resource/alicloud_cs_managed_kubernetes: load_balancer_spec: remove d…

…efault value; worker_vswitch_ids: mark as deprecated, use vswitch_ids instead; vswitch_ids: support create and update operation for control plane vswitches. resource/alicloud_cs_kubernetes: platform will not support CentOS, update test.
aliyun · Jan 10, 2025 · 111d308 · 111d308
1 parent 28e0f75
commit 111d308
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 66 deletions.
diff --git a/alicloud/resource_alicloud_cs_kubernetes.go b/alicloud/resource_alicloud_cs_kubernetes.go
@@ -1032,16 +1032,22 @@ func modifyCluster(d *schema.ResourceData, meta interface{}, invoker *Invoker) e
 	}
 
 	if d.HasChange("custom_san") {
-		custom_san := d.Get("custom_san").(string)
+		customSan := d.Get("custom_san").(string)
 		request.SetApiServerCustomCertSans(
 			&roacs.ModifyClusterRequestApiServerCustomCertSans{
-				SubjectAlternativeNames: tea.StringSlice(strings.Split(custom_san, ",")),
+				SubjectAlternativeNames: tea.StringSlice(strings.Split(customSan, ",")),
 				Action:                  tea.String("overwrite"),
 			},
 		)
 		updated = true
 	}
 
+	if d.HasChange("vswitch_ids") {
+		vSwitchIds := expandStringList(d.Get("vswitch_ids").([]interface{}))
+		request.SetVswitchIds(tea.StringSlice(vSwitchIds))
+		updated = true
+	}
+
 	if updated == false {
 		return nil
 	}
@@ -1099,9 +1105,7 @@ func resourceAlicloudCSKubernetesRead(d *schema.ResourceData, meta interface{})
 	if d.Get("os_type") == "" {
 		d.Set("os_type", "Linux")
 	}
-	if d.Get("platform") == "" {
-		d.Set("platform", "CentOS")
-	}
+
 	if d.Get("cluster_domain") == "" {
 		d.Set("cluster_domain", "cluster.local")
 	}

diff --git a/alicloud/resource_alicloud_cs_kubernetes_test.go b/alicloud/resource_alicloud_cs_kubernetes_test.go
@@ -219,7 +219,7 @@ func TestAccAliCloudCSKubernetes_basic(t *testing.T) {
 			{
 				Config: testAccConfig(map[string]interface{}{
 					"name":                           name,
-					"version":                        "1.26.15-aliyun.1",
+					"version":                        "${data.alicloud_cs_kubernetes_version.kubernetes_versions.metadata.2.version}",
 					"master_vswitch_ids":             []string{"${local.vswitch_id}", "${local.vswitch_id}", "${local.vswitch_id}"},
 					"master_instance_types":          []string{"${data.alicloud_instance_types.default.instance_types.0.id}", "${data.alicloud_instance_types.default.instance_types.0.id}", "${data.alicloud_instance_types.default.instance_types.0.id}"},
 					"master_disk_category":           "cloud_essd",
@@ -237,8 +237,8 @@ func TestAccAliCloudCSKubernetes_basic(t *testing.T) {
 					"deletion_protection":            "false",
 					"timezone":                       "Asia/Shanghai",
 					"os_type":                        "Linux",
-					"platform":                       "CentOS",
-					"image_id":                       "centos_7_9_x64_20G_alibase_20230718.vhd",
+					"platform":                       "AliyunLinux3",
+					"image_id":                       "aliyun_3_x64_20G_alibase_20240819.vhd",
 					"runtime":                        map[string]interface{}{"name": "containerd", "version": "1.6.20"},
 					"node_name_mode":                 "customized,aliyun.com-,5,-test",
 					"cluster_domain":                 "cluster.local",
@@ -256,7 +256,6 @@ func TestAccAliCloudCSKubernetes_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheck(map[string]string{
 						"name":                          name,
-						"version":                       "1.26.15-aliyun.1",
 						"master_disk_category":          "cloud_essd",
 						"master_disk_performance_level": "PL0",
 						"master_disk_size":              "80",
@@ -270,7 +269,7 @@ func TestAccAliCloudCSKubernetes_basic(t *testing.T) {
 						"deletion_protection":           "false",
 						"timezone":                      "Asia/Shanghai",
 						"os_type":                       "Linux",
-						"platform":                      "CentOS",
+						"platform":                      "AliyunLinux3",
 						"cluster_domain":                "cluster.local",
 						"custom_san":                    "www.terraform.io",
 						"rds_instances.#":               "1",
@@ -291,7 +290,7 @@ func TestAccAliCloudCSKubernetes_basic(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"new_nat_gateway", "password", "user_ca", "rds_instances",
 					"cluster_ca_cert", "client_key", "client_cert", "kms_encryption_context", "kms_encrypted_password",
 					"retain_resources", "name_prefix", "enable_ssh", "timezone", "runtime",
-					"api_audiences", "service_account_issuer", "load_balancer_spec",
+					"api_audiences", "service_account_issuer", "load_balancer_spec", "platform",
 				},
 			},
 			{
@@ -360,12 +359,13 @@ func TestAccAliCloudCSKubernetes_basic(t *testing.T) {
 				),
 			},
 			{
+				// upgrade
 				Config: testAccConfig(map[string]interface{}{
-					"version": "1.28.9-aliyun.1",
+					"version": "${data.alicloud_cs_kubernetes_version.kubernetes_versions.metadata.1.version}",
 				}),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheck(map[string]string{
-						"version": "1.28.9-aliyun.1",
+						"version": CHECKSET,
 					}),
 				),
 			},
@@ -436,7 +436,6 @@ func TestAccAliCloudCSKubernetes_prepaid(t *testing.T) {
 			{
 				Config: testAccConfig(map[string]interface{}{
 					"name_prefix":                  "tf-testAccKubernetes_prepaid",
-					"version":                      "1.26.15-aliyun.1",
 					"master_vswitch_ids":           []string{"${local.vswitch_id}", "${local.vswitch_id}", "${local.vswitch_id}"},
 					"master_instance_types":        []string{"${data.alicloud_instance_types.default.instance_types.0.id}", "${data.alicloud_instance_types.default.instance_types.0.id}", "${data.alicloud_instance_types.default.instance_types.0.id}"},
 					"master_disk_category":         "cloud_ssd",
@@ -455,7 +454,7 @@ func TestAccAliCloudCSKubernetes_prepaid(t *testing.T) {
 					"deletion_protection":          "false",
 					"timezone":                     "Asia/Shanghai",
 					"os_type":                      "Linux",
-					"platform":                     "CentOS",
+					"platform":                     "AliyunLinux3",
 					"cluster_domain":               "cluster.local",
 					"custom_san":                   "www.terraform.io",
 					"proxy_mode":                   "ipvs",
@@ -483,7 +482,7 @@ func TestAccAliCloudCSKubernetes_prepaid(t *testing.T) {
 						"deletion_protection":          "false",
 						"timezone":                     "Asia/Shanghai",
 						"os_type":                      "Linux",
-						"platform":                     "CentOS",
+						"platform":                     "AliyunLinux3",
 						"cluster_domain":               "cluster.local",
 						"custom_san":                   "www.terraform.io",
 						"proxy_mode":                   "ipvs",
@@ -500,7 +499,7 @@ func TestAccAliCloudCSKubernetes_prepaid(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"new_nat_gateway", "password", "user_ca", "runtime",
 					"rds_instances", "cluster_ca_cert", "client_key", "client_cert", "kms_encryption_context",
 					"kms_encrypted_password", "retain_resources", "name_prefix", "enable_ssh", "timezone", "addons",
-					"load_balancer_spec", "pod_vswitch_ids", "slb_internet_enabled",
+					"load_balancer_spec", "pod_vswitch_ids", "slb_internet_enabled", "platform",
 				},
 			},
 		},
@@ -544,6 +543,11 @@ data "alicloud_resource_manager_resource_groups" "default" {
   status = "OK"
 }
 
+data "alicloud_cs_kubernetes_version" "kubernetes_versions" {
+  cluster_type       = "Kubernetes"
+}
+
+
 data "alicloud_vpcs" "default" {
   name_regex = "^default-NODELETING$"
   cidr_block = "192.168.0.0/16"

diff --git a/alicloud/resource_alicloud_cs_managed_kubernetes.go b/alicloud/resource_alicloud_cs_managed_kubernetes.go
@@ -53,16 +53,14 @@ func resourceAlicloudCSManagedKubernetes() *schema.Resource {
 				ValidateFunc:  StringLenBetween(0, 37),
 				ConflictsWith: []string{"name"},
 			},
-			// worker configurations，TODO: name issue
 			"worker_vswitch_ids": {
-				Type:     schema.TypeList,
-				Required: true,
-				ForceNew: true,
+				Type: schema.TypeList,
 				Elem: &schema.Schema{
 					Type:         schema.TypeString,
 					ValidateFunc: StringMatch(regexp.MustCompile(`^vsw-[a-z0-9]*$`), "should start with 'vsw-'."),
 				},
-				MinItems: 1,
+				Optional:   true,
+				Deprecated: "Field 'worker_vswitch_ids' has been deprecated from provider version 1.241.0. Please use 'vswitch_ids' to managed control plane vswtiches",
 			},
 			"worker_instance_types": {
 				Type:     schema.TypeList,
@@ -201,6 +199,18 @@ func resourceAlicloudCSManagedKubernetes() *schema.Resource {
 				Removed:  "Field 'exclude_autoscaler_nodes' has been removed from provider version 1.212.0. Please use resource 'alicloud_cs_kubernetes_node_pool' to manage cluster nodes",
 			},
 			// global configurations
+			"vswitch_ids": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: StringMatch(regexp.MustCompile(`^vsw-[a-z0-9]*$`), "should start with 'vsw-'."),
+				},
+				MinItems:     1,
+				MaxItems:     5,
+				ExactlyOneOf: []string{"worker_vswitch_ids", "vswitch_ids"},
+			},
 			"pod_vswitch_ids": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -332,8 +342,8 @@ func resourceAlicloudCSManagedKubernetes() *schema.Resource {
 				Type:         schema.TypeString,
 				Optional:     true,
 				ValidateFunc: StringInSlice([]string{"slb.s1.small", "slb.s2.small", "slb.s2.medium", "slb.s3.small", "slb.s3.medium", "slb.s3.large"}, false),
-				Default:      "slb.s1.small",
-				Deprecated:   "Field 'load_balancer_spec' has been deprecated from provider version 1.232.0. The load balancer has been changed to PayByCLCU so that the spec is no need anymore.",
+				Computed:     true,
+				Deprecated:   "Field 'load_balancer_spec' has been deprecated from provider version 1.232.0. The spec will not take effect because the charge of the load balancer has been changed to PayByCLCU",
 			},
 			"deletion_protection": {
 				Type:     schema.TypeBool,
@@ -564,19 +574,6 @@ func resourceAlicloudCSManagedKubernetes() *schema.Resource {
 				Computed: true,
 				Removed:  "Field 'availability_zone' has been removed from provider version 1.212.0.",
 			},
-			// remove parameters below
-			// mix vswitch_ids between master and worker is not a good guidance to create cluster
-			"vswitch_ids": {
-				Type:     schema.TypeList,
-				Optional: true,
-				Elem: &schema.Schema{
-					Type:         schema.TypeString,
-					ValidateFunc: StringMatch(regexp.MustCompile(`^vsw-[a-z0-9]*$`), "should start with 'vsw-'."),
-				},
-				MinItems: 3,
-				MaxItems: 5,
-				Removed:  "Field 'vswitch_ids' has been deprecated from provider version 1.75.0. New field 'master_vswitch_ids' and 'worker_vswitch_ids' replace it.",
-			},
 			// force update is a high risk operation
 			"force_update": {
 				Type:     schema.TypeBool,
@@ -1025,6 +1022,11 @@ func resourceAlicloudCSManagedKubernetesRead(d *schema.ResourceData, meta interf
 		return WrapError(err)
 	}
 
+	// compat for default value
+	if spec := d.Get("load_balancer_spec").(string); spec != "" {
+		d.Set("load_balancer_spec", spec)
+	}
+
 	if object.Name != nil {
 		d.Set("name", object.Name)
 	}
@@ -1033,8 +1035,13 @@ func resourceAlicloudCSManagedKubernetesRead(d *schema.ResourceData, meta interf
 		d.Set("vpc_id", object.VpcId)
 	}
 
-	if v, ok := object.Parameters["WorkerVSwitchIds"]; ok {
-		d.Set("worker_vswitch_ids", strings.Split(Interface2String(tea.StringValue(v)), ","))
+	if object.VswitchIds != nil {
+		d.Set("vswitch_ids", tea.StringSliceValue(object.VswitchIds))
+	}
+
+	// compat for old value
+	if v := d.Get("worker_vswitch_ids"); v != nil {
+		d.Set("worker_vswitch_ids", v)
 	}
 
 	if object.SecurityGroupId != nil {
@@ -1201,7 +1208,7 @@ func resourceAlicloudCSManagedKubernetesUpdate(d *schema.ResourceData, meta inte
 	d.Partial(true)
 	invoker := NewInvoker()
 	// modifyCluster
-	if !d.IsNewResource() && d.HasChanges("resource_group_id", "name", "name_prefix", "deletion_protection", "custom_san", "maintenance_window", "operation_policy", "enable_rrsa") {
+	if !d.IsNewResource() && d.HasChanges("resource_group_id", "name", "name_prefix", "deletion_protection", "custom_san", "vswitch_ids", "maintenance_window", "operation_policy", "enable_rrsa") {
 		if err := modifyCluster(d, meta, &invoker); err != nil {
 			return WrapErrorf(err, DefaultErrorMsg, d.Id(), "ModifyCluster", AlibabaCloudSdkGoERROR)
 		}

diff --git a/alicloud/resource_alicloud_cs_managed_kubernetes_test.go b/alicloud/resource_alicloud_cs_managed_kubernetes_test.go
@@ -56,7 +56,6 @@ func TestAccAliCloudCSManagedKubernetes_basic(t *testing.T) {
 					"pod_cidr":                "10.93.0.0/16",
 					"service_cidr":            "172.21.0.0/16",
 					"slb_internet_enabled":    "true",
-					"load_balancer_spec":      "slb.s2.small",
 					"cluster_spec":            "ack.pro.small",
 					"resource_group_id":       "${data.alicloud_resource_manager_resource_groups.default.groups.0.id}",
 					"security_group_id":       "${alicloud_security_group.default.id}",
@@ -125,7 +124,7 @@ func TestAccAliCloudCSManagedKubernetes_basic(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 				ImportStateVerifyIgnore: []string{"new_nat_gateway", "user_ca", "name_prefix", "slb_internet_enabled", "api_audiences",
-					"service_account_issuer", "load_balancer_spec", "encryption_provider_key", "cluster_ca_cert", "client_key", "client_cert",
+					"service_account_issuer", "load_balancer_spec", "encryption_provider_key", "cluster_ca_cert", "client_key", "client_cert", "worker_vswitch_ids",
 				},
 			},
 			{
@@ -251,7 +250,7 @@ func TestAccAliCloudCSManagedKubernetes_essd_migrate_upgrade(t *testing.T) {
 					"cluster_spec":        "ack.standard",
 					"new_nat_gateway":     "true",
 					"proxy_mode":          "ipvs",
-					"worker_vswitch_ids":  []string{"${local.vswitch_id}"},
+					"vswitch_ids":         []string{"${local.vswitch_id}"},
 					"tags": map[string]string{
 						"Platform": "TF",
 					},
@@ -368,7 +367,7 @@ func TestAccAliCloudCSManagedKubernetes_controlPlanLog(t *testing.T) {
 					"node_cidr_mask":               "26",
 					"service_cidr":                 "172.23.0.0/16",
 					"proxy_mode":                   "ipvs",
-					"worker_vswitch_ids":           []string{"${local.vswitch_id}"},
+					"vswitch_ids":                  []string{"${local.vswitch_id}", "${local.vswitch_id_1}"},
 					"pod_vswitch_ids":              []string{"${local.vswitch_id}"},
 					"control_plane_log_ttl":        "30",
 					"control_plane_log_components": []string{"apiserver", "kcm", "scheduler"},
@@ -385,6 +384,7 @@ func TestAccAliCloudCSManagedKubernetes_controlPlanLog(t *testing.T) {
 						"nat_gateway_id":                 CHECKSET,
 						"service_cidr":                   "172.23.0.0/16",
 						"proxy_mode":                     "ipvs",
+						"vswitch_ids.#":                  "2",
 						"control_plane_log_ttl":          "30",
 						"control_plane_log_components.0": "apiserver",
 						"control_plane_log_components.1": "kcm",
@@ -393,6 +393,15 @@ func TestAccAliCloudCSManagedKubernetes_controlPlanLog(t *testing.T) {
 					}),
 				),
 			},
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"vswitch_ids": []string{"${local.vswitch_id}"},
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{
+						"vswitch_ids.#": "1",
+					})),
+			},
 			{
 				Config: testAccConfig(map[string]interface{}{
 					"control_plane_log_ttl":        "90",
@@ -463,6 +472,11 @@ data "alicloud_vswitches" "default" {
   zone_id = data.alicloud_zones.default.zones.0.id
 }
 
+data "alicloud_vswitches" "default_1" {
+  vpc_id  = data.alicloud_vpcs.default.ids.0
+  zone_id = length(data.alicloud_zones.default.zones) > 0 ? data.alicloud_zones.default.zones.1.id : data.alicloud_zones.default.zones.0.id
+}
+
 resource "alicloud_vswitch" "vswitch" {
   count        = length(data.alicloud_vswitches.default.ids) > 0 ? 0 : 1
   vpc_id       = data.alicloud_vpcs.default.ids.0
@@ -474,10 +488,16 @@ resource "alicloud_vswitch" "vswitch" {
 resource "alicloud_log_project" "log" {
   name        = var.name
   description = "created by terraform for managedkubernetes cluster"
+  lifecycle {
+    ignore_changes = [
+      policy
+    ]
+  }
 }
 
 locals {
   vswitch_id = length(data.alicloud_vswitches.default.ids) > 0 ? data.alicloud_vswitches.default.ids[0] : concat(alicloud_vswitch.vswitch.*.id, [""])[0]
+  vswitch_id_1 = length(data.alicloud_vswitches.default_1.ids) > 0 ? data.alicloud_vswitches.default_1.ids[0] : concat(alicloud_vswitch.vswitch.*.id, [""])[0]
 }
 `, name)
 }

diff --git a/website/docs/r/cs_kubernetes.html.markdown b/website/docs/r/cs_kubernetes.html.markdown
@@ -218,7 +218,7 @@ resource "alicloud_cs_kubernetes" "default" {
 * `security_group_id` - (Optional, ForceNew, Available since v1.91.0) The ID of the security group to which the ECS instances in the cluster belong. If it is not specified, a new Security group will be built.
 * `is_enterprise_security_group` - (Optional, ForceNew, Available since v1.91.0) Enable to create advanced security group. default: false. See [Advanced security group](https://www.alibabacloud.com/help/doc-detail/120621.htm). Only works for **Create** Operation. 
 * `proxy_mode` - (Optional, ForceNew) Proxy mode is option of kube-proxy. options: iptables | ipvs. default: ipvs.
-* `image_id` - (Optional, ForceNew) Custom Image support. Must based on CentOS7 or AliyunLinux2.
+* `image_id` - (Optional, ForceNew) Custom Image support. Must be based on AliyunLinux or AliyunLinux3.
 * `cluster_domain` - (Optional, ForceNew, Available since v1.103.2) Cluster local domain name, Default to `cluster.local`. A domain name consists of one or more sections separated by a decimal point (.), each of which is up to 63 characters long, and can be lowercase, numerals, and underscores (-), and must be lowercase or numerals at the beginning and end.
 * `custom_san` - (Optional, ForceNew, Available since v1.103.2) Customize the certificate SAN, multiple IP or domain names are separated by English commas (,).
 * `user_ca` - (Optional) The path of customized CA cert, you can use this CA to sign client certs to connect your cluster.
@@ -235,7 +235,7 @@ resource "alicloud_cs_kubernetes" "default" {
 * `kms_encrypted_password` - (Optional, Available since v1.57.1) An KMS encrypts password used to a cs kubernetes. You have to specify one of `password` `key_name` `kms_encrypted_password` fields.
 * `kms_encryption_context` - (Optional, MapString, Available since v1.57.1) An KMS encryption context used to decrypt `kms_encrypted_password` before creating or updating a cs kubernetes with `kms_encrypted_password`. See [Encryption Context](https://www.alibabacloud.com/help/doc-detail/42975.htm). It is valid when `kms_encrypted_password` is set.
 * `os_type` - (Optional, ForceNew, Available since v1.103.2) The operating system of the nodes that run pods, its valid value is either `Linux` or `Windows`. Default to `Linux`.
-* `platform` - (Optional, ForceNew, Available since v1.103.2) The architecture of the nodes that run pods, its valid value is either `CentOS` or `AliyunLinux`. Default to `CentOS`.
+* `platform` - (Optional, ForceNew, Available since v1.103.2) The architecture of the nodes that run pods, its valid value `AliyunLinux`, `AliyunLinux3`. Default to `AliyunLinux3`.
 * `node_name_mode` - (Optional, ForceNew, Available since v1.88.0) Each node name consists of a prefix, an IP substring, and a suffix, the input format is `customized,<prefix>,IPSubStringLen,<suffix>`. For example "customized,aliyun.com-,5,-test", if the node IP address is 192.168.59.176, the prefix is aliyun.com-, IP substring length is 5, and the suffix is -test, the node name will be aliyun.com-59176-test.
 * `addons` - (Optional, Available since v1.88.0) The addon you want to install in cluster. See [`addons`](#addons) below. Only works for **Create** Operation, use [resource cs_kubernetes_addon](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cs_kubernetes_addon) to manage addons if cluster is created.