.jwksUri(managedCluster.kubernetesClusterId().applyValue(kubernetesClusterId -> String.format("https://%s.ccs.tencent-cloud.com/openid/v1/jwks", kubernetesClusterId)))
.issuer(managedCluster.kubernetesClusterId().applyValue(kubernetesClusterId -> String.format("https://%s.ccs.tencent-cloud.com", kubernetesClusterId)))
.autoCreateDiscoveryAnonymousAuth(true)
.build());
}
}
configuration:
availabilityZone:
type: string
default: ap-guangzhou-3
clusterCidr:
type: string
default: 172.16.0.0/16
defaultInstanceType:
type: string
default: S1.SMALL1
resources:
managedCluster:
type: tencentcloud:KubernetesCluster
properties:
vpcId: ${vpc.instanceLists[0].vpcId}
clusterCidr: 10.31.0.0/16
clusterMaxPodNum: 32
clusterName: keep
clusterDesc: test cluster desc
clusterVersion: 1.20.6
clusterMaxServiceNum: 32
workerConfigs:
- count: 1
availabilityZone: ${availabilityZone}
instanceType: ${defaultInstanceType}
systemDiskType: CLOUD_SSD
systemDiskSize: 60
internetChargeType: TRAFFIC_POSTPAID_BY_HOUR
internetMaxBandwidthOut: 100
publicIpAssigned: true
subnetId: ${vpc.instanceLists[0].subnetId}
dataDisks:
- diskType: CLOUD_PREMIUM
diskSize: 50
enhancedSecurityService: false
enhancedMonitorService: false
userData: dGVzdA==
password: ZZXXccvv1212
clusterDeployType: MANAGED_CLUSTER
example:
type: tencentcloud:KubernetesAuthAttachment
properties:
clusterId: ${managedCluster.kubernetesClusterId}
jwksUri: https://${managedCluster.kubernetesClusterId}.ccs.tencent-cloud.com/openid/v1/jwks
issuer: https://${managedCluster.kubernetesClusterId}.ccs.tencent-cloud.com
autoCreateDiscoveryAnonymousAuth: true
variables:
default:
fn::invoke:
function: tencentcloud:getImages
arguments:
imageTypes:
- PUBLIC_IMAGE
osName: centos
vpc:
fn::invoke:
function: tencentcloud:getVpcSubnets
arguments:
isDefault: true
availabilityZone: ${availabilityZone}
Use the TKE default issuer and jwks_uri
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const config = new pulumi.Config();
const availabilityZone = config.get("availabilityZone") || "ap-guangzhou-3";
const clusterCidr = config.get("clusterCidr") || "172.16.0.0/16";
const defaultInstanceType = config.get("defaultInstanceType") || "S1.SMALL1";
const _default = tencentcloud.getImages({
imageTypes: ["PUBLIC_IMAGE"],
osName: "centos",
});
const vpc = tencentcloud.getVpcSubnets({
isDefault: true,
availabilityZone: availabilityZone,
});
const managedCluster = new tencentcloud.KubernetesCluster("managedCluster", {
vpcId: vpc.then(vpc => vpc.instanceLists?.[0]?.vpcId),
clusterCidr: "10.31.0.0/16",
clusterMaxPodNum: 32,
clusterName: "keep",
clusterDesc: "test cluster desc",
clusterVersion: "1.20.6",
clusterMaxServiceNum: 32,
workerConfigs: [{
count: 1,
availabilityZone: availabilityZone,
instanceType: defaultInstanceType,
systemDiskType: "CLOUD_SSD",
systemDiskSize: 60,
internetChargeType: "TRAFFIC_POSTPAID_BY_HOUR",
internetMaxBandwidthOut: 100,
publicIpAssigned: true,
subnetId: vpc.then(vpc => vpc.instanceLists?.[0]?.subnetId),
dataDisks: [{
diskType: "CLOUD_PREMIUM",
diskSize: 50,
}],
enhancedSecurityService: false,
enhancedMonitorService: false,
userData: "dGVzdA==",
password: "ZZXXccvv1212",
}],
clusterDeployType: "MANAGED_CLUSTER",
});
// if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
const example = new tencentcloud.KubernetesAuthAttachment("example", {
clusterId: managedCluster.kubernetesClusterId,
autoCreateDiscoveryAnonymousAuth: true,
useTkeDefault: true,
});
import pulumi
import pulumi_tencentcloud as tencentcloud
config = pulumi.Config()
availability_zone = config.get("availabilityZone")
if availability_zone is None:
availability_zone = "ap-guangzhou-3"
cluster_cidr = config.get("clusterCidr")
if cluster_cidr is None:
cluster_cidr = "172.16.0.0/16"
default_instance_type = config.get("defaultInstanceType")
if default_instance_type is None:
default_instance_type = "S1.SMALL1"
default = tencentcloud.get_images(image_types=["PUBLIC_IMAGE"],
os_name="centos")
vpc = tencentcloud.get_vpc_subnets(is_default=True,
availability_zone=availability_zone)
managed_cluster = tencentcloud.KubernetesCluster("managedCluster",
vpc_id=vpc.instance_lists[0].vpc_id,
cluster_cidr="10.31.0.0/16",
cluster_max_pod_num=32,
cluster_name="keep",
cluster_desc="test cluster desc",
cluster_version="1.20.6",
cluster_max_service_num=32,
worker_configs=[{
"count": 1,
"availability_zone": availability_zone,
"instance_type": default_instance_type,
"system_disk_type": "CLOUD_SSD",
"system_disk_size": 60,
"internet_charge_type": "TRAFFIC_POSTPAID_BY_HOUR",
"internet_max_bandwidth_out": 100,
"public_ip_assigned": True,
"subnet_id": vpc.instance_lists[0].subnet_id,
"data_disks": [{
"disk_type": "CLOUD_PREMIUM",
"disk_size": 50,
}],
"enhanced_security_service": False,
"enhanced_monitor_service": False,
"user_data": "dGVzdA==",
"password": "ZZXXccvv1212",
}],
cluster_deploy_type="MANAGED_CLUSTER")
# if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
example = tencentcloud.KubernetesAuthAttachment("example",
cluster_id=managed_cluster.kubernetes_cluster_id,
auto_create_discovery_anonymous_auth=True,
use_tke_default=True)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
availabilityZone := "ap-guangzhou-3"
if param := cfg.Get("availabilityZone"); param != "" {
availabilityZone = param
}
clusterCidr := "172.16.0.0/16"
if param := cfg.Get("clusterCidr"); param != "" {
clusterCidr = param
}
defaultInstanceType := "S1.SMALL1"
if param := cfg.Get("defaultInstanceType"); param != "" {
defaultInstanceType = param
}
_, err := tencentcloud.GetImages(ctx, &tencentcloud.GetImagesArgs{
ImageTypes: []string{
"PUBLIC_IMAGE",
},
OsName: pulumi.StringRef("centos"),
}, nil)
if err != nil {
return err
}
vpc, err := tencentcloud.GetVpcSubnets(ctx, &tencentcloud.GetVpcSubnetsArgs{
IsDefault: pulumi.BoolRef(true),
AvailabilityZone: pulumi.StringRef(availabilityZone),
}, nil)
if err != nil {
return err
}
managedCluster, err := tencentcloud.NewKubernetesCluster(ctx, "managedCluster", &tencentcloud.KubernetesClusterArgs{
VpcId: pulumi.String(vpc.InstanceLists[0].VpcId),
ClusterCidr: pulumi.String("10.31.0.0/16"),
ClusterMaxPodNum: pulumi.Float64(32),
ClusterName: pulumi.String("keep"),
ClusterDesc: pulumi.String("test cluster desc"),
ClusterVersion: pulumi.String("1.20.6"),
ClusterMaxServiceNum: pulumi.Float64(32),
WorkerConfigs: tencentcloud.KubernetesClusterWorkerConfigArray{
&tencentcloud.KubernetesClusterWorkerConfigArgs{
Count: pulumi.Float64(1),
AvailabilityZone: pulumi.String(availabilityZone),
InstanceType: pulumi.String(defaultInstanceType),
SystemDiskType: pulumi.String("CLOUD_SSD"),
SystemDiskSize: pulumi.Float64(60),
InternetChargeType: pulumi.String("TRAFFIC_POSTPAID_BY_HOUR"),
InternetMaxBandwidthOut: pulumi.Float64(100),
PublicIpAssigned: pulumi.Bool(true),
SubnetId: pulumi.String(vpc.InstanceLists[0].SubnetId),
DataDisks: tencentcloud.KubernetesClusterWorkerConfigDataDiskArray{
&tencentcloud.KubernetesClusterWorkerConfigDataDiskArgs{
DiskType: pulumi.String("CLOUD_PREMIUM"),
DiskSize: pulumi.Float64(50),
},
},
EnhancedSecurityService: pulumi.Bool(false),
EnhancedMonitorService: pulumi.Bool(false),
UserData: pulumi.String("dGVzdA=="),
Password: pulumi.String("ZZXXccvv1212"),
},
},
ClusterDeployType: pulumi.String("MANAGED_CLUSTER"),
})
if err != nil {
return err
}
// if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
_, err = tencentcloud.NewKubernetesAuthAttachment(ctx, "example", &tencentcloud.KubernetesAuthAttachmentArgs{
ClusterId: managedCluster.KubernetesClusterId,
AutoCreateDiscoveryAnonymousAuth: pulumi.Bool(true),
UseTkeDefault: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var availabilityZone = config.Get("availabilityZone") ?? "ap-guangzhou-3";
var clusterCidr = config.Get("clusterCidr") ?? "172.16.0.0/16";
var defaultInstanceType = config.Get("defaultInstanceType") ?? "S1.SMALL1";
var @default = Tencentcloud.GetImages.Invoke(new()
{
ImageTypes = new[]
{
"PUBLIC_IMAGE",
},
OsName = "centos",
});
var vpc = Tencentcloud.GetVpcSubnets.Invoke(new()
{
IsDefault = true,
AvailabilityZone = availabilityZone,
});
var managedCluster = new Tencentcloud.KubernetesCluster("managedCluster", new()
{
VpcId = vpc.Apply(getVpcSubnetsResult => getVpcSubnetsResult.InstanceLists[0]?.VpcId),
ClusterCidr = "10.31.0.0/16",
ClusterMaxPodNum = 32,
ClusterName = "keep",
ClusterDesc = "test cluster desc",
ClusterVersion = "1.20.6",
ClusterMaxServiceNum = 32,
WorkerConfigs = new[]
{
new Tencentcloud.Inputs.KubernetesClusterWorkerConfigArgs
{
Count = 1,
AvailabilityZone = availabilityZone,
InstanceType = defaultInstanceType,
SystemDiskType = "CLOUD_SSD",
SystemDiskSize = 60,
InternetChargeType = "TRAFFIC_POSTPAID_BY_HOUR",
InternetMaxBandwidthOut = 100,
PublicIpAssigned = true,
SubnetId = vpc.Apply(getVpcSubnetsResult => getVpcSubnetsResult.InstanceLists[0]?.SubnetId),
DataDisks = new[]
{
new Tencentcloud.Inputs.KubernetesClusterWorkerConfigDataDiskArgs
{
DiskType = "CLOUD_PREMIUM",
DiskSize = 50,
},
},
EnhancedSecurityService = false,
EnhancedMonitorService = false,
UserData = "dGVzdA==",
Password = "ZZXXccvv1212",
},
},
ClusterDeployType = "MANAGED_CLUSTER",
});
// if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
var example = new Tencentcloud.KubernetesAuthAttachment("example", new()
{
ClusterId = managedCluster.KubernetesClusterId,
AutoCreateDiscoveryAnonymousAuth = true,
UseTkeDefault = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.TencentcloudFunctions;
import com.pulumi.tencentcloud.inputs.GetImagesArgs;
import com.pulumi.tencentcloud.inputs.GetVpcSubnetsArgs;
import com.pulumi.tencentcloud.KubernetesCluster;
import com.pulumi.tencentcloud.KubernetesClusterArgs;
import com.pulumi.tencentcloud.inputs.KubernetesClusterWorkerConfigArgs;
import com.pulumi.tencentcloud.KubernetesAuthAttachment;
import com.pulumi.tencentcloud.KubernetesAuthAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var availabilityZone = config.get("availabilityZone").orElse("ap-guangzhou-3");
final var clusterCidr = config.get("clusterCidr").orElse("172.16.0.0/16");
final var defaultInstanceType = config.get("defaultInstanceType").orElse("S1.SMALL1");
final var default = TencentcloudFunctions.getImages(GetImagesArgs.builder()
.imageTypes("PUBLIC_IMAGE")
.osName("centos")
.build());
final var vpc = TencentcloudFunctions.getVpcSubnets(GetVpcSubnetsArgs.builder()
.isDefault(true)
.availabilityZone(availabilityZone)
.build());
var managedCluster = new KubernetesCluster("managedCluster", KubernetesClusterArgs.builder()
.vpcId(vpc.applyValue(getVpcSubnetsResult -> getVpcSubnetsResult.instanceLists()[0].vpcId()))
.clusterCidr("10.31.0.0/16")
.clusterMaxPodNum(32)
.clusterName("keep")
.clusterDesc("test cluster desc")
.clusterVersion("1.20.6")
.clusterMaxServiceNum(32)
.workerConfigs(KubernetesClusterWorkerConfigArgs.builder()
.count(1)
.availabilityZone(availabilityZone)
.instanceType(defaultInstanceType)
.systemDiskType("CLOUD_SSD")
.systemDiskSize(60)
.internetChargeType("TRAFFIC_POSTPAID_BY_HOUR")
.internetMaxBandwidthOut(100)
.publicIpAssigned(true)
.subnetId(vpc.applyValue(getVpcSubnetsResult -> getVpcSubnetsResult.instanceLists()[0].subnetId()))
.dataDisks(KubernetesClusterWorkerConfigDataDiskArgs.builder()
.diskType("CLOUD_PREMIUM")
.diskSize(50)
.build())
.enhancedSecurityService(false)
.enhancedMonitorService(false)
.userData("dGVzdA==")
.password("ZZXXccvv1212")
.build())
.clusterDeployType("MANAGED_CLUSTER")
.build());
// if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
var example = new KubernetesAuthAttachment("example", KubernetesAuthAttachmentArgs.builder()
.clusterId(managedCluster.kubernetesClusterId())
.autoCreateDiscoveryAnonymousAuth(true)
.useTkeDefault(true)
.build());
}
}
configuration:
availabilityZone:
type: string
default: ap-guangzhou-3
clusterCidr:
type: string
default: 172.16.0.0/16
defaultInstanceType:
type: string
default: S1.SMALL1
resources:
managedCluster:
type: tencentcloud:KubernetesCluster
properties:
vpcId: ${vpc.instanceLists[0].vpcId}
clusterCidr: 10.31.0.0/16
clusterMaxPodNum: 32
clusterName: keep
clusterDesc: test cluster desc
clusterVersion: 1.20.6
clusterMaxServiceNum: 32
workerConfigs:
- count: 1
availabilityZone: ${availabilityZone}
instanceType: ${defaultInstanceType}
systemDiskType: CLOUD_SSD
systemDiskSize: 60
internetChargeType: TRAFFIC_POSTPAID_BY_HOUR
internetMaxBandwidthOut: 100
publicIpAssigned: true
subnetId: ${vpc.instanceLists[0].subnetId}
dataDisks:
- diskType: CLOUD_PREMIUM
diskSize: 50
enhancedSecurityService: false
enhancedMonitorService: false
userData: dGVzdA==
password: ZZXXccvv1212
clusterDeployType: MANAGED_CLUSTER
# if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
example:
type: tencentcloud:KubernetesAuthAttachment
properties:
clusterId: ${managedCluster.kubernetesClusterId}
autoCreateDiscoveryAnonymousAuth: true
useTkeDefault: true
variables:
default:
fn::invoke:
function: tencentcloud:getImages
arguments:
imageTypes:
- PUBLIC_IMAGE
osName: centos
vpc:
fn::invoke:
function: tencentcloud:getVpcSubnets
arguments:
isDefault: true
availabilityZone: ${availabilityZone}
Use OIDC Config
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KubernetesAuthAttachment("example", {
clusterId: tencentcloud_kubernetes_cluster.managed_cluster.id,
useTkeDefault: true,
autoCreateDiscoveryAnonymousAuth: true,
autoCreateOidcConfig: true,
autoInstallPodIdentityWebhookAddon: true,
});
const oidcConfig = tencentcloud.getCamOidcConfig({
name: tencentcloud_kubernetes_cluster.managed_cluster.id,
});
export const identityKey = oidcConfig.then(oidcConfig => oidcConfig.identityKey);
export const identityUrl = oidcConfig.then(oidcConfig => oidcConfig.identityUrl);
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KubernetesAuthAttachment("example",
cluster_id=tencentcloud_kubernetes_cluster["managed_cluster"]["id"],
use_tke_default=True,
auto_create_discovery_anonymous_auth=True,
auto_create_oidc_config=True,
auto_install_pod_identity_webhook_addon=True)
oidc_config = tencentcloud.get_cam_oidc_config(name=tencentcloud_kubernetes_cluster["managed_cluster"]["id"])
pulumi.export("identityKey", oidc_config.identity_key)
pulumi.export("identityUrl", oidc_config.identity_url)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKubernetesAuthAttachment(ctx, "example", &tencentcloud.KubernetesAuthAttachmentArgs{
ClusterId: pulumi.Any(tencentcloud_kubernetes_cluster.Managed_cluster.Id),
UseTkeDefault: pulumi.Bool(true),
AutoCreateDiscoveryAnonymousAuth: pulumi.Bool(true),
AutoCreateOidcConfig: pulumi.Bool(true),
AutoInstallPodIdentityWebhookAddon: pulumi.Bool(true),
})
if err != nil {
return err
}
oidcConfig, err := tencentcloud.GetCamOidcConfig(ctx, &tencentcloud.GetCamOidcConfigArgs{
Name: tencentcloud_kubernetes_cluster.Managed_cluster.Id,
}, nil)
if err != nil {
return err
}
ctx.Export("identityKey", oidcConfig.IdentityKey)
ctx.Export("identityUrl", oidcConfig.IdentityUrl)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KubernetesAuthAttachment("example", new()
{
ClusterId = tencentcloud_kubernetes_cluster.Managed_cluster.Id,
UseTkeDefault = true,
AutoCreateDiscoveryAnonymousAuth = true,
AutoCreateOidcConfig = true,
AutoInstallPodIdentityWebhookAddon = true,
});
var oidcConfig = Tencentcloud.GetCamOidcConfig.Invoke(new()
{
Name = tencentcloud_kubernetes_cluster.Managed_cluster.Id,
});
return new Dictionary<string, object?>
{
["identityKey"] = oidcConfig.Apply(getCamOidcConfigResult => getCamOidcConfigResult.IdentityKey),
["identityUrl"] = oidcConfig.Apply(getCamOidcConfigResult => getCamOidcConfigResult.IdentityUrl),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KubernetesAuthAttachment;
import com.pulumi.tencentcloud.KubernetesAuthAttachmentArgs;
import com.pulumi.tencentcloud.TencentcloudFunctions;
import com.pulumi.tencentcloud.inputs.GetCamOidcConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KubernetesAuthAttachment("example", KubernetesAuthAttachmentArgs.builder()
.clusterId(tencentcloud_kubernetes_cluster.managed_cluster().id())
.useTkeDefault(true)
.autoCreateDiscoveryAnonymousAuth(true)
.autoCreateOidcConfig(true)
.autoInstallPodIdentityWebhookAddon(true)
.build());
final var oidcConfig = TencentcloudFunctions.getCamOidcConfig(GetCamOidcConfigArgs.builder()
.name(tencentcloud_kubernetes_cluster.managed_cluster().id())
.build());
ctx.export("identityKey", oidcConfig.applyValue(getCamOidcConfigResult -> getCamOidcConfigResult.identityKey()));
ctx.export("identityUrl", oidcConfig.applyValue(getCamOidcConfigResult -> getCamOidcConfigResult.identityUrl()));
}
}
resources:
example:
type: tencentcloud:KubernetesAuthAttachment
properties:
clusterId: ${tencentcloud_kubernetes_cluster.managed_cluster.id}
useTkeDefault: true
autoCreateDiscoveryAnonymousAuth: true
autoCreateOidcConfig: true
autoInstallPodIdentityWebhookAddon: true
variables:
oidcConfig:
fn::invoke:
function: tencentcloud:getCamOidcConfig
arguments:
name: ${tencentcloud_kubernetes_cluster.managed_cluster.id}
outputs:
identityKey: ${oidcConfig.identityKey}
identityUrl: ${oidcConfig.identityUrl}
Create KubernetesAuthAttachment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KubernetesAuthAttachment(name: string, args: KubernetesAuthAttachmentArgs, opts?: CustomResourceOptions);@overload
def KubernetesAuthAttachment(resource_name: str,
args: KubernetesAuthAttachmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KubernetesAuthAttachment(resource_name: str,
opts: Optional[ResourceOptions] = None,
cluster_id: Optional[str] = None,
auto_create_client_ids: Optional[Sequence[str]] = None,
auto_create_discovery_anonymous_auth: Optional[bool] = None,
auto_create_oidc_config: Optional[bool] = None,
auto_install_pod_identity_webhook_addon: Optional[bool] = None,
issuer: Optional[str] = None,
jwks_uri: Optional[str] = None,
kubernetes_auth_attachment_id: Optional[str] = None,
use_tke_default: Optional[bool] = None)func NewKubernetesAuthAttachment(ctx *Context, name string, args KubernetesAuthAttachmentArgs, opts ...ResourceOption) (*KubernetesAuthAttachment, error)public KubernetesAuthAttachment(string name, KubernetesAuthAttachmentArgs args, CustomResourceOptions? opts = null)public KubernetesAuthAttachment(String name, KubernetesAuthAttachmentArgs args)
public KubernetesAuthAttachment(String name, KubernetesAuthAttachmentArgs args, CustomResourceOptions options)
type: tencentcloud:KubernetesAuthAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. KubernetesAuthAttachmentArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. KubernetesAuthAttachmentArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. KubernetesAuthAttachmentArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. KubernetesAuthAttachmentArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. KubernetesAuthAttachmentArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
KubernetesAuthAttachment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KubernetesAuthAttachment resource accepts the following input properties:
- Cluster
Id This property is required. string - ID of clusters.
- Auto
Create List<string>Client Ids - Creating ClientId of the identity provider.
- Auto
Create boolDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - Auto
Create boolOidc Config - Creating an identity provider.
- Auto
Install boolPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - Issuer string
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - Jwks
Uri string - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - Kubernetes
Auth stringAttachment Id - ID of the resource.
- Use
Tke boolDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- Cluster
Id This property is required. string - ID of clusters.
- Auto
Create []stringClient Ids - Creating ClientId of the identity provider.
- Auto
Create boolDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - Auto
Create boolOidc Config - Creating an identity provider.
- Auto
Install boolPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - Issuer string
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - Jwks
Uri string - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - Kubernetes
Auth stringAttachment Id - ID of the resource.
- Use
Tke boolDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- cluster
Id This property is required. String - ID of clusters.
- auto
Create List<String>Client Ids - Creating ClientId of the identity provider.
- auto
Create BooleanDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto
Create BooleanOidc Config - Creating an identity provider.
- auto
Install BooleanPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - issuer String
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks
Uri String - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes
Auth StringAttachment Id - ID of the resource.
- use
Tke BooleanDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- cluster
Id This property is required. string - ID of clusters.
- auto
Create string[]Client Ids - Creating ClientId of the identity provider.
- auto
Create booleanDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto
Create booleanOidc Config - Creating an identity provider.
- auto
Install booleanPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - issuer string
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks
Uri string - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes
Auth stringAttachment Id - ID of the resource.
- use
Tke booleanDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- cluster_
id This property is required. str - ID of clusters.
- auto_
create_ Sequence[str]client_ ids - Creating ClientId of the identity provider.
- auto_
create_ booldiscovery_ anonymous_ auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto_
create_ booloidc_ config - Creating an identity provider.
- auto_
install_ boolpod_ identity_ webhook_ addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - issuer str
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks_
uri str - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes_
auth_ strattachment_ id - ID of the resource.
- use_
tke_ booldefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- cluster
Id This property is required. String - ID of clusters.
- auto
Create List<String>Client Ids - Creating ClientId of the identity provider.
- auto
Create BooleanDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto
Create BooleanOidc Config - Creating an identity provider.
- auto
Install BooleanPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - issuer String
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks
Uri String - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes
Auth StringAttachment Id - ID of the resource.
- use
Tke BooleanDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
Outputs
All input properties are implicitly available as output properties. Additionally, the KubernetesAuthAttachment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Tke
Default stringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - Tke
Default stringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value.
- Id string
- The provider-assigned unique ID for this managed resource.
- Tke
Default stringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - Tke
Default stringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value.
- id String
- The provider-assigned unique ID for this managed resource.
- tke
Default StringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke
Default StringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value.
- id string
- The provider-assigned unique ID for this managed resource.
- tke
Default stringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke
Default stringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value.
- id str
- The provider-assigned unique ID for this managed resource.
- tke_
default_ strissuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke_
default_ strjwks_ uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value.
- id String
- The provider-assigned unique ID for this managed resource.
- tke
Default StringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke
Default StringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value.
Look up Existing KubernetesAuthAttachment Resource
Get an existing KubernetesAuthAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubernetesAuthAttachmentState, opts?: CustomResourceOptions): KubernetesAuthAttachment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auto_create_client_ids: Optional[Sequence[str]] = None,
auto_create_discovery_anonymous_auth: Optional[bool] = None,
auto_create_oidc_config: Optional[bool] = None,
auto_install_pod_identity_webhook_addon: Optional[bool] = None,
cluster_id: Optional[str] = None,
issuer: Optional[str] = None,
jwks_uri: Optional[str] = None,
kubernetes_auth_attachment_id: Optional[str] = None,
tke_default_issuer: Optional[str] = None,
tke_default_jwks_uri: Optional[str] = None,
use_tke_default: Optional[bool] = None) -> KubernetesAuthAttachmentfunc GetKubernetesAuthAttachment(ctx *Context, name string, id IDInput, state *KubernetesAuthAttachmentState, opts ...ResourceOption) (*KubernetesAuthAttachment, error)public static KubernetesAuthAttachment Get(string name, Input<string> id, KubernetesAuthAttachmentState? state, CustomResourceOptions? opts = null)public static KubernetesAuthAttachment get(String name, Output<String> id, KubernetesAuthAttachmentState state, CustomResourceOptions options)resources: _: type: tencentcloud:KubernetesAuthAttachment get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Auto
Create List<string>Client Ids - Creating ClientId of the identity provider.
- Auto
Create boolDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - Auto
Create boolOidc Config - Creating an identity provider.
- Auto
Install boolPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - Cluster
Id string - ID of clusters.
- Issuer string
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - Jwks
Uri string - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - Kubernetes
Auth stringAttachment Id - ID of the resource.
- Tke
Default stringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - Tke
Default stringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - Use
Tke boolDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- Auto
Create []stringClient Ids - Creating ClientId of the identity provider.
- Auto
Create boolDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - Auto
Create boolOidc Config - Creating an identity provider.
- Auto
Install boolPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - Cluster
Id string - ID of clusters.
- Issuer string
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - Jwks
Uri string - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - Kubernetes
Auth stringAttachment Id - ID of the resource.
- Tke
Default stringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - Tke
Default stringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - Use
Tke boolDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- auto
Create List<String>Client Ids - Creating ClientId of the identity provider.
- auto
Create BooleanDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto
Create BooleanOidc Config - Creating an identity provider.
- auto
Install BooleanPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - cluster
Id String - ID of clusters.
- issuer String
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks
Uri String - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes
Auth StringAttachment Id - ID of the resource.
- tke
Default StringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke
Default StringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - use
Tke BooleanDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- auto
Create string[]Client Ids - Creating ClientId of the identity provider.
- auto
Create booleanDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto
Create booleanOidc Config - Creating an identity provider.
- auto
Install booleanPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - cluster
Id string - ID of clusters.
- issuer string
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks
Uri string - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes
Auth stringAttachment Id - ID of the resource.
- tke
Default stringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke
Default stringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - use
Tke booleanDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- auto_
create_ Sequence[str]client_ ids - Creating ClientId of the identity provider.
- auto_
create_ booldiscovery_ anonymous_ auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto_
create_ booloidc_ config - Creating an identity provider.
- auto_
install_ boolpod_ identity_ webhook_ addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - cluster_
id str - ID of clusters.
- issuer str
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks_
uri str - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes_
auth_ strattachment_ id - ID of the resource.
- tke_
default_ strissuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke_
default_ strjwks_ uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - use_
tke_ booldefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
- auto
Create List<String>Client Ids - Creating ClientId of the identity provider.
- auto
Create BooleanDiscovery Anonymous Auth - If set to
true, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'. - auto
Create BooleanOidc Config - Creating an identity provider.
- auto
Install BooleanPod Identity Webhook Addon - Creating the PodIdentityWebhook component. if
auto_create_oidc_configis true, this field must set true. - cluster
Id String - ID of clusters.
- issuer String
- Specify service-account-issuer. If use_tke_default is set to
true, please do not set this field. - jwks
Uri String - Specify service-account-jwks-uri. If use_tke_default is set to
true, please do not set this field. - kubernetes
Auth StringAttachment Id - ID of the resource.
- tke
Default StringIssuer - The default issuer of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - tke
Default StringJwks Uri - The default jwks_uri of tke. If use_tke_default is set to
true, this parameter will be set to the default value. - use
Tke BooleanDefault - If set to
true, the issuer and jwks_uri will be generated automatically by tke, please do not set issuer and jwks_uri.
Import
tke cluster authentication can be imported, e.g.
$ pulumi import tencentcloud:index/kubernetesAuthAttachment:KubernetesAuthAttachment example cls-fp5o961e
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- tencentcloud tencentcloudstack/terraform-provider-tencentcloud
- License
- Notes
- This Pulumi package is based on the
tencentcloudTerraform Provider.
tencentcloud 1.81.183 published on Wednesday, Apr 16, 2025 by tencentcloudstack