From 4074f82ab7c22b4f984229340444a738c019e510 Mon Sep 17 00:00:00 2001 From: Ian Wahbe Date: Tue, 12 Mar 2024 12:36:13 +0100 Subject: [PATCH] Upgrade terraform-provider-rancher2 to v4.1.0 (#413) This PR was generated via `$ upgrade-provider pulumi/pulumi-rancher2`. --- - Upgrading terraform-provider-rancher2 from 4.0.0 to 4.1.0. Fixes #408 --- .../bridge-metadata.json | 50 ++ .../cmd/pulumi-resource-rancher2/schema.json | 300 ++++++++- provider/go.mod | 2 +- provider/go.sum | 7 +- provider/resources.go | 7 + sdk/dotnet/Cluster.cs | 103 ++- ...dSecurityAdmissionConfigurationTemplate.cs | 116 ++++ ...issionConfigurationTemplateDefaultsArgs.cs | 56 ++ ...ionConfigurationTemplateDefaultsGetArgs.cs | 56 ++ ...sionConfigurationTemplateExemptionsArgs.cs | 56 ++ ...nConfigurationTemplateExemptionsGetArgs.cs | 56 ++ ...sionConfigurationTemplateDefaultsResult.cs | 63 ++ ...onConfigurationTemplateExemptionsResult.cs | 42 ++ ...yAdmissionConfigurationTemplateDefaults.cs | 63 ++ ...dmissionConfigurationTemplateExemptions.cs | 42 ++ ...dSecurityAdmissionConfigurationTemplate.cs | 209 +++++++ sdk/go/rancher2/cluster.go | 111 +++- ...dSecurityAdmissionConfigurationTemplate.go | 119 ++++ sdk/go/rancher2/init.go | 7 + ...dSecurityAdmissionConfigurationTemplate.go | 303 +++++++++ sdk/go/rancher2/pulumiTypes.go | 586 +++++++++++++----- sdk/go/rancher2/pulumiTypes1.go | 342 ++++++++++ .../java/com/pulumi/rancher2/Cluster.java | 106 +++- .../java/com/pulumi/rancher2/ClusterArgs.java | 8 +- ...ecurityAdmissionConfigurationTemplate.java | 158 +++++ ...ityAdmissionConfigurationTemplateArgs.java | 280 +++++++++ .../pulumi/rancher2/Rancher2Functions.java | 15 + .../pulumi/rancher2/inputs/ClusterState.java | 8 +- ...ityAdmissionConfigurationTemplateArgs.java | 103 +++ ...missionConfigurationTemplatePlainArgs.java | 90 +++ ...sionConfigurationTemplateDefaultsArgs.java | 268 ++++++++ ...onConfigurationTemplateExemptionsArgs.java | 188 ++++++ ...tyAdmissionConfigurationTemplateState.java | 276 +++++++++ ...dmissionConfigurationTemplateDefaults.java | 162 +++++ ...issionConfigurationTemplateExemptions.java | 108 ++++ ...yAdmissionConfigurationTemplateResult.java | 152 +++++ ...dmissionConfigurationTemplateDefaults.java | 162 +++++ ...issionConfigurationTemplateExemptions.java | 108 ++++ sdk/nodejs/cluster.ts | 83 ++- ...dSecurityAdmissionConfigurationTemplate.ts | 54 ++ sdk/nodejs/index.ts | 13 + ...dSecurityAdmissionConfigurationTemplate.ts | 159 +++++ sdk/nodejs/tsconfig.json | 2 + sdk/nodejs/types/input.ts | 42 ++ sdk/nodejs/types/output.ts | 84 +++ sdk/python/pulumi_rancher2/__init__.py | 10 + sdk/python/pulumi_rancher2/_inputs.py | 160 +++++ sdk/python/pulumi_rancher2/cluster.py | 164 +++-- ...curity_admission_configuration_template.py | 134 ++++ sdk/python/pulumi_rancher2/outputs.py | 286 +++++++++ ...curity_admission_configuration_template.py | 388 ++++++++++++ 51 files changed, 6151 insertions(+), 316 deletions(-) create mode 100644 sdk/dotnet/GetPodSecurityAdmissionConfigurationTemplate.cs create mode 100644 sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.cs create mode 100644 sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs.cs create mode 100644 sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.cs create mode 100644 sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs.cs create mode 100644 sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateDefaultsResult.cs create mode 100644 sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateExemptionsResult.cs create mode 100644 sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateDefaults.cs create mode 100644 sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateExemptions.cs create mode 100644 sdk/dotnet/PodSecurityAdmissionConfigurationTemplate.cs create mode 100644 sdk/go/rancher2/getPodSecurityAdmissionConfigurationTemplate.go create mode 100644 sdk/go/rancher2/podSecurityAdmissionConfigurationTemplate.go create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplate.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplateArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplateArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplatePlainArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateState.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateDefaults.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateExemptions.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateResult.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateDefaults.java create mode 100644 sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateExemptions.java create mode 100644 sdk/nodejs/getPodSecurityAdmissionConfigurationTemplate.ts create mode 100644 sdk/nodejs/podSecurityAdmissionConfigurationTemplate.ts create mode 100644 sdk/python/pulumi_rancher2/get_pod_security_admission_configuration_template.py create mode 100644 sdk/python/pulumi_rancher2/pod_security_admission_configuration_template.py diff --git a/provider/cmd/pulumi-resource-rancher2/bridge-metadata.json b/provider/cmd/pulumi-resource-rancher2/bridge-metadata.json index dce61aaed..e69066486 100644 --- a/provider/cmd/pulumi-resource-rancher2/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-rancher2/bridge-metadata.json @@ -1721,6 +1721,31 @@ } } }, + "rancher2_pod_security_admission_configuration_template": { + "current": "rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate", + "majorVersion": 6, + "fields": { + "defaults": { + "maxItemsOne": true + }, + "exemptions": { + "maxItemsOne": true, + "elem": { + "fields": { + "namespaces": { + "maxItemsOne": false + }, + "runtime_classes": { + "maxItemsOne": false + }, + "usernames": { + "maxItemsOne": false + } + } + } + } + } + }, "rancher2_pod_security_policy_template": { "current": "rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate", "majorVersion": 6, @@ -3316,6 +3341,31 @@ } } }, + "rancher2_pod_security_admission_configuration_template": { + "current": "rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate", + "majorVersion": 6, + "fields": { + "defaults": { + "maxItemsOne": true + }, + "exemptions": { + "maxItemsOne": true, + "elem": { + "fields": { + "namespaces": { + "maxItemsOne": false + }, + "runtime_classes": { + "maxItemsOne": false + }, + "usernames": { + "maxItemsOne": false + } + } + } + } + } + }, "rancher2_pod_security_policy_template": { "current": "rancher2:index/getPodSecurityPolicyTemplate:getPodSecurityPolicyTemplate", "majorVersion": 6, diff --git a/provider/cmd/pulumi-resource-rancher2/schema.json b/provider/cmd/pulumi-resource-rancher2/schema.json index 46f57e159..56ef867aa 100644 --- a/provider/cmd/pulumi-resource-rancher2/schema.json +++ b/provider/cmd/pulumi-resource-rancher2/schema.json @@ -11455,6 +11455,61 @@ "secret" ] }, + "rancher2:index/PodSecurityAdmissionConfigurationTemplateDefaults:PodSecurityAdmissionConfigurationTemplateDefaults": { + "properties": { + "audit": { + "type": "string", + "description": "Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged)\n" + }, + "auditVersion": { + "type": "string", + "description": "Pod Security Admission Configuration audit version (default: latest)\n" + }, + "enforce": { + "type": "string", + "description": "Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged)\n" + }, + "enforceVersion": { + "type": "string", + "description": "Pod Security Admission Configuration enforce version (default: latest)\n" + }, + "warn": { + "type": "string", + "description": "Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged)\n" + }, + "warnVersion": { + "type": "string", + "description": "Pod Security Admission Configuration warn version (default: latest)\n" + } + }, + "type": "object" + }, + "rancher2:index/PodSecurityAdmissionConfigurationTemplateExemptions:PodSecurityAdmissionConfigurationTemplateExemptions": { + "properties": { + "namespaces": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Pod Security Admission Configuration namespace exemptions\n" + }, + "runtimeClasses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Pod Security Admission Configuration runtime class exemptions\n" + }, + "usernames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Pod Security Admission Configuration username exemptions\n" + } + }, + "type": "object" + }, "rancher2:index/PodSecurityPolicyTemplateAllowedCsiDriver:PodSecurityPolicyTemplateAllowedCsiDriver": { "properties": { "name": { @@ -20552,6 +20607,61 @@ } } }, + "rancher2:index/getPodSecurityAdmissionConfigurationTemplateDefaults:getPodSecurityAdmissionConfigurationTemplateDefaults": { + "properties": { + "audit": { + "type": "string", + "description": "Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged)\n" + }, + "auditVersion": { + "type": "string", + "description": "Pod Security Admission Configuration audit version (default: latest)\n" + }, + "enforce": { + "type": "string", + "description": "Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged)\n" + }, + "enforceVersion": { + "type": "string", + "description": "Pod Security Admission Configuration enforce version (default: latest)\n" + }, + "warn": { + "type": "string", + "description": "Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged)\n" + }, + "warnVersion": { + "type": "string", + "description": "Pod Security Admission Configuration warn version (default: latest)\n" + } + }, + "type": "object" + }, + "rancher2:index/getPodSecurityAdmissionConfigurationTemplateExemptions:getPodSecurityAdmissionConfigurationTemplateExemptions": { + "properties": { + "namespaces": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Pod Security Admission Configuration namespace exemptions\n" + }, + "runtimeClasses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Pod Security Admission Configuration runtime class exemptions\n" + }, + "usernames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Pod Security Admission Configuration username exemptions\n" + } + }, + "type": "object" + }, "rancher2:index/getPodSecurityPolicyTemplateAllowedCsiDriver:getPodSecurityPolicyTemplateAllowedCsiDriver": { "properties": { "name": { @@ -25630,7 +25740,7 @@ } }, "rancher2:index/cluster:Cluster": { - "description": "Provides a Rancher v2 Cluster resource. This can be used to create Clusters for Rancher v2 environments and retrieve their information.\n\n## Example Usage\n\n**Note optional/computed arguments** If any `optional/computed` argument of this resource is defined by the user, removing it from tf file will NOT reset its value. To reset it, let its definition at tf file as empty/false object. Ex: `enable_cluster_monitoring = false`, `cloud_provider {}`, `name = \"\"`\n\n### Creating Rancher v2 imported cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 imported Cluster\nconst foo_imported = new rancher2.Cluster(\"foo-imported\", {description: \"Foo rancher2 imported cluster\"});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 imported Cluster\nfoo_imported = rancher2.Cluster(\"foo-imported\", description=\"Foo rancher2 imported cluster\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 imported Cluster\n var foo_imported = new Rancher2.Cluster(\"foo-imported\", new()\n {\n Description = \"Foo rancher2 imported cluster\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 imported Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-imported\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Foo rancher2 imported cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_imported = new Cluster(\"foo-imported\", ClusterArgs.builder() \n .description(\"Foo rancher2 imported cluster\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 imported Cluster\n foo-imported:\n type: rancher2:Cluster\n properties:\n description: Foo rancher2 imported cluster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreating Rancher v2 RKE cluster\n\n### Creating Rancher v2 RKE cluster enabling and customizing monitoring\n\n**Note** Cluster monitoring version `0.2.0` and above, can't be enabled until cluster is fully deployed as [`kubeVersion`](https://github.com/rancher/system-charts/blob/52be656700468904b9bf15c3f39cd7112e1f8c9b/charts/rancher-monitoring/v0.2.0/Chart.yaml#L12) requirement has been introduced to helm chart\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 RKE Cluster\nconst foo_custom = new rancher2.Cluster(\"foo-custom\", {\n clusterMonitoringInput: {\n answers: {\n \"exporter-kubelets.https\": true,\n \"exporter-node.enabled\": true,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": false,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version: \"0.1.0\",\n },\n description: \"Foo rancher2 custom cluster\",\n enableClusterMonitoring: true,\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 RKE Cluster\nfoo_custom = rancher2.Cluster(\"foo-custom\",\n cluster_monitoring_input=rancher2.ClusterClusterMonitoringInputArgs(\n answers={\n \"exporter-kubelets.https\": True,\n \"exporter-node.enabled\": True,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": False,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version=\"0.1.0\",\n ),\n description=\"Foo rancher2 custom cluster\",\n enable_cluster_monitoring=True,\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 RKE Cluster\n var foo_custom = new Rancher2.Cluster(\"foo-custom\", new()\n {\n ClusterMonitoringInput = new Rancher2.Inputs.ClusterClusterMonitoringInputArgs\n {\n Answers = \n {\n { \"exporter-kubelets.https\", true },\n { \"exporter-node.enabled\", true },\n { \"exporter-node.ports.metrics.port\", 9796 },\n { \"exporter-node.resources.limits.cpu\", \"200m\" },\n { \"exporter-node.resources.limits.memory\", \"200Mi\" },\n { \"grafana.persistence.enabled\", false },\n { \"grafana.persistence.size\", \"10Gi\" },\n { \"grafana.persistence.storageClass\", \"default\" },\n { \"operator.resources.limits.memory\", \"500Mi\" },\n { \"prometheus.persistence.enabled\", \"false\" },\n { \"prometheus.persistence.size\", \"50Gi\" },\n { \"prometheus.persistence.storageClass\", \"default\" },\n { \"prometheus.persistent.useReleaseName\", \"true\" },\n { \"prometheus.resources.core.limits.cpu\", \"1000m\" },\n { \"prometheus.resources.core.limits.memory\", \"1500Mi\" },\n { \"prometheus.resources.core.requests.cpu\", \"750m\" },\n { \"prometheus.resources.core.requests.memory\", \"750Mi\" },\n { \"prometheus.retention\", \"12h\" },\n },\n Version = \"0.1.0\",\n },\n Description = \"Foo rancher2 custom cluster\",\n EnableClusterMonitoring = true,\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 RKE Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-custom\", \u0026rancher2.ClusterArgs{\n\t\t\tClusterMonitoringInput: \u0026rancher2.ClusterClusterMonitoringInputArgs{\n\t\t\t\tAnswers: pulumi.Map{\n\t\t\t\t\t\"exporter-kubelets.https\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.enabled\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.ports.metrics.port\": pulumi.Any(9796),\n\t\t\t\t\t\"exporter-node.resources.limits.cpu\": pulumi.Any(\"200m\"),\n\t\t\t\t\t\"exporter-node.resources.limits.memory\": pulumi.Any(\"200Mi\"),\n\t\t\t\t\t\"grafana.persistence.enabled\": pulumi.Any(false),\n\t\t\t\t\t\"grafana.persistence.size\": pulumi.Any(\"10Gi\"),\n\t\t\t\t\t\"grafana.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"operator.resources.limits.memory\": pulumi.Any(\"500Mi\"),\n\t\t\t\t\t\"prometheus.persistence.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\t\"prometheus.persistence.size\": pulumi.Any(\"50Gi\"),\n\t\t\t\t\t\"prometheus.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"prometheus.persistent.useReleaseName\": pulumi.Any(\"true\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.memory\": pulumi.Any(\"1500Mi\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.cpu\": pulumi.Any(\"750m\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.memory\": pulumi.Any(\"750Mi\"),\n\t\t\t\t\t\"prometheus.retention\": pulumi.Any(\"12h\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(\"0.1.0\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Foo rancher2 custom cluster\"),\n\t\t\tEnableClusterMonitoring: pulumi.Bool(true),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterClusterMonitoringInputArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_custom = new Cluster(\"foo-custom\", ClusterArgs.builder() \n .clusterMonitoringInput(ClusterClusterMonitoringInputArgs.builder()\n .answers(Map.ofEntries(\n Map.entry(\"exporter-kubelets.https\", true),\n Map.entry(\"exporter-node.enabled\", true),\n Map.entry(\"exporter-node.ports.metrics.port\", 9796),\n Map.entry(\"exporter-node.resources.limits.cpu\", \"200m\"),\n Map.entry(\"exporter-node.resources.limits.memory\", \"200Mi\"),\n Map.entry(\"grafana.persistence.enabled\", false),\n Map.entry(\"grafana.persistence.size\", \"10Gi\"),\n Map.entry(\"grafana.persistence.storageClass\", \"default\"),\n Map.entry(\"operator.resources.limits.memory\", \"500Mi\"),\n Map.entry(\"prometheus.persistence.enabled\", \"false\"),\n Map.entry(\"prometheus.persistence.size\", \"50Gi\"),\n Map.entry(\"prometheus.persistence.storageClass\", \"default\"),\n Map.entry(\"prometheus.persistent.useReleaseName\", \"true\"),\n Map.entry(\"prometheus.resources.core.limits.cpu\", \"1000m\"),\n Map.entry(\"prometheus.resources.core.limits.memory\", \"1500Mi\"),\n Map.entry(\"prometheus.resources.core.requests.cpu\", \"750m\"),\n Map.entry(\"prometheus.resources.core.requests.memory\", \"750Mi\"),\n Map.entry(\"prometheus.retention\", \"12h\")\n ))\n .version(\"0.1.0\")\n .build())\n .description(\"Foo rancher2 custom cluster\")\n .enableClusterMonitoring(true)\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 RKE Cluster\n foo-custom:\n type: rancher2:Cluster\n properties:\n clusterMonitoringInput:\n answers:\n exporter-kubelets.https: true\n exporter-node.enabled: true\n exporter-node.ports.metrics.port: 9796\n exporter-node.resources.limits.cpu: 200m\n exporter-node.resources.limits.memory: 200Mi\n grafana.persistence.enabled: false\n grafana.persistence.size: 10Gi\n grafana.persistence.storageClass: default\n operator.resources.limits.memory: 500Mi\n prometheus.persistence.enabled: 'false'\n prometheus.persistence.size: 50Gi\n prometheus.persistence.storageClass: default\n prometheus.persistent.useReleaseName: 'true'\n prometheus.resources.core.limits.cpu: 1000m\n prometheus.resources.core.limits.memory: 1500Mi\n prometheus.resources.core.requests.cpu: 750m\n prometheus.resources.core.requests.memory: 750Mi\n prometheus.retention: 12h\n version: 0.1.0\n description: Foo rancher2 custom cluster\n enableClusterMonitoring: true\n rkeConfig:\n network:\n plugin: canal\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster enabling/customizing monitoring and istio\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 RKE Cluster\nconst foo_customCluster = new rancher2.Cluster(\"foo-customCluster\", {\n description: \"Foo rancher2 custom cluster\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n enableClusterMonitoring: true,\n clusterMonitoringInput: {\n answers: {\n \"exporter-kubelets.https\": true,\n \"exporter-node.enabled\": true,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": false,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version: \"0.1.0\",\n },\n});\n// Create a new rancher2 Cluster Sync for foo-custom cluster\nconst foo_customClusterSync = new rancher2.ClusterSync(\"foo-customClusterSync\", {\n clusterId: foo_customCluster.id,\n waitMonitoring: foo_customCluster.enableClusterMonitoring,\n});\n// Create a new rancher2 Namespace\nconst foo_istio = new rancher2.Namespace(\"foo-istio\", {\n projectId: foo_customClusterSync.systemProjectId,\n description: \"istio namespace\",\n});\n// Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\nconst istio = new rancher2.App(\"istio\", {\n catalogName: \"system-library\",\n description: \"Terraform app acceptance test\",\n projectId: foo_istio.projectId,\n templateName: \"rancher-istio\",\n templateVersion: \"0.1.1\",\n targetNamespace: foo_istio.id,\n answers: {\n \"certmanager.enabled\": false,\n enableCRDs: true,\n \"galley.enabled\": true,\n \"gateways.enabled\": false,\n \"gateways.istio-ingressgateway.resources.limits.cpu\": \"2000m\",\n \"gateways.istio-ingressgateway.resources.limits.memory\": \"1024Mi\",\n \"gateways.istio-ingressgateway.resources.requests.cpu\": \"100m\",\n \"gateways.istio-ingressgateway.resources.requests.memory\": \"128Mi\",\n \"gateways.istio-ingressgateway.type\": \"NodePort\",\n \"global.monitoring.type\": \"cluster-monitoring\",\n \"global.rancher.clusterId\": foo_customClusterSync.clusterId,\n \"istio_cni.enabled\": \"false\",\n \"istiocoredns.enabled\": \"false\",\n \"kiali.enabled\": \"true\",\n \"mixer.enabled\": \"true\",\n \"mixer.policy.enabled\": \"true\",\n \"mixer.policy.resources.limits.cpu\": \"4800m\",\n \"mixer.policy.resources.limits.memory\": \"4096Mi\",\n \"mixer.policy.resources.requests.cpu\": \"1000m\",\n \"mixer.policy.resources.requests.memory\": \"1024Mi\",\n \"mixer.telemetry.resources.limits.cpu\": \"4800m\",\n \"mixer.telemetry.resources.limits.memory\": \"4096Mi\",\n \"mixer.telemetry.resources.requests.cpu\": \"1000m\",\n \"mixer.telemetry.resources.requests.memory\": \"1024Mi\",\n \"mtls.enabled\": false,\n \"nodeagent.enabled\": false,\n \"pilot.enabled\": true,\n \"pilot.resources.limits.cpu\": \"1000m\",\n \"pilot.resources.limits.memory\": \"4096Mi\",\n \"pilot.resources.requests.cpu\": \"500m\",\n \"pilot.resources.requests.memory\": \"2048Mi\",\n \"pilot.traceSampling\": \"1\",\n \"security.enabled\": true,\n \"sidecarInjectorWebhook.enabled\": true,\n \"tracing.enabled\": true,\n \"tracing.jaeger.resources.limits.cpu\": \"500m\",\n \"tracing.jaeger.resources.limits.memory\": \"1024Mi\",\n \"tracing.jaeger.resources.requests.cpu\": \"100m\",\n \"tracing.jaeger.resources.requests.memory\": \"100Mi\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 RKE Cluster\nfoo_custom_cluster = rancher2.Cluster(\"foo-customCluster\",\n description=\"Foo rancher2 custom cluster\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ),\n enable_cluster_monitoring=True,\n cluster_monitoring_input=rancher2.ClusterClusterMonitoringInputArgs(\n answers={\n \"exporter-kubelets.https\": True,\n \"exporter-node.enabled\": True,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": False,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version=\"0.1.0\",\n ))\n# Create a new rancher2 Cluster Sync for foo-custom cluster\nfoo_custom_cluster_sync = rancher2.ClusterSync(\"foo-customClusterSync\",\n cluster_id=foo_custom_cluster.id,\n wait_monitoring=foo_custom_cluster.enable_cluster_monitoring)\n# Create a new rancher2 Namespace\nfoo_istio = rancher2.Namespace(\"foo-istio\",\n project_id=foo_custom_cluster_sync.system_project_id,\n description=\"istio namespace\")\n# Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\nistio = rancher2.App(\"istio\",\n catalog_name=\"system-library\",\n description=\"Terraform app acceptance test\",\n project_id=foo_istio.project_id,\n template_name=\"rancher-istio\",\n template_version=\"0.1.1\",\n target_namespace=foo_istio.id,\n answers={\n \"certmanager.enabled\": False,\n \"enableCRDs\": True,\n \"galley.enabled\": True,\n \"gateways.enabled\": False,\n \"gateways.istio-ingressgateway.resources.limits.cpu\": \"2000m\",\n \"gateways.istio-ingressgateway.resources.limits.memory\": \"1024Mi\",\n \"gateways.istio-ingressgateway.resources.requests.cpu\": \"100m\",\n \"gateways.istio-ingressgateway.resources.requests.memory\": \"128Mi\",\n \"gateways.istio-ingressgateway.type\": \"NodePort\",\n \"global.monitoring.type\": \"cluster-monitoring\",\n \"global.rancher.clusterId\": foo_custom_cluster_sync.cluster_id,\n \"istio_cni.enabled\": \"false\",\n \"istiocoredns.enabled\": \"false\",\n \"kiali.enabled\": \"true\",\n \"mixer.enabled\": \"true\",\n \"mixer.policy.enabled\": \"true\",\n \"mixer.policy.resources.limits.cpu\": \"4800m\",\n \"mixer.policy.resources.limits.memory\": \"4096Mi\",\n \"mixer.policy.resources.requests.cpu\": \"1000m\",\n \"mixer.policy.resources.requests.memory\": \"1024Mi\",\n \"mixer.telemetry.resources.limits.cpu\": \"4800m\",\n \"mixer.telemetry.resources.limits.memory\": \"4096Mi\",\n \"mixer.telemetry.resources.requests.cpu\": \"1000m\",\n \"mixer.telemetry.resources.requests.memory\": \"1024Mi\",\n \"mtls.enabled\": False,\n \"nodeagent.enabled\": False,\n \"pilot.enabled\": True,\n \"pilot.resources.limits.cpu\": \"1000m\",\n \"pilot.resources.limits.memory\": \"4096Mi\",\n \"pilot.resources.requests.cpu\": \"500m\",\n \"pilot.resources.requests.memory\": \"2048Mi\",\n \"pilot.traceSampling\": \"1\",\n \"security.enabled\": True,\n \"sidecarInjectorWebhook.enabled\": True,\n \"tracing.enabled\": True,\n \"tracing.jaeger.resources.limits.cpu\": \"500m\",\n \"tracing.jaeger.resources.limits.memory\": \"1024Mi\",\n \"tracing.jaeger.resources.requests.cpu\": \"100m\",\n \"tracing.jaeger.resources.requests.memory\": \"100Mi\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 RKE Cluster\n var foo_customCluster = new Rancher2.Cluster(\"foo-customCluster\", new()\n {\n Description = \"Foo rancher2 custom cluster\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n EnableClusterMonitoring = true,\n ClusterMonitoringInput = new Rancher2.Inputs.ClusterClusterMonitoringInputArgs\n {\n Answers = \n {\n { \"exporter-kubelets.https\", true },\n { \"exporter-node.enabled\", true },\n { \"exporter-node.ports.metrics.port\", 9796 },\n { \"exporter-node.resources.limits.cpu\", \"200m\" },\n { \"exporter-node.resources.limits.memory\", \"200Mi\" },\n { \"grafana.persistence.enabled\", false },\n { \"grafana.persistence.size\", \"10Gi\" },\n { \"grafana.persistence.storageClass\", \"default\" },\n { \"operator.resources.limits.memory\", \"500Mi\" },\n { \"prometheus.persistence.enabled\", \"false\" },\n { \"prometheus.persistence.size\", \"50Gi\" },\n { \"prometheus.persistence.storageClass\", \"default\" },\n { \"prometheus.persistent.useReleaseName\", \"true\" },\n { \"prometheus.resources.core.limits.cpu\", \"1000m\" },\n { \"prometheus.resources.core.limits.memory\", \"1500Mi\" },\n { \"prometheus.resources.core.requests.cpu\", \"750m\" },\n { \"prometheus.resources.core.requests.memory\", \"750Mi\" },\n { \"prometheus.retention\", \"12h\" },\n },\n Version = \"0.1.0\",\n },\n });\n\n // Create a new rancher2 Cluster Sync for foo-custom cluster\n var foo_customClusterSync = new Rancher2.ClusterSync(\"foo-customClusterSync\", new()\n {\n ClusterId = foo_customCluster.Id,\n WaitMonitoring = foo_customCluster.EnableClusterMonitoring,\n });\n\n // Create a new rancher2 Namespace\n var foo_istio = new Rancher2.Namespace(\"foo-istio\", new()\n {\n ProjectId = foo_customClusterSync.SystemProjectId,\n Description = \"istio namespace\",\n });\n\n // Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\n var istio = new Rancher2.App(\"istio\", new()\n {\n CatalogName = \"system-library\",\n Description = \"Terraform app acceptance test\",\n ProjectId = foo_istio.ProjectId,\n TemplateName = \"rancher-istio\",\n TemplateVersion = \"0.1.1\",\n TargetNamespace = foo_istio.Id,\n Answers = \n {\n { \"certmanager.enabled\", false },\n { \"enableCRDs\", true },\n { \"galley.enabled\", true },\n { \"gateways.enabled\", false },\n { \"gateways.istio-ingressgateway.resources.limits.cpu\", \"2000m\" },\n { \"gateways.istio-ingressgateway.resources.limits.memory\", \"1024Mi\" },\n { \"gateways.istio-ingressgateway.resources.requests.cpu\", \"100m\" },\n { \"gateways.istio-ingressgateway.resources.requests.memory\", \"128Mi\" },\n { \"gateways.istio-ingressgateway.type\", \"NodePort\" },\n { \"global.monitoring.type\", \"cluster-monitoring\" },\n { \"global.rancher.clusterId\", foo_customClusterSync.ClusterId },\n { \"istio_cni.enabled\", \"false\" },\n { \"istiocoredns.enabled\", \"false\" },\n { \"kiali.enabled\", \"true\" },\n { \"mixer.enabled\", \"true\" },\n { \"mixer.policy.enabled\", \"true\" },\n { \"mixer.policy.resources.limits.cpu\", \"4800m\" },\n { \"mixer.policy.resources.limits.memory\", \"4096Mi\" },\n { \"mixer.policy.resources.requests.cpu\", \"1000m\" },\n { \"mixer.policy.resources.requests.memory\", \"1024Mi\" },\n { \"mixer.telemetry.resources.limits.cpu\", \"4800m\" },\n { \"mixer.telemetry.resources.limits.memory\", \"4096Mi\" },\n { \"mixer.telemetry.resources.requests.cpu\", \"1000m\" },\n { \"mixer.telemetry.resources.requests.memory\", \"1024Mi\" },\n { \"mtls.enabled\", false },\n { \"nodeagent.enabled\", false },\n { \"pilot.enabled\", true },\n { \"pilot.resources.limits.cpu\", \"1000m\" },\n { \"pilot.resources.limits.memory\", \"4096Mi\" },\n { \"pilot.resources.requests.cpu\", \"500m\" },\n { \"pilot.resources.requests.memory\", \"2048Mi\" },\n { \"pilot.traceSampling\", \"1\" },\n { \"security.enabled\", true },\n { \"sidecarInjectorWebhook.enabled\", true },\n { \"tracing.enabled\", true },\n { \"tracing.jaeger.resources.limits.cpu\", \"500m\" },\n { \"tracing.jaeger.resources.limits.memory\", \"1024Mi\" },\n { \"tracing.jaeger.resources.requests.cpu\", \"100m\" },\n { \"tracing.jaeger.resources.requests.memory\", \"100Mi\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 RKE Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-customCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Foo rancher2 custom cluster\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnableClusterMonitoring: pulumi.Bool(true),\n\t\t\tClusterMonitoringInput: \u0026rancher2.ClusterClusterMonitoringInputArgs{\n\t\t\t\tAnswers: pulumi.Map{\n\t\t\t\t\t\"exporter-kubelets.https\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.enabled\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.ports.metrics.port\": pulumi.Any(9796),\n\t\t\t\t\t\"exporter-node.resources.limits.cpu\": pulumi.Any(\"200m\"),\n\t\t\t\t\t\"exporter-node.resources.limits.memory\": pulumi.Any(\"200Mi\"),\n\t\t\t\t\t\"grafana.persistence.enabled\": pulumi.Any(false),\n\t\t\t\t\t\"grafana.persistence.size\": pulumi.Any(\"10Gi\"),\n\t\t\t\t\t\"grafana.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"operator.resources.limits.memory\": pulumi.Any(\"500Mi\"),\n\t\t\t\t\t\"prometheus.persistence.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\t\"prometheus.persistence.size\": pulumi.Any(\"50Gi\"),\n\t\t\t\t\t\"prometheus.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"prometheus.persistent.useReleaseName\": pulumi.Any(\"true\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.memory\": pulumi.Any(\"1500Mi\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.cpu\": pulumi.Any(\"750m\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.memory\": pulumi.Any(\"750Mi\"),\n\t\t\t\t\t\"prometheus.retention\": pulumi.Any(\"12h\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(\"0.1.0\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Cluster Sync for foo-custom cluster\n\t\t_, err = rancher2.NewClusterSync(ctx, \"foo-customClusterSync\", \u0026rancher2.ClusterSyncArgs{\n\t\t\tClusterId: foo_customCluster.ID(),\n\t\t\tWaitMonitoring: foo_customCluster.EnableClusterMonitoring,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Namespace\n\t\t_, err = rancher2.NewNamespace(ctx, \"foo-istio\", \u0026rancher2.NamespaceArgs{\n\t\t\tProjectId: foo_customClusterSync.SystemProjectId,\n\t\t\tDescription: pulumi.String(\"istio namespace\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\n\t\t_, err = rancher2.NewApp(ctx, \"istio\", \u0026rancher2.AppArgs{\n\t\t\tCatalogName: pulumi.String(\"system-library\"),\n\t\t\tDescription: pulumi.String(\"Terraform app acceptance test\"),\n\t\t\tProjectId: foo_istio.ProjectId,\n\t\t\tTemplateName: pulumi.String(\"rancher-istio\"),\n\t\t\tTemplateVersion: pulumi.String(\"0.1.1\"),\n\t\t\tTargetNamespace: foo_istio.ID(),\n\t\t\tAnswers: pulumi.Map{\n\t\t\t\t\"certmanager.enabled\": pulumi.Any(false),\n\t\t\t\t\"enableCRDs\": pulumi.Any(true),\n\t\t\t\t\"galley.enabled\": pulumi.Any(true),\n\t\t\t\t\"gateways.enabled\": pulumi.Any(false),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.limits.cpu\": pulumi.Any(\"2000m\"),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.limits.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.requests.cpu\": pulumi.Any(\"100m\"),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.requests.memory\": pulumi.Any(\"128Mi\"),\n\t\t\t\t\"gateways.istio-ingressgateway.type\": pulumi.Any(\"NodePort\"),\n\t\t\t\t\"global.monitoring.type\": pulumi.Any(\"cluster-monitoring\"),\n\t\t\t\t\"global.rancher.clusterId\": foo_customClusterSync.ClusterId,\n\t\t\t\t\"istio_cni.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\"istiocoredns.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\"kiali.enabled\": pulumi.Any(\"true\"),\n\t\t\t\t\"mixer.enabled\": pulumi.Any(\"true\"),\n\t\t\t\t\"mixer.policy.enabled\": pulumi.Any(\"true\"),\n\t\t\t\t\"mixer.policy.resources.limits.cpu\": pulumi.Any(\"4800m\"),\n\t\t\t\t\"mixer.policy.resources.limits.memory\": pulumi.Any(\"4096Mi\"),\n\t\t\t\t\"mixer.policy.resources.requests.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\"mixer.policy.resources.requests.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"mixer.telemetry.resources.limits.cpu\": pulumi.Any(\"4800m\"),\n\t\t\t\t\"mixer.telemetry.resources.limits.memory\": pulumi.Any(\"4096Mi\"),\n\t\t\t\t\"mixer.telemetry.resources.requests.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\"mixer.telemetry.resources.requests.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"mtls.enabled\": pulumi.Any(false),\n\t\t\t\t\"nodeagent.enabled\": pulumi.Any(false),\n\t\t\t\t\"pilot.enabled\": pulumi.Any(true),\n\t\t\t\t\"pilot.resources.limits.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\"pilot.resources.limits.memory\": pulumi.Any(\"4096Mi\"),\n\t\t\t\t\"pilot.resources.requests.cpu\": pulumi.Any(\"500m\"),\n\t\t\t\t\"pilot.resources.requests.memory\": pulumi.Any(\"2048Mi\"),\n\t\t\t\t\"pilot.traceSampling\": pulumi.Any(\"1\"),\n\t\t\t\t\"security.enabled\": pulumi.Any(true),\n\t\t\t\t\"sidecarInjectorWebhook.enabled\": pulumi.Any(true),\n\t\t\t\t\"tracing.enabled\": pulumi.Any(true),\n\t\t\t\t\"tracing.jaeger.resources.limits.cpu\": pulumi.Any(\"500m\"),\n\t\t\t\t\"tracing.jaeger.resources.limits.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"tracing.jaeger.resources.requests.cpu\": pulumi.Any(\"100m\"),\n\t\t\t\t\"tracing.jaeger.resources.requests.memory\": pulumi.Any(\"100Mi\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.inputs.ClusterClusterMonitoringInputArgs;\nimport com.pulumi.rancher2.ClusterSync;\nimport com.pulumi.rancher2.ClusterSyncArgs;\nimport com.pulumi.rancher2.Namespace;\nimport com.pulumi.rancher2.NamespaceArgs;\nimport com.pulumi.rancher2.App;\nimport com.pulumi.rancher2.AppArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_customCluster = new Cluster(\"foo-customCluster\", ClusterArgs.builder() \n .description(\"Foo rancher2 custom cluster\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .enableClusterMonitoring(true)\n .clusterMonitoringInput(ClusterClusterMonitoringInputArgs.builder()\n .answers(Map.ofEntries(\n Map.entry(\"exporter-kubelets.https\", true),\n Map.entry(\"exporter-node.enabled\", true),\n Map.entry(\"exporter-node.ports.metrics.port\", 9796),\n Map.entry(\"exporter-node.resources.limits.cpu\", \"200m\"),\n Map.entry(\"exporter-node.resources.limits.memory\", \"200Mi\"),\n Map.entry(\"grafana.persistence.enabled\", false),\n Map.entry(\"grafana.persistence.size\", \"10Gi\"),\n Map.entry(\"grafana.persistence.storageClass\", \"default\"),\n Map.entry(\"operator.resources.limits.memory\", \"500Mi\"),\n Map.entry(\"prometheus.persistence.enabled\", \"false\"),\n Map.entry(\"prometheus.persistence.size\", \"50Gi\"),\n Map.entry(\"prometheus.persistence.storageClass\", \"default\"),\n Map.entry(\"prometheus.persistent.useReleaseName\", \"true\"),\n Map.entry(\"prometheus.resources.core.limits.cpu\", \"1000m\"),\n Map.entry(\"prometheus.resources.core.limits.memory\", \"1500Mi\"),\n Map.entry(\"prometheus.resources.core.requests.cpu\", \"750m\"),\n Map.entry(\"prometheus.resources.core.requests.memory\", \"750Mi\"),\n Map.entry(\"prometheus.retention\", \"12h\")\n ))\n .version(\"0.1.0\")\n .build())\n .build());\n\n var foo_customClusterSync = new ClusterSync(\"foo-customClusterSync\", ClusterSyncArgs.builder() \n .clusterId(foo_customCluster.id())\n .waitMonitoring(foo_customCluster.enableClusterMonitoring())\n .build());\n\n var foo_istio = new Namespace(\"foo-istio\", NamespaceArgs.builder() \n .projectId(foo_customClusterSync.systemProjectId())\n .description(\"istio namespace\")\n .build());\n\n var istio = new App(\"istio\", AppArgs.builder() \n .catalogName(\"system-library\")\n .description(\"Terraform app acceptance test\")\n .projectId(foo_istio.projectId())\n .templateName(\"rancher-istio\")\n .templateVersion(\"0.1.1\")\n .targetNamespace(foo_istio.id())\n .answers(Map.ofEntries(\n Map.entry(\"certmanager.enabled\", false),\n Map.entry(\"enableCRDs\", true),\n Map.entry(\"galley.enabled\", true),\n Map.entry(\"gateways.enabled\", false),\n Map.entry(\"gateways.istio-ingressgateway.resources.limits.cpu\", \"2000m\"),\n Map.entry(\"gateways.istio-ingressgateway.resources.limits.memory\", \"1024Mi\"),\n Map.entry(\"gateways.istio-ingressgateway.resources.requests.cpu\", \"100m\"),\n Map.entry(\"gateways.istio-ingressgateway.resources.requests.memory\", \"128Mi\"),\n Map.entry(\"gateways.istio-ingressgateway.type\", \"NodePort\"),\n Map.entry(\"global.monitoring.type\", \"cluster-monitoring\"),\n Map.entry(\"global.rancher.clusterId\", foo_customClusterSync.clusterId()),\n Map.entry(\"istio_cni.enabled\", \"false\"),\n Map.entry(\"istiocoredns.enabled\", \"false\"),\n Map.entry(\"kiali.enabled\", \"true\"),\n Map.entry(\"mixer.enabled\", \"true\"),\n Map.entry(\"mixer.policy.enabled\", \"true\"),\n Map.entry(\"mixer.policy.resources.limits.cpu\", \"4800m\"),\n Map.entry(\"mixer.policy.resources.limits.memory\", \"4096Mi\"),\n Map.entry(\"mixer.policy.resources.requests.cpu\", \"1000m\"),\n Map.entry(\"mixer.policy.resources.requests.memory\", \"1024Mi\"),\n Map.entry(\"mixer.telemetry.resources.limits.cpu\", \"4800m\"),\n Map.entry(\"mixer.telemetry.resources.limits.memory\", \"4096Mi\"),\n Map.entry(\"mixer.telemetry.resources.requests.cpu\", \"1000m\"),\n Map.entry(\"mixer.telemetry.resources.requests.memory\", \"1024Mi\"),\n Map.entry(\"mtls.enabled\", false),\n Map.entry(\"nodeagent.enabled\", false),\n Map.entry(\"pilot.enabled\", true),\n Map.entry(\"pilot.resources.limits.cpu\", \"1000m\"),\n Map.entry(\"pilot.resources.limits.memory\", \"4096Mi\"),\n Map.entry(\"pilot.resources.requests.cpu\", \"500m\"),\n Map.entry(\"pilot.resources.requests.memory\", \"2048Mi\"),\n Map.entry(\"pilot.traceSampling\", \"1\"),\n Map.entry(\"security.enabled\", true),\n Map.entry(\"sidecarInjectorWebhook.enabled\", true),\n Map.entry(\"tracing.enabled\", true),\n Map.entry(\"tracing.jaeger.resources.limits.cpu\", \"500m\"),\n Map.entry(\"tracing.jaeger.resources.limits.memory\", \"1024Mi\"),\n Map.entry(\"tracing.jaeger.resources.requests.cpu\", \"100m\"),\n Map.entry(\"tracing.jaeger.resources.requests.memory\", \"100Mi\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 RKE Cluster\n foo-customCluster:\n type: rancher2:Cluster\n properties:\n description: Foo rancher2 custom cluster\n rkeConfig:\n network:\n plugin: canal\n enableClusterMonitoring: true\n clusterMonitoringInput:\n answers:\n exporter-kubelets.https: true\n exporter-node.enabled: true\n exporter-node.ports.metrics.port: 9796\n exporter-node.resources.limits.cpu: 200m\n exporter-node.resources.limits.memory: 200Mi\n grafana.persistence.enabled: false\n grafana.persistence.size: 10Gi\n grafana.persistence.storageClass: default\n operator.resources.limits.memory: 500Mi\n prometheus.persistence.enabled: 'false'\n prometheus.persistence.size: 50Gi\n prometheus.persistence.storageClass: default\n prometheus.persistent.useReleaseName: 'true'\n prometheus.resources.core.limits.cpu: 1000m\n prometheus.resources.core.limits.memory: 1500Mi\n prometheus.resources.core.requests.cpu: 750m\n prometheus.resources.core.requests.memory: 750Mi\n prometheus.retention: 12h\n version: 0.1.0\n # Create a new rancher2 Cluster Sync for foo-custom cluster\n foo-customClusterSync:\n type: rancher2:ClusterSync\n properties:\n clusterId: ${[\"foo-customCluster\"].id}\n waitMonitoring: ${[\"foo-customCluster\"].enableClusterMonitoring}\n # Create a new rancher2 Namespace\n foo-istio:\n type: rancher2:Namespace\n properties:\n projectId: ${[\"foo-customClusterSync\"].systemProjectId}\n description: istio namespace\n # Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\n istio:\n type: rancher2:App\n properties:\n catalogName: system-library\n description: Terraform app acceptance test\n projectId: ${[\"foo-istio\"].projectId}\n templateName: rancher-istio\n templateVersion: 0.1.1\n targetNamespace: ${[\"foo-istio\"].id}\n answers:\n certmanager.enabled: false\n enableCRDs: true\n galley.enabled: true\n gateways.enabled: false\n gateways.istio-ingressgateway.resources.limits.cpu: 2000m\n gateways.istio-ingressgateway.resources.limits.memory: 1024Mi\n gateways.istio-ingressgateway.resources.requests.cpu: 100m\n gateways.istio-ingressgateway.resources.requests.memory: 128Mi\n gateways.istio-ingressgateway.type: NodePort\n global.monitoring.type: cluster-monitoring\n global.rancher.clusterId: ${[\"foo-customClusterSync\"].clusterId}\n istio_cni.enabled: 'false'\n istiocoredns.enabled: 'false'\n kiali.enabled: 'true'\n mixer.enabled: 'true'\n mixer.policy.enabled: 'true'\n mixer.policy.resources.limits.cpu: 4800m\n mixer.policy.resources.limits.memory: 4096Mi\n mixer.policy.resources.requests.cpu: 1000m\n mixer.policy.resources.requests.memory: 1024Mi\n mixer.telemetry.resources.limits.cpu: 4800m\n mixer.telemetry.resources.limits.memory: 4096Mi\n mixer.telemetry.resources.requests.cpu: 1000m\n mixer.telemetry.resources.requests.memory: 1024Mi\n mtls.enabled: false\n nodeagent.enabled: false\n pilot.enabled: true\n pilot.resources.limits.cpu: 1000m\n pilot.resources.limits.memory: 4096Mi\n pilot.resources.requests.cpu: 500m\n pilot.resources.requests.memory: 2048Mi\n pilot.traceSampling: '1'\n security.enabled: true\n sidecarInjectorWebhook.enabled: true\n tracing.enabled: true\n tracing.jaeger.resources.limits.cpu: 500m\n tracing.jaeger.resources.limits.memory: 1024Mi\n tracing.jaeger.resources.requests.cpu: 100m\n tracing.jaeger.resources.requests.memory: 100Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster assigning a node pool (overlapped planes)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 RKE Cluster\nconst foo_custom = new rancher2.Cluster(\"foo-custom\", {\n description: \"Foo rancher2 custom cluster\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n});\n// Create a new rancher2 Node Template\nconst fooNodeTemplate = new rancher2.NodeTemplate(\"fooNodeTemplate\", {\n description: \"foo test\",\n amazonec2Config: {\n accessKey: \"\u003cAWS_ACCESS_KEY\u003e\",\n secretKey: \"\u003cAWS_SECRET_KEY\u003e\",\n ami: \"\u003cAMI_ID\u003e\",\n region: \"\u003cREGION\u003e\",\n securityGroups: [\"\u003cAWS_SECURITY_GROUP\u003e\"],\n subnetId: \"\u003cSUBNET_ID\u003e\",\n vpcId: \"\u003cVPC_ID\u003e\",\n zone: \"\u003cZONE\u003e\",\n },\n});\n// Create a new rancher2 Node Pool\nconst fooNodePool = new rancher2.NodePool(\"fooNodePool\", {\n clusterId: foo_custom.id,\n hostnamePrefix: \"foo-cluster-0\",\n nodeTemplateId: fooNodeTemplate.id,\n quantity: 3,\n controlPlane: true,\n etcd: true,\n worker: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 RKE Cluster\nfoo_custom = rancher2.Cluster(\"foo-custom\",\n description=\"Foo rancher2 custom cluster\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ))\n# Create a new rancher2 Node Template\nfoo_node_template = rancher2.NodeTemplate(\"fooNodeTemplate\",\n description=\"foo test\",\n amazonec2_config=rancher2.NodeTemplateAmazonec2ConfigArgs(\n access_key=\"\u003cAWS_ACCESS_KEY\u003e\",\n secret_key=\"\u003cAWS_SECRET_KEY\u003e\",\n ami=\"\u003cAMI_ID\u003e\",\n region=\"\u003cREGION\u003e\",\n security_groups=[\"\u003cAWS_SECURITY_GROUP\u003e\"],\n subnet_id=\"\u003cSUBNET_ID\u003e\",\n vpc_id=\"\u003cVPC_ID\u003e\",\n zone=\"\u003cZONE\u003e\",\n ))\n# Create a new rancher2 Node Pool\nfoo_node_pool = rancher2.NodePool(\"fooNodePool\",\n cluster_id=foo_custom.id,\n hostname_prefix=\"foo-cluster-0\",\n node_template_id=foo_node_template.id,\n quantity=3,\n control_plane=True,\n etcd=True,\n worker=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 RKE Cluster\n var foo_custom = new Rancher2.Cluster(\"foo-custom\", new()\n {\n Description = \"Foo rancher2 custom cluster\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n });\n\n // Create a new rancher2 Node Template\n var fooNodeTemplate = new Rancher2.NodeTemplate(\"fooNodeTemplate\", new()\n {\n Description = \"foo test\",\n Amazonec2Config = new Rancher2.Inputs.NodeTemplateAmazonec2ConfigArgs\n {\n AccessKey = \"\u003cAWS_ACCESS_KEY\u003e\",\n SecretKey = \"\u003cAWS_SECRET_KEY\u003e\",\n Ami = \"\u003cAMI_ID\u003e\",\n Region = \"\u003cREGION\u003e\",\n SecurityGroups = new[]\n {\n \"\u003cAWS_SECURITY_GROUP\u003e\",\n },\n SubnetId = \"\u003cSUBNET_ID\u003e\",\n VpcId = \"\u003cVPC_ID\u003e\",\n Zone = \"\u003cZONE\u003e\",\n },\n });\n\n // Create a new rancher2 Node Pool\n var fooNodePool = new Rancher2.NodePool(\"fooNodePool\", new()\n {\n ClusterId = foo_custom.Id,\n HostnamePrefix = \"foo-cluster-0\",\n NodeTemplateId = fooNodeTemplate.Id,\n Quantity = 3,\n ControlPlane = true,\n Etcd = true,\n Worker = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 RKE Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-custom\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Foo rancher2 custom cluster\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Node Template\n\t\tfooNodeTemplate, err := rancher2.NewNodeTemplate(ctx, \"fooNodeTemplate\", \u0026rancher2.NodeTemplateArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2Config: \u0026rancher2.NodeTemplateAmazonec2ConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003cAWS_ACCESS_KEY\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003cAWS_SECRET_KEY\u003e\"),\n\t\t\t\tAmi: pulumi.String(\"\u003cAMI_ID\u003e\"),\n\t\t\t\tRegion: pulumi.String(\"\u003cREGION\u003e\"),\n\t\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"\u003cAWS_SECURITY_GROUP\u003e\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"\u003cSUBNET_ID\u003e\"),\n\t\t\t\tVpcId: pulumi.String(\"\u003cVPC_ID\u003e\"),\n\t\t\t\tZone: pulumi.String(\"\u003cZONE\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Node Pool\n\t\t_, err = rancher2.NewNodePool(ctx, \"fooNodePool\", \u0026rancher2.NodePoolArgs{\n\t\t\tClusterId: foo_custom.ID(),\n\t\t\tHostnamePrefix: pulumi.String(\"foo-cluster-0\"),\n\t\t\tNodeTemplateId: fooNodeTemplate.ID(),\n\t\t\tQuantity: pulumi.Int(3),\n\t\t\tControlPlane: pulumi.Bool(true),\n\t\t\tEtcd: pulumi.Bool(true),\n\t\t\tWorker: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.NodeTemplate;\nimport com.pulumi.rancher2.NodeTemplateArgs;\nimport com.pulumi.rancher2.inputs.NodeTemplateAmazonec2ConfigArgs;\nimport com.pulumi.rancher2.NodePool;\nimport com.pulumi.rancher2.NodePoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_custom = new Cluster(\"foo-custom\", ClusterArgs.builder() \n .description(\"Foo rancher2 custom cluster\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .build());\n\n var fooNodeTemplate = new NodeTemplate(\"fooNodeTemplate\", NodeTemplateArgs.builder() \n .description(\"foo test\")\n .amazonec2Config(NodeTemplateAmazonec2ConfigArgs.builder()\n .accessKey(\"\u003cAWS_ACCESS_KEY\u003e\")\n .secretKey(\"\u003cAWS_SECRET_KEY\u003e\")\n .ami(\"\u003cAMI_ID\u003e\")\n .region(\"\u003cREGION\u003e\")\n .securityGroups(\"\u003cAWS_SECURITY_GROUP\u003e\")\n .subnetId(\"\u003cSUBNET_ID\u003e\")\n .vpcId(\"\u003cVPC_ID\u003e\")\n .zone(\"\u003cZONE\u003e\")\n .build())\n .build());\n\n var fooNodePool = new NodePool(\"fooNodePool\", NodePoolArgs.builder() \n .clusterId(foo_custom.id())\n .hostnamePrefix(\"foo-cluster-0\")\n .nodeTemplateId(fooNodeTemplate.id())\n .quantity(3)\n .controlPlane(true)\n .etcd(true)\n .worker(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 RKE Cluster\n foo-custom:\n type: rancher2:Cluster\n properties:\n description: Foo rancher2 custom cluster\n rkeConfig:\n network:\n plugin: canal\n # Create a new rancher2 Node Template\n fooNodeTemplate:\n type: rancher2:NodeTemplate\n properties:\n description: foo test\n amazonec2Config:\n accessKey: \u003cAWS_ACCESS_KEY\u003e\n secretKey: \u003cAWS_SECRET_KEY\u003e\n ami: \u003cAMI_ID\u003e\n region: \u003cREGION\u003e\n securityGroups:\n - \u003cAWS_SECURITY_GROUP\u003e\n subnetId: \u003cSUBNET_ID\u003e\n vpcId: \u003cVPC_ID\u003e\n zone: \u003cZONE\u003e\n # Create a new rancher2 Node Pool\n fooNodePool:\n type: rancher2:NodePool\n properties:\n clusterId: ${[\"foo-custom\"].id}\n hostnamePrefix: foo-cluster-0\n nodeTemplateId: ${fooNodeTemplate.id}\n quantity: 3\n controlPlane: true\n etcd: true\n worker: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster from template. For Rancher v2.3.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 cluster template\nconst fooClusterTemplate = new rancher2.ClusterTemplate(\"fooClusterTemplate\", {\n members: [{\n accessType: \"owner\",\n userPrincipalId: \"local://user-XXXXX\",\n }],\n templateRevisions: [{\n name: \"V1\",\n clusterConfig: {\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n services: {\n etcd: {\n creation: \"6h\",\n retention: \"24h\",\n },\n },\n },\n },\n \"default\": true,\n }],\n description: \"Test cluster template v2\",\n});\n// Create a new rancher2 RKE Cluster from template\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n clusterTemplateId: fooClusterTemplate.id,\n clusterTemplateRevisionId: fooClusterTemplate.templateRevisions.apply(templateRevisions =\u003e templateRevisions[0].id),\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 cluster template\nfoo_cluster_template = rancher2.ClusterTemplate(\"fooClusterTemplate\",\n members=[rancher2.ClusterTemplateMemberArgs(\n access_type=\"owner\",\n user_principal_id=\"local://user-XXXXX\",\n )],\n template_revisions=[rancher2.ClusterTemplateTemplateRevisionArgs(\n name=\"V1\",\n cluster_config=rancher2.ClusterTemplateTemplateRevisionClusterConfigArgs(\n rke_config=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs(\n network=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n services=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs(\n etcd=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs(\n creation=\"6h\",\n retention=\"24h\",\n ),\n ),\n ),\n ),\n default=True,\n )],\n description=\"Test cluster template v2\")\n# Create a new rancher2 RKE Cluster from template\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n cluster_template_id=foo_cluster_template.id,\n cluster_template_revision_id=foo_cluster_template.template_revisions[0].id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 cluster template\n var fooClusterTemplate = new Rancher2.ClusterTemplate(\"fooClusterTemplate\", new()\n {\n Members = new[]\n {\n new Rancher2.Inputs.ClusterTemplateMemberArgs\n {\n AccessType = \"owner\",\n UserPrincipalId = \"local://user-XXXXX\",\n },\n },\n TemplateRevisions = new[]\n {\n new Rancher2.Inputs.ClusterTemplateTemplateRevisionArgs\n {\n Name = \"V1\",\n ClusterConfig = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigArgs\n {\n RkeConfig = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n Services = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs\n {\n Etcd = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs\n {\n Creation = \"6h\",\n Retention = \"24h\",\n },\n },\n },\n },\n Default = true,\n },\n },\n Description = \"Test cluster template v2\",\n });\n\n // Create a new rancher2 RKE Cluster from template\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n ClusterTemplateId = fooClusterTemplate.Id,\n ClusterTemplateRevisionId = fooClusterTemplate.TemplateRevisions.Apply(templateRevisions =\u003e templateRevisions[0].Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 cluster template\n\t\tfooClusterTemplate, err := rancher2.NewClusterTemplate(ctx, \"fooClusterTemplate\", \u0026rancher2.ClusterTemplateArgs{\n\t\t\tMembers: rancher2.ClusterTemplateMemberArray{\n\t\t\t\t\u0026rancher2.ClusterTemplateMemberArgs{\n\t\t\t\t\tAccessType: pulumi.String(\"owner\"),\n\t\t\t\t\tUserPrincipalId: pulumi.String(\"local://user-XXXXX\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTemplateRevisions: rancher2.ClusterTemplateTemplateRevisionArray{\n\t\t\t\t\u0026rancher2.ClusterTemplateTemplateRevisionArgs{\n\t\t\t\t\tName: pulumi.String(\"V1\"),\n\t\t\t\t\tClusterConfig: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigArgs{\n\t\t\t\t\t\tRkeConfig: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs{\n\t\t\t\t\t\t\tNetwork: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs{\n\t\t\t\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tServices: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs{\n\t\t\t\t\t\t\t\tEtcd: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs{\n\t\t\t\t\t\t\t\t\tCreation: pulumi.String(\"6h\"),\n\t\t\t\t\t\t\t\t\tRetention: pulumi.String(\"24h\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDefault: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Test cluster template v2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 RKE Cluster from template\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tClusterTemplateId: fooClusterTemplate.ID(),\n\t\t\tClusterTemplateRevisionId: fooClusterTemplate.TemplateRevisions.ApplyT(func(templateRevisions []rancher2.ClusterTemplateTemplateRevision) (*string, error) {\n\t\t\t\treturn \u0026templateRevisions[0].Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.ClusterTemplate;\nimport com.pulumi.rancher2.ClusterTemplateArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateMemberArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooClusterTemplate = new ClusterTemplate(\"fooClusterTemplate\", ClusterTemplateArgs.builder() \n .members(ClusterTemplateMemberArgs.builder()\n .accessType(\"owner\")\n .userPrincipalId(\"local://user-XXXXX\")\n .build())\n .templateRevisions(ClusterTemplateTemplateRevisionArgs.builder()\n .name(\"V1\")\n .clusterConfig(ClusterTemplateTemplateRevisionClusterConfigArgs.builder()\n .rkeConfig(ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs.builder()\n .network(ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .services(ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs.builder()\n .etcd(ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs.builder()\n .creation(\"6h\")\n .retention(\"24h\")\n .build())\n .build())\n .build())\n .build())\n .default_(true)\n .build())\n .description(\"Test cluster template v2\")\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .clusterTemplateId(fooClusterTemplate.id())\n .clusterTemplateRevisionId(fooClusterTemplate.templateRevisions().applyValue(templateRevisions -\u003e templateRevisions[0].id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 cluster template\n fooClusterTemplate:\n type: rancher2:ClusterTemplate\n properties:\n members:\n - accessType: owner\n userPrincipalId: local://user-XXXXX\n templateRevisions:\n - name: V1\n clusterConfig:\n rkeConfig:\n network:\n plugin: canal\n services:\n etcd:\n creation: 6h\n retention: 24h\n default: true\n description: Test cluster template v2\n # Create a new rancher2 RKE Cluster from template\n fooCluster:\n type: rancher2:Cluster\n properties:\n clusterTemplateId: ${fooClusterTemplate.id}\n clusterTemplateRevisionId: ${fooClusterTemplate.templateRevisions[0].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster with upgrade strategy. For Rancher v2.4.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst foo = new rancher2.Cluster(\"foo\", {\n description: \"Terraform custom cluster\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n services: {\n etcd: {\n creation: \"6h\",\n retention: \"24h\",\n },\n kubeApi: {\n auditLog: {\n configuration: {\n format: \"json\",\n maxAge: 5,\n maxBackup: 5,\n maxSize: 100,\n path: \"-\",\n policy: `apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n`,\n },\n enabled: true,\n },\n },\n },\n upgradeStrategy: {\n drain: true,\n maxUnavailableWorker: \"20%\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo = rancher2.Cluster(\"foo\",\n description=\"Terraform custom cluster\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n services=rancher2.ClusterRkeConfigServicesArgs(\n etcd=rancher2.ClusterRkeConfigServicesEtcdArgs(\n creation=\"6h\",\n retention=\"24h\",\n ),\n kube_api=rancher2.ClusterRkeConfigServicesKubeApiArgs(\n audit_log=rancher2.ClusterRkeConfigServicesKubeApiAuditLogArgs(\n configuration=rancher2.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs(\n format=\"json\",\n max_age=5,\n max_backup=5,\n max_size=100,\n path=\"-\",\n policy=\"\"\"apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n\"\"\",\n ),\n enabled=True,\n ),\n ),\n ),\n upgrade_strategy=rancher2.ClusterRkeConfigUpgradeStrategyArgs(\n drain=True,\n max_unavailable_worker=\"20%\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Rancher2.Cluster(\"foo\", new()\n {\n Description = \"Terraform custom cluster\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n Services = new Rancher2.Inputs.ClusterRkeConfigServicesArgs\n {\n Etcd = new Rancher2.Inputs.ClusterRkeConfigServicesEtcdArgs\n {\n Creation = \"6h\",\n Retention = \"24h\",\n },\n KubeApi = new Rancher2.Inputs.ClusterRkeConfigServicesKubeApiArgs\n {\n AuditLog = new Rancher2.Inputs.ClusterRkeConfigServicesKubeApiAuditLogArgs\n {\n Configuration = new Rancher2.Inputs.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs\n {\n Format = \"json\",\n MaxAge = 5,\n MaxBackup = 5,\n MaxSize = 100,\n Path = \"-\",\n Policy = @\"apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n\",\n },\n Enabled = true,\n },\n },\n },\n UpgradeStrategy = new Rancher2.Inputs.ClusterRkeConfigUpgradeStrategyArgs\n {\n Drain = true,\n MaxUnavailableWorker = \"20%\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rancher2.NewCluster(ctx, \"foo\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform custom cluster\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t\tServices: \u0026rancher2.ClusterRkeConfigServicesArgs{\n\t\t\t\t\tEtcd: \u0026rancher2.ClusterRkeConfigServicesEtcdArgs{\n\t\t\t\t\t\tCreation: pulumi.String(\"6h\"),\n\t\t\t\t\t\tRetention: pulumi.String(\"24h\"),\n\t\t\t\t\t},\n\t\t\t\t\tKubeApi: \u0026rancher2.ClusterRkeConfigServicesKubeApiArgs{\n\t\t\t\t\t\tAuditLog: \u0026rancher2.ClusterRkeConfigServicesKubeApiAuditLogArgs{\n\t\t\t\t\t\t\tConfiguration: \u0026rancher2.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs{\n\t\t\t\t\t\t\t\tFormat: pulumi.String(\"json\"),\n\t\t\t\t\t\t\t\tMaxAge: pulumi.Int(5),\n\t\t\t\t\t\t\t\tMaxBackup: pulumi.Int(5),\n\t\t\t\t\t\t\t\tMaxSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"-\"),\n\t\t\t\t\t\t\t\tPolicy: pulumi.String(`apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n`),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpgradeStrategy: \u0026rancher2.ClusterRkeConfigUpgradeStrategyArgs{\n\t\t\t\t\tDrain: pulumi.Bool(true),\n\t\t\t\t\tMaxUnavailableWorker: pulumi.String(\"20%\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesEtcdArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesKubeApiArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesKubeApiAuditLogArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigUpgradeStrategyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Cluster(\"foo\", ClusterArgs.builder() \n .description(\"Terraform custom cluster\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .services(ClusterRkeConfigServicesArgs.builder()\n .etcd(ClusterRkeConfigServicesEtcdArgs.builder()\n .creation(\"6h\")\n .retention(\"24h\")\n .build())\n .kubeApi(ClusterRkeConfigServicesKubeApiArgs.builder()\n .auditLog(ClusterRkeConfigServicesKubeApiAuditLogArgs.builder()\n .configuration(ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs.builder()\n .format(\"json\")\n .maxAge(5)\n .maxBackup(5)\n .maxSize(100)\n .path(\"-\")\n .policy(\"\"\"\napiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n \"\"\")\n .build())\n .enabled(true)\n .build())\n .build())\n .build())\n .upgradeStrategy(ClusterRkeConfigUpgradeStrategyArgs.builder()\n .drain(true)\n .maxUnavailableWorker(\"20%\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: rancher2:Cluster\n properties:\n description: Terraform custom cluster\n rkeConfig:\n network:\n plugin: canal\n services:\n etcd:\n creation: 6h\n retention: 24h\n kubeApi:\n auditLog:\n configuration:\n format: json\n maxAge: 5\n maxBackup: 5\n maxSize: 100\n path: '-'\n policy: |+\n apiVersion: audit.k8s.io/v1\n kind: Policy\n metadata:\n creationTimestamp: null\n omitStages:\n - RequestReceived\n rules:\n - level: RequestResponse\n resources:\n - resources:\n - pods\n\n enabled: true\n upgradeStrategy:\n drain: true\n maxUnavailableWorker: 20%\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster with cluster agent customization. For Rancher v2.7.5 and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst foo = new rancher2.Cluster(\"foo\", {\n clusterAgentDeploymentCustomizations: [{\n appendTolerations: [{\n effect: \"NoSchedule\",\n key: \"tolerate/control-plane\",\n value: \"true\",\n }],\n overrideAffinity: `{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n`,\n overrideResourceRequirements: [{\n cpuLimit: \"800\",\n cpuRequest: \"500\",\n memoryLimit: \"800\",\n memoryRequest: \"500\",\n }],\n }],\n description: \"Terraform cluster with agent customization\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo = rancher2.Cluster(\"foo\",\n cluster_agent_deployment_customizations=[rancher2.ClusterClusterAgentDeploymentCustomizationArgs(\n append_tolerations=[rancher2.ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs(\n effect=\"NoSchedule\",\n key=\"tolerate/control-plane\",\n value=\"true\",\n )],\n override_affinity=\"\"\"{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n\"\"\",\n override_resource_requirements=[rancher2.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs(\n cpu_limit=\"800\",\n cpu_request=\"500\",\n memory_limit=\"800\",\n memory_request=\"500\",\n )],\n )],\n description=\"Terraform cluster with agent customization\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Rancher2.Cluster(\"foo\", new()\n {\n ClusterAgentDeploymentCustomizations = new[]\n {\n new Rancher2.Inputs.ClusterClusterAgentDeploymentCustomizationArgs\n {\n AppendTolerations = new[]\n {\n new Rancher2.Inputs.ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs\n {\n Effect = \"NoSchedule\",\n Key = \"tolerate/control-plane\",\n Value = \"true\",\n },\n },\n OverrideAffinity = @\"{\n \"\"nodeAffinity\"\": {\n \"\"requiredDuringSchedulingIgnoredDuringExecution\"\": {\n \"\"nodeSelectorTerms\"\": [{\n \"\"matchExpressions\"\": [{\n \"\"key\"\": \"\"not.this/nodepool\"\",\n \"\"operator\"\": \"\"In\"\",\n \"\"values\"\": [\n \"\"true\"\"\n ]\n }]\n }]\n }\n }\n}\n\n\",\n OverrideResourceRequirements = new[]\n {\n new Rancher2.Inputs.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs\n {\n CpuLimit = \"800\",\n CpuRequest = \"500\",\n MemoryLimit = \"800\",\n MemoryRequest = \"500\",\n },\n },\n },\n },\n Description = \"Terraform cluster with agent customization\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rancher2.NewCluster(ctx, \"foo\", \u0026rancher2.ClusterArgs{\n\t\t\tClusterAgentDeploymentCustomizations: rancher2.ClusterClusterAgentDeploymentCustomizationArray{\n\t\t\t\t\u0026rancher2.ClusterClusterAgentDeploymentCustomizationArgs{\n\t\t\t\t\tAppendTolerations: rancher2.ClusterClusterAgentDeploymentCustomizationAppendTolerationArray{\n\t\t\t\t\t\t\u0026rancher2.ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs{\n\t\t\t\t\t\t\tEffect: pulumi.String(\"NoSchedule\"),\n\t\t\t\t\t\t\tKey: pulumi.String(\"tolerate/control-plane\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tOverrideAffinity: pulumi.String(`{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n`),\n\t\t\t\t\tOverrideResourceRequirements: rancher2.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArray{\n\t\t\t\t\t\t\u0026rancher2.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs{\n\t\t\t\t\t\t\tCpuLimit: pulumi.String(\"800\"),\n\t\t\t\t\t\t\tCpuRequest: pulumi.String(\"500\"),\n\t\t\t\t\t\t\tMemoryLimit: pulumi.String(\"800\"),\n\t\t\t\t\t\t\tMemoryRequest: pulumi.String(\"500\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Terraform cluster with agent customization\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterClusterAgentDeploymentCustomizationArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Cluster(\"foo\", ClusterArgs.builder() \n .clusterAgentDeploymentCustomizations(ClusterClusterAgentDeploymentCustomizationArgs.builder()\n .appendTolerations(ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs.builder()\n .effect(\"NoSchedule\")\n .key(\"tolerate/control-plane\")\n .value(\"true\")\n .build())\n .overrideAffinity(\"\"\"\n{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n \"\"\")\n .overrideResourceRequirements(ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs.builder()\n .cpuLimit(\"800\")\n .cpuRequest(\"500\")\n .memoryLimit(\"800\")\n .memoryRequest(\"500\")\n .build())\n .build())\n .description(\"Terraform cluster with agent customization\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: rancher2:Cluster\n properties:\n clusterAgentDeploymentCustomizations:\n - appendTolerations:\n - effect: NoSchedule\n key: tolerate/control-plane\n value: 'true'\n overrideAffinity: |+\n {\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n }\n\n overrideResourceRequirements:\n - cpuLimit: '800'\n cpuRequest: '500'\n memoryLimit: '800'\n memoryRequest: '500'\n description: Terraform cluster with agent customization\n rkeConfig:\n network:\n plugin: canal\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Importing EKS cluster to Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst fooCloudCredential = new rancher2.CloudCredential(\"fooCloudCredential\", {\n description: \"foo test\",\n amazonec2CredentialConfig: {\n accessKey: \"\u003cAWS_ACCESS_KEY\u003e\",\n secretKey: \"\u003cAWS_SECRET_KEY\u003e\",\n },\n});\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n description: \"Terraform EKS cluster\",\n eksConfigV2: {\n cloudCredentialId: fooCloudCredential.id,\n name: \"\u003cCLUSTER_NAME\u003e\",\n region: \"\u003cEKS_REGION\u003e\",\n imported: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_cloud_credential = rancher2.CloudCredential(\"fooCloudCredential\",\n description=\"foo test\",\n amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs(\n access_key=\"\u003cAWS_ACCESS_KEY\u003e\",\n secret_key=\"\u003cAWS_SECRET_KEY\u003e\",\n ))\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n description=\"Terraform EKS cluster\",\n eks_config_v2=rancher2.ClusterEksConfigV2Args(\n cloud_credential_id=foo_cloud_credential.id,\n name=\"\u003cCLUSTER_NAME\u003e\",\n region=\"\u003cEKS_REGION\u003e\",\n imported=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooCloudCredential = new Rancher2.CloudCredential(\"fooCloudCredential\", new()\n {\n Description = \"foo test\",\n Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs\n {\n AccessKey = \"\u003cAWS_ACCESS_KEY\u003e\",\n SecretKey = \"\u003cAWS_SECRET_KEY\u003e\",\n },\n });\n\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n Description = \"Terraform EKS cluster\",\n EksConfigV2 = new Rancher2.Inputs.ClusterEksConfigV2Args\n {\n CloudCredentialId = fooCloudCredential.Id,\n Name = \"\u003cCLUSTER_NAME\u003e\",\n Region = \"\u003cEKS_REGION\u003e\",\n Imported = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooCloudCredential, err := rancher2.NewCloudCredential(ctx, \"fooCloudCredential\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2CredentialConfig: \u0026rancher2.CloudCredentialAmazonec2CredentialConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003cAWS_ACCESS_KEY\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003cAWS_SECRET_KEY\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform EKS cluster\"),\n\t\t\tEksConfigV2: \u0026rancher2.ClusterEksConfigV2Args{\n\t\t\t\tCloudCredentialId: fooCloudCredential.ID(),\n\t\t\t\tName: pulumi.String(\"\u003cCLUSTER_NAME\u003e\"),\n\t\t\t\tRegion: pulumi.String(\"\u003cEKS_REGION\u003e\"),\n\t\t\t\tImported: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAmazonec2CredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterEksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooCloudCredential = new CloudCredential(\"fooCloudCredential\", CloudCredentialArgs.builder() \n .description(\"foo test\")\n .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder()\n .accessKey(\"\u003cAWS_ACCESS_KEY\u003e\")\n .secretKey(\"\u003cAWS_SECRET_KEY\u003e\")\n .build())\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .description(\"Terraform EKS cluster\")\n .eksConfigV2(ClusterEksConfigV2Args.builder()\n .cloudCredentialId(fooCloudCredential.id())\n .name(\"\u003cCLUSTER_NAME\u003e\")\n .region(\"\u003cEKS_REGION\u003e\")\n .imported(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooCloudCredential:\n type: rancher2:CloudCredential\n properties:\n description: foo test\n amazonec2CredentialConfig:\n accessKey: \u003cAWS_ACCESS_KEY\u003e\n secretKey: \u003cAWS_SECRET_KEY\u003e\n fooCluster:\n type: rancher2:Cluster\n properties:\n description: Terraform EKS cluster\n eksConfigV2:\n cloudCredentialId: ${fooCloudCredential.id}\n name: \u003cCLUSTER_NAME\u003e\n region: \u003cEKS_REGION\u003e\n imported: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating EKS cluster from Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst fooCloudCredential = new rancher2.CloudCredential(\"fooCloudCredential\", {\n description: \"foo test\",\n amazonec2CredentialConfig: {\n accessKey: \"\u003cAWS_ACCESS_KEY\u003e\",\n secretKey: \"\u003cAWS_SECRET_KEY\u003e\",\n },\n});\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n description: \"Terraform EKS cluster\",\n eksConfigV2: {\n cloudCredentialId: fooCloudCredential.id,\n region: \"\u003cEKS_REGION\u003e\",\n kubernetesVersion: \"1.24\",\n loggingTypes: [\n \"audit\",\n \"api\",\n ],\n nodeGroups: [\n {\n name: \"node_group1\",\n instanceType: \"t3.medium\",\n desiredSize: 3,\n maxSize: 5,\n },\n {\n name: \"node_group2\",\n instanceType: \"m5.xlarge\",\n desiredSize: 2,\n maxSize: 3,\n nodeRole: \"arn:aws:iam::role/test-NodeInstanceRole\",\n },\n ],\n privateAccess: true,\n publicAccess: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_cloud_credential = rancher2.CloudCredential(\"fooCloudCredential\",\n description=\"foo test\",\n amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs(\n access_key=\"\u003cAWS_ACCESS_KEY\u003e\",\n secret_key=\"\u003cAWS_SECRET_KEY\u003e\",\n ))\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n description=\"Terraform EKS cluster\",\n eks_config_v2=rancher2.ClusterEksConfigV2Args(\n cloud_credential_id=foo_cloud_credential.id,\n region=\"\u003cEKS_REGION\u003e\",\n kubernetes_version=\"1.24\",\n logging_types=[\n \"audit\",\n \"api\",\n ],\n node_groups=[\n rancher2.ClusterEksConfigV2NodeGroupArgs(\n name=\"node_group1\",\n instance_type=\"t3.medium\",\n desired_size=3,\n max_size=5,\n ),\n rancher2.ClusterEksConfigV2NodeGroupArgs(\n name=\"node_group2\",\n instance_type=\"m5.xlarge\",\n desired_size=2,\n max_size=3,\n node_role=\"arn:aws:iam::role/test-NodeInstanceRole\",\n ),\n ],\n private_access=True,\n public_access=False,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooCloudCredential = new Rancher2.CloudCredential(\"fooCloudCredential\", new()\n {\n Description = \"foo test\",\n Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs\n {\n AccessKey = \"\u003cAWS_ACCESS_KEY\u003e\",\n SecretKey = \"\u003cAWS_SECRET_KEY\u003e\",\n },\n });\n\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n Description = \"Terraform EKS cluster\",\n EksConfigV2 = new Rancher2.Inputs.ClusterEksConfigV2Args\n {\n CloudCredentialId = fooCloudCredential.Id,\n Region = \"\u003cEKS_REGION\u003e\",\n KubernetesVersion = \"1.24\",\n LoggingTypes = new[]\n {\n \"audit\",\n \"api\",\n },\n NodeGroups = new[]\n {\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupArgs\n {\n Name = \"node_group1\",\n InstanceType = \"t3.medium\",\n DesiredSize = 3,\n MaxSize = 5,\n },\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupArgs\n {\n Name = \"node_group2\",\n InstanceType = \"m5.xlarge\",\n DesiredSize = 2,\n MaxSize = 3,\n NodeRole = \"arn:aws:iam::role/test-NodeInstanceRole\",\n },\n },\n PrivateAccess = true,\n PublicAccess = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooCloudCredential, err := rancher2.NewCloudCredential(ctx, \"fooCloudCredential\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2CredentialConfig: \u0026rancher2.CloudCredentialAmazonec2CredentialConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003cAWS_ACCESS_KEY\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003cAWS_SECRET_KEY\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform EKS cluster\"),\n\t\t\tEksConfigV2: \u0026rancher2.ClusterEksConfigV2Args{\n\t\t\t\tCloudCredentialId: fooCloudCredential.ID(),\n\t\t\t\tRegion: pulumi.String(\"\u003cEKS_REGION\u003e\"),\n\t\t\t\tKubernetesVersion: pulumi.String(\"1.24\"),\n\t\t\t\tLoggingTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\t},\n\t\t\t\tNodeGroups: rancher2.ClusterEksConfigV2NodeGroupArray{\n\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupArgs{\n\t\t\t\t\t\tName: pulumi.String(\"node_group1\"),\n\t\t\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\t\t\tDesiredSize: pulumi.Int(3),\n\t\t\t\t\t\tMaxSize: pulumi.Int(5),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupArgs{\n\t\t\t\t\t\tName: pulumi.String(\"node_group2\"),\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m5.xlarge\"),\n\t\t\t\t\t\tDesiredSize: pulumi.Int(2),\n\t\t\t\t\t\tMaxSize: pulumi.Int(3),\n\t\t\t\t\t\tNodeRole: pulumi.String(\"arn:aws:iam::role/test-NodeInstanceRole\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateAccess: pulumi.Bool(true),\n\t\t\t\tPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAmazonec2CredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterEksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooCloudCredential = new CloudCredential(\"fooCloudCredential\", CloudCredentialArgs.builder() \n .description(\"foo test\")\n .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder()\n .accessKey(\"\u003cAWS_ACCESS_KEY\u003e\")\n .secretKey(\"\u003cAWS_SECRET_KEY\u003e\")\n .build())\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .description(\"Terraform EKS cluster\")\n .eksConfigV2(ClusterEksConfigV2Args.builder()\n .cloudCredentialId(fooCloudCredential.id())\n .region(\"\u003cEKS_REGION\u003e\")\n .kubernetesVersion(\"1.24\")\n .loggingTypes( \n \"audit\",\n \"api\")\n .nodeGroups( \n ClusterEksConfigV2NodeGroupArgs.builder()\n .name(\"node_group1\")\n .instanceType(\"t3.medium\")\n .desiredSize(3)\n .maxSize(5)\n .build(),\n ClusterEksConfigV2NodeGroupArgs.builder()\n .name(\"node_group2\")\n .instanceType(\"m5.xlarge\")\n .desiredSize(2)\n .maxSize(3)\n .nodeRole(\"arn:aws:iam::role/test-NodeInstanceRole\")\n .build())\n .privateAccess(true)\n .publicAccess(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooCloudCredential:\n type: rancher2:CloudCredential\n properties:\n description: foo test\n amazonec2CredentialConfig:\n accessKey: \u003cAWS_ACCESS_KEY\u003e\n secretKey: \u003cAWS_SECRET_KEY\u003e\n fooCluster:\n type: rancher2:Cluster\n properties:\n description: Terraform EKS cluster\n eksConfigV2:\n cloudCredentialId: ${fooCloudCredential.id}\n region: \u003cEKS_REGION\u003e\n kubernetesVersion: '1.24'\n loggingTypes:\n - audit\n - api\n nodeGroups:\n - name: node_group1\n instanceType: t3.medium\n desiredSize: 3\n maxSize: 5\n - name: node_group2\n instanceType: m5.xlarge\n desiredSize: 2\n maxSize: 3\n nodeRole: arn:aws:iam::role/test-NodeInstanceRole\n privateAccess: true\n publicAccess: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating EKS cluster from Rancher v2, using `eks_config_v2` and launch template. For Rancher v2.5.6 and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst fooCloudCredential = new rancher2.CloudCredential(\"fooCloudCredential\", {\n description: \"foo test\",\n amazonec2CredentialConfig: {\n accessKey: \"\u003cAWS_ACCESS_KEY\u003e\",\n secretKey: \"\u003cAWS_SECRET_KEY\u003e\",\n },\n});\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n description: \"Terraform EKS cluster\",\n eksConfigV2: {\n cloudCredentialId: fooCloudCredential.id,\n region: \"\u003cEKS_REGION\u003e\",\n kubernetesVersion: \"1.24\",\n loggingTypes: [\n \"audit\",\n \"api\",\n ],\n nodeGroups: [{\n desiredSize: 3,\n maxSize: 5,\n name: \"node_group1\",\n launchTemplates: [{\n id: \"\u003cEC2_LAUNCH_TEMPLATE_ID\u003e\",\n version: 1,\n }],\n }],\n privateAccess: true,\n publicAccess: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_cloud_credential = rancher2.CloudCredential(\"fooCloudCredential\",\n description=\"foo test\",\n amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs(\n access_key=\"\u003cAWS_ACCESS_KEY\u003e\",\n secret_key=\"\u003cAWS_SECRET_KEY\u003e\",\n ))\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n description=\"Terraform EKS cluster\",\n eks_config_v2=rancher2.ClusterEksConfigV2Args(\n cloud_credential_id=foo_cloud_credential.id,\n region=\"\u003cEKS_REGION\u003e\",\n kubernetes_version=\"1.24\",\n logging_types=[\n \"audit\",\n \"api\",\n ],\n node_groups=[rancher2.ClusterEksConfigV2NodeGroupArgs(\n desired_size=3,\n max_size=5,\n name=\"node_group1\",\n launch_templates=[rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArgs(\n id=\"\u003cEC2_LAUNCH_TEMPLATE_ID\u003e\",\n version=1,\n )],\n )],\n private_access=True,\n public_access=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooCloudCredential = new Rancher2.CloudCredential(\"fooCloudCredential\", new()\n {\n Description = \"foo test\",\n Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs\n {\n AccessKey = \"\u003cAWS_ACCESS_KEY\u003e\",\n SecretKey = \"\u003cAWS_SECRET_KEY\u003e\",\n },\n });\n\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n Description = \"Terraform EKS cluster\",\n EksConfigV2 = new Rancher2.Inputs.ClusterEksConfigV2Args\n {\n CloudCredentialId = fooCloudCredential.Id,\n Region = \"\u003cEKS_REGION\u003e\",\n KubernetesVersion = \"1.24\",\n LoggingTypes = new[]\n {\n \"audit\",\n \"api\",\n },\n NodeGroups = new[]\n {\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupArgs\n {\n DesiredSize = 3,\n MaxSize = 5,\n Name = \"node_group1\",\n LaunchTemplates = new[]\n {\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupLaunchTemplateArgs\n {\n Id = \"\u003cEC2_LAUNCH_TEMPLATE_ID\u003e\",\n Version = 1,\n },\n },\n },\n },\n PrivateAccess = true,\n PublicAccess = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooCloudCredential, err := rancher2.NewCloudCredential(ctx, \"fooCloudCredential\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2CredentialConfig: \u0026rancher2.CloudCredentialAmazonec2CredentialConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003cAWS_ACCESS_KEY\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003cAWS_SECRET_KEY\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform EKS cluster\"),\n\t\t\tEksConfigV2: \u0026rancher2.ClusterEksConfigV2Args{\n\t\t\t\tCloudCredentialId: fooCloudCredential.ID(),\n\t\t\t\tRegion: pulumi.String(\"\u003cEKS_REGION\u003e\"),\n\t\t\t\tKubernetesVersion: pulumi.String(\"1.24\"),\n\t\t\t\tLoggingTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\t},\n\t\t\t\tNodeGroups: rancher2.ClusterEksConfigV2NodeGroupArray{\n\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupArgs{\n\t\t\t\t\t\tDesiredSize: pulumi.Int(3),\n\t\t\t\t\t\tMaxSize: pulumi.Int(5),\n\t\t\t\t\t\tName: pulumi.String(\"node_group1\"),\n\t\t\t\t\t\tLaunchTemplates: rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArray{\n\t\t\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArgs{\n\t\t\t\t\t\t\t\tId: pulumi.String(\"\u003cEC2_LAUNCH_TEMPLATE_ID\u003e\"),\n\t\t\t\t\t\t\t\tVersion: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateAccess: pulumi.Bool(true),\n\t\t\t\tPublicAccess: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAmazonec2CredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterEksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooCloudCredential = new CloudCredential(\"fooCloudCredential\", CloudCredentialArgs.builder() \n .description(\"foo test\")\n .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder()\n .accessKey(\"\u003cAWS_ACCESS_KEY\u003e\")\n .secretKey(\"\u003cAWS_SECRET_KEY\u003e\")\n .build())\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .description(\"Terraform EKS cluster\")\n .eksConfigV2(ClusterEksConfigV2Args.builder()\n .cloudCredentialId(fooCloudCredential.id())\n .region(\"\u003cEKS_REGION\u003e\")\n .kubernetesVersion(\"1.24\")\n .loggingTypes( \n \"audit\",\n \"api\")\n .nodeGroups(ClusterEksConfigV2NodeGroupArgs.builder()\n .desiredSize(3)\n .maxSize(5)\n .name(\"node_group1\")\n .launchTemplates(ClusterEksConfigV2NodeGroupLaunchTemplateArgs.builder()\n .id(\"\u003cEC2_LAUNCH_TEMPLATE_ID\u003e\")\n .version(1)\n .build())\n .build())\n .privateAccess(true)\n .publicAccess(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooCloudCredential:\n type: rancher2:CloudCredential\n properties:\n description: foo test\n amazonec2CredentialConfig:\n accessKey: \u003cAWS_ACCESS_KEY\u003e\n secretKey: \u003cAWS_SECRET_KEY\u003e\n fooCluster:\n type: rancher2:Cluster\n properties:\n description: Terraform EKS cluster\n eksConfigV2:\n cloudCredentialId: ${fooCloudCredential.id}\n region: \u003cEKS_REGION\u003e\n kubernetesVersion: '1.24'\n loggingTypes:\n - audit\n - api\n nodeGroups:\n - desiredSize: 3\n maxSize: 5\n name: node_group1\n launchTemplates:\n - id: \u003cEC2_LAUNCH_TEMPLATE_ID\u003e\n version: 1\n privateAccess: true\n publicAccess: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating AKS cluster from Rancher v2, using `aks_config_v2`. For Rancher v2.6.0 and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst foo_aks = new rancher2.CloudCredential(\"foo-aks\", {azureCredentialConfig: {\n clientId: \"\u003cCLIENT_ID\u003e\",\n clientSecret: \"\u003cCLIENT_SECRET\u003e\",\n subscriptionId: \"\u003cSUBSCRIPTION_ID\u003e\",\n}});\nconst foo = new rancher2.Cluster(\"foo\", {\n description: \"Terraform AKS cluster\",\n aksConfigV2: {\n cloudCredentialId: foo_aks.id,\n resourceGroup: \"\u003cRESOURCE_GROUP\u003e\",\n resourceLocation: \"\u003cRESOURCE_LOCATION\u003e\",\n dnsPrefix: \"\u003cDNS_PREFIX\u003e\",\n kubernetesVersion: \"1.24.6\",\n networkPlugin: \"\u003cNETWORK_PLUGIN\u003e\",\n nodePools: [\n {\n availabilityZones: [\n \"1\",\n \"2\",\n \"3\",\n ],\n name: \"\u003cNODEPOOL_NAME_1\u003e\",\n mode: \"System\",\n count: 1,\n orchestratorVersion: \"1.21.2\",\n osDiskSizeGb: 128,\n vmSize: \"Standard_DS2_v2\",\n },\n {\n availabilityZones: [\n \"1\",\n \"2\",\n \"3\",\n ],\n name: \"\u003cNODEPOOL_NAME_2\u003e\",\n count: 1,\n mode: \"User\",\n orchestratorVersion: \"1.21.2\",\n osDiskSizeGb: 128,\n vmSize: \"Standard_DS2_v2\",\n maxSurge: \"25%\",\n labels: {\n test1: \"data1\",\n test2: \"data2\",\n },\n taints: [\"none:PreferNoSchedule\"],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_aks = rancher2.CloudCredential(\"foo-aks\", azure_credential_config=rancher2.CloudCredentialAzureCredentialConfigArgs(\n client_id=\"\u003cCLIENT_ID\u003e\",\n client_secret=\"\u003cCLIENT_SECRET\u003e\",\n subscription_id=\"\u003cSUBSCRIPTION_ID\u003e\",\n))\nfoo = rancher2.Cluster(\"foo\",\n description=\"Terraform AKS cluster\",\n aks_config_v2=rancher2.ClusterAksConfigV2Args(\n cloud_credential_id=foo_aks.id,\n resource_group=\"\u003cRESOURCE_GROUP\u003e\",\n resource_location=\"\u003cRESOURCE_LOCATION\u003e\",\n dns_prefix=\"\u003cDNS_PREFIX\u003e\",\n kubernetes_version=\"1.24.6\",\n network_plugin=\"\u003cNETWORK_PLUGIN\u003e\",\n node_pools=[\n rancher2.ClusterAksConfigV2NodePoolArgs(\n availability_zones=[\n \"1\",\n \"2\",\n \"3\",\n ],\n name=\"\u003cNODEPOOL_NAME_1\u003e\",\n mode=\"System\",\n count=1,\n orchestrator_version=\"1.21.2\",\n os_disk_size_gb=128,\n vm_size=\"Standard_DS2_v2\",\n ),\n rancher2.ClusterAksConfigV2NodePoolArgs(\n availability_zones=[\n \"1\",\n \"2\",\n \"3\",\n ],\n name=\"\u003cNODEPOOL_NAME_2\u003e\",\n count=1,\n mode=\"User\",\n orchestrator_version=\"1.21.2\",\n os_disk_size_gb=128,\n vm_size=\"Standard_DS2_v2\",\n max_surge=\"25%\",\n labels={\n \"test1\": \"data1\",\n \"test2\": \"data2\",\n },\n taints=[\"none:PreferNoSchedule\"],\n ),\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo_aks = new Rancher2.CloudCredential(\"foo-aks\", new()\n {\n AzureCredentialConfig = new Rancher2.Inputs.CloudCredentialAzureCredentialConfigArgs\n {\n ClientId = \"\u003cCLIENT_ID\u003e\",\n ClientSecret = \"\u003cCLIENT_SECRET\u003e\",\n SubscriptionId = \"\u003cSUBSCRIPTION_ID\u003e\",\n },\n });\n\n var foo = new Rancher2.Cluster(\"foo\", new()\n {\n Description = \"Terraform AKS cluster\",\n AksConfigV2 = new Rancher2.Inputs.ClusterAksConfigV2Args\n {\n CloudCredentialId = foo_aks.Id,\n ResourceGroup = \"\u003cRESOURCE_GROUP\u003e\",\n ResourceLocation = \"\u003cRESOURCE_LOCATION\u003e\",\n DnsPrefix = \"\u003cDNS_PREFIX\u003e\",\n KubernetesVersion = \"1.24.6\",\n NetworkPlugin = \"\u003cNETWORK_PLUGIN\u003e\",\n NodePools = new[]\n {\n new Rancher2.Inputs.ClusterAksConfigV2NodePoolArgs\n {\n AvailabilityZones = new[]\n {\n \"1\",\n \"2\",\n \"3\",\n },\n Name = \"\u003cNODEPOOL_NAME_1\u003e\",\n Mode = \"System\",\n Count = 1,\n OrchestratorVersion = \"1.21.2\",\n OsDiskSizeGb = 128,\n VmSize = \"Standard_DS2_v2\",\n },\n new Rancher2.Inputs.ClusterAksConfigV2NodePoolArgs\n {\n AvailabilityZones = new[]\n {\n \"1\",\n \"2\",\n \"3\",\n },\n Name = \"\u003cNODEPOOL_NAME_2\u003e\",\n Count = 1,\n Mode = \"User\",\n OrchestratorVersion = \"1.21.2\",\n OsDiskSizeGb = 128,\n VmSize = \"Standard_DS2_v2\",\n MaxSurge = \"25%\",\n Labels = \n {\n { \"test1\", \"data1\" },\n { \"test2\", \"data2\" },\n },\n Taints = new[]\n {\n \"none:PreferNoSchedule\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rancher2.NewCloudCredential(ctx, \"foo-aks\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tAzureCredentialConfig: \u0026rancher2.CloudCredentialAzureCredentialConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"\u003cCLIENT_ID\u003e\"),\n\t\t\t\tClientSecret: pulumi.String(\"\u003cCLIENT_SECRET\u003e\"),\n\t\t\t\tSubscriptionId: pulumi.String(\"\u003cSUBSCRIPTION_ID\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"foo\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform AKS cluster\"),\n\t\t\tAksConfigV2: \u0026rancher2.ClusterAksConfigV2Args{\n\t\t\t\tCloudCredentialId: foo_aks.ID(),\n\t\t\t\tResourceGroup: pulumi.String(\"\u003cRESOURCE_GROUP\u003e\"),\n\t\t\t\tResourceLocation: pulumi.String(\"\u003cRESOURCE_LOCATION\u003e\"),\n\t\t\t\tDnsPrefix: pulumi.String(\"\u003cDNS_PREFIX\u003e\"),\n\t\t\t\tKubernetesVersion: pulumi.String(\"1.24.6\"),\n\t\t\t\tNetworkPlugin: pulumi.String(\"\u003cNETWORK_PLUGIN\u003e\"),\n\t\t\t\tNodePools: rancher2.ClusterAksConfigV2NodePoolArray{\n\t\t\t\t\t\u0026rancher2.ClusterAksConfigV2NodePoolArgs{\n\t\t\t\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"1\"),\n\t\t\t\t\t\t\tpulumi.String(\"2\"),\n\t\t\t\t\t\t\tpulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tName: pulumi.String(\"\u003cNODEPOOL_NAME_1\u003e\"),\n\t\t\t\t\t\tMode: pulumi.String(\"System\"),\n\t\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t\t\tOrchestratorVersion: pulumi.String(\"1.21.2\"),\n\t\t\t\t\t\tOsDiskSizeGb: pulumi.Int(128),\n\t\t\t\t\t\tVmSize: pulumi.String(\"Standard_DS2_v2\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026rancher2.ClusterAksConfigV2NodePoolArgs{\n\t\t\t\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"1\"),\n\t\t\t\t\t\t\tpulumi.String(\"2\"),\n\t\t\t\t\t\t\tpulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tName: pulumi.String(\"\u003cNODEPOOL_NAME_2\u003e\"),\n\t\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t\t\tMode: pulumi.String(\"User\"),\n\t\t\t\t\t\tOrchestratorVersion: pulumi.String(\"1.21.2\"),\n\t\t\t\t\t\tOsDiskSizeGb: pulumi.Int(128),\n\t\t\t\t\t\tVmSize: pulumi.String(\"Standard_DS2_v2\"),\n\t\t\t\t\t\tMaxSurge: pulumi.String(\"25%\"),\n\t\t\t\t\t\tLabels: pulumi.Map{\n\t\t\t\t\t\t\t\"test1\": pulumi.Any(\"data1\"),\n\t\t\t\t\t\t\t\"test2\": pulumi.Any(\"data2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTaints: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"none:PreferNoSchedule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAzureCredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterAksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_aks = new CloudCredential(\"foo-aks\", CloudCredentialArgs.builder() \n .azureCredentialConfig(CloudCredentialAzureCredentialConfigArgs.builder()\n .clientId(\"\u003cCLIENT_ID\u003e\")\n .clientSecret(\"\u003cCLIENT_SECRET\u003e\")\n .subscriptionId(\"\u003cSUBSCRIPTION_ID\u003e\")\n .build())\n .build());\n\n var foo = new Cluster(\"foo\", ClusterArgs.builder() \n .description(\"Terraform AKS cluster\")\n .aksConfigV2(ClusterAksConfigV2Args.builder()\n .cloudCredentialId(foo_aks.id())\n .resourceGroup(\"\u003cRESOURCE_GROUP\u003e\")\n .resourceLocation(\"\u003cRESOURCE_LOCATION\u003e\")\n .dnsPrefix(\"\u003cDNS_PREFIX\u003e\")\n .kubernetesVersion(\"1.24.6\")\n .networkPlugin(\"\u003cNETWORK_PLUGIN\u003e\")\n .nodePools( \n ClusterAksConfigV2NodePoolArgs.builder()\n .availabilityZones( \n \"1\",\n \"2\",\n \"3\")\n .name(\"\u003cNODEPOOL_NAME_1\u003e\")\n .mode(\"System\")\n .count(1)\n .orchestratorVersion(\"1.21.2\")\n .osDiskSizeGb(128)\n .vmSize(\"Standard_DS2_v2\")\n .build(),\n ClusterAksConfigV2NodePoolArgs.builder()\n .availabilityZones( \n \"1\",\n \"2\",\n \"3\")\n .name(\"\u003cNODEPOOL_NAME_2\u003e\")\n .count(1)\n .mode(\"User\")\n .orchestratorVersion(\"1.21.2\")\n .osDiskSizeGb(128)\n .vmSize(\"Standard_DS2_v2\")\n .maxSurge(\"25%\")\n .labels(Map.ofEntries(\n Map.entry(\"test1\", \"data1\"),\n Map.entry(\"test2\", \"data2\")\n ))\n .taints(\"none:PreferNoSchedule\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo-aks:\n type: rancher2:CloudCredential\n properties:\n azureCredentialConfig:\n clientId: \u003cCLIENT_ID\u003e\n clientSecret: \u003cCLIENT_SECRET\u003e\n subscriptionId: \u003cSUBSCRIPTION_ID\u003e\n foo:\n type: rancher2:Cluster\n properties:\n description: Terraform AKS cluster\n aksConfigV2:\n cloudCredentialId: ${[\"foo-aks\"].id}\n resourceGroup: \u003cRESOURCE_GROUP\u003e\n resourceLocation: \u003cRESOURCE_LOCATION\u003e\n dnsPrefix: \u003cDNS_PREFIX\u003e\n kubernetesVersion: 1.24.6\n networkPlugin: \u003cNETWORK_PLUGIN\u003e\n nodePools:\n - availabilityZones:\n - '1'\n - '2'\n - '3'\n name: \u003cNODEPOOL_NAME_1\u003e\n mode: System\n count: 1\n orchestratorVersion: 1.21.2\n osDiskSizeGb: 128\n vmSize: Standard_DS2_v2\n - availabilityZones:\n - '1'\n - '2'\n - '3'\n name: \u003cNODEPOOL_NAME_2\u003e\n count: 1\n mode: User\n orchestratorVersion: 1.21.2\n osDiskSizeGb: 128\n vmSize: Standard_DS2_v2\n maxSurge: 25%\n labels:\n test1: data1\n test2: data2\n taints:\n - none:PreferNoSchedule\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClusters can be imported using the Rancher Cluster ID\n\n```sh\n$ pulumi import rancher2:index/cluster:Cluster foo \u0026lt;CLUSTER_ID\u0026gt;\n```\n", + "description": "Provides a Rancher v2 Cluster resource. This can be used to create Clusters for Rancher v2 environments and retrieve their information.\n\n## Example Usage\n\n**Note optional/computed arguments** If any `optional/computed` argument of this resource is defined by the user, removing it from tf file will NOT reset its value. To reset it, let its definition at tf file as empty/false object. Ex: `enable_cluster_monitoring = false`, `cloud_provider {}`, `name = \"\"`\n\n### Creating Rancher v2 imported cluster\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 imported Cluster\nconst foo_imported = new rancher2.Cluster(\"foo-imported\", {description: \"Foo rancher2 imported cluster\"});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 imported Cluster\nfoo_imported = rancher2.Cluster(\"foo-imported\", description=\"Foo rancher2 imported cluster\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 imported Cluster\n var foo_imported = new Rancher2.Cluster(\"foo-imported\", new()\n {\n Description = \"Foo rancher2 imported cluster\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 imported Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-imported\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Foo rancher2 imported cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_imported = new Cluster(\"foo-imported\", ClusterArgs.builder() \n .description(\"Foo rancher2 imported cluster\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 imported Cluster\n foo-imported:\n type: rancher2:Cluster\n properties:\n description: Foo rancher2 imported cluster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nCreating Rancher v2 RKE cluster\n\n### Creating Rancher v2 RKE cluster enabling and customizing monitoring\n\n**Note** Cluster monitoring version `0.2.0` and above, can't be enabled until cluster is fully deployed as [`kubeVersion`](https://github.com/rancher/system-charts/blob/52be656700468904b9bf15c3f39cd7112e1f8c9b/charts/rancher-monitoring/v0.2.0/Chart.yaml#L12) requirement has been introduced to helm chart\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 RKE Cluster\nconst foo_custom = new rancher2.Cluster(\"foo-custom\", {\n clusterMonitoringInput: {\n answers: {\n \"exporter-kubelets.https\": true,\n \"exporter-node.enabled\": true,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": false,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version: \"0.1.0\",\n },\n description: \"Foo rancher2 custom cluster\",\n enableClusterMonitoring: true,\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 RKE Cluster\nfoo_custom = rancher2.Cluster(\"foo-custom\",\n cluster_monitoring_input=rancher2.ClusterClusterMonitoringInputArgs(\n answers={\n \"exporter-kubelets.https\": True,\n \"exporter-node.enabled\": True,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": False,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version=\"0.1.0\",\n ),\n description=\"Foo rancher2 custom cluster\",\n enable_cluster_monitoring=True,\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 RKE Cluster\n var foo_custom = new Rancher2.Cluster(\"foo-custom\", new()\n {\n ClusterMonitoringInput = new Rancher2.Inputs.ClusterClusterMonitoringInputArgs\n {\n Answers = \n {\n { \"exporter-kubelets.https\", true },\n { \"exporter-node.enabled\", true },\n { \"exporter-node.ports.metrics.port\", 9796 },\n { \"exporter-node.resources.limits.cpu\", \"200m\" },\n { \"exporter-node.resources.limits.memory\", \"200Mi\" },\n { \"grafana.persistence.enabled\", false },\n { \"grafana.persistence.size\", \"10Gi\" },\n { \"grafana.persistence.storageClass\", \"default\" },\n { \"operator.resources.limits.memory\", \"500Mi\" },\n { \"prometheus.persistence.enabled\", \"false\" },\n { \"prometheus.persistence.size\", \"50Gi\" },\n { \"prometheus.persistence.storageClass\", \"default\" },\n { \"prometheus.persistent.useReleaseName\", \"true\" },\n { \"prometheus.resources.core.limits.cpu\", \"1000m\" },\n { \"prometheus.resources.core.limits.memory\", \"1500Mi\" },\n { \"prometheus.resources.core.requests.cpu\", \"750m\" },\n { \"prometheus.resources.core.requests.memory\", \"750Mi\" },\n { \"prometheus.retention\", \"12h\" },\n },\n Version = \"0.1.0\",\n },\n Description = \"Foo rancher2 custom cluster\",\n EnableClusterMonitoring = true,\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 RKE Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-custom\", \u0026rancher2.ClusterArgs{\n\t\t\tClusterMonitoringInput: \u0026rancher2.ClusterClusterMonitoringInputArgs{\n\t\t\t\tAnswers: pulumi.Map{\n\t\t\t\t\t\"exporter-kubelets.https\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.enabled\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.ports.metrics.port\": pulumi.Any(9796),\n\t\t\t\t\t\"exporter-node.resources.limits.cpu\": pulumi.Any(\"200m\"),\n\t\t\t\t\t\"exporter-node.resources.limits.memory\": pulumi.Any(\"200Mi\"),\n\t\t\t\t\t\"grafana.persistence.enabled\": pulumi.Any(false),\n\t\t\t\t\t\"grafana.persistence.size\": pulumi.Any(\"10Gi\"),\n\t\t\t\t\t\"grafana.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"operator.resources.limits.memory\": pulumi.Any(\"500Mi\"),\n\t\t\t\t\t\"prometheus.persistence.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\t\"prometheus.persistence.size\": pulumi.Any(\"50Gi\"),\n\t\t\t\t\t\"prometheus.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"prometheus.persistent.useReleaseName\": pulumi.Any(\"true\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.memory\": pulumi.Any(\"1500Mi\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.cpu\": pulumi.Any(\"750m\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.memory\": pulumi.Any(\"750Mi\"),\n\t\t\t\t\t\"prometheus.retention\": pulumi.Any(\"12h\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(\"0.1.0\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Foo rancher2 custom cluster\"),\n\t\t\tEnableClusterMonitoring: pulumi.Bool(true),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterClusterMonitoringInputArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_custom = new Cluster(\"foo-custom\", ClusterArgs.builder() \n .clusterMonitoringInput(ClusterClusterMonitoringInputArgs.builder()\n .answers(Map.ofEntries(\n Map.entry(\"exporter-kubelets.https\", true),\n Map.entry(\"exporter-node.enabled\", true),\n Map.entry(\"exporter-node.ports.metrics.port\", 9796),\n Map.entry(\"exporter-node.resources.limits.cpu\", \"200m\"),\n Map.entry(\"exporter-node.resources.limits.memory\", \"200Mi\"),\n Map.entry(\"grafana.persistence.enabled\", false),\n Map.entry(\"grafana.persistence.size\", \"10Gi\"),\n Map.entry(\"grafana.persistence.storageClass\", \"default\"),\n Map.entry(\"operator.resources.limits.memory\", \"500Mi\"),\n Map.entry(\"prometheus.persistence.enabled\", \"false\"),\n Map.entry(\"prometheus.persistence.size\", \"50Gi\"),\n Map.entry(\"prometheus.persistence.storageClass\", \"default\"),\n Map.entry(\"prometheus.persistent.useReleaseName\", \"true\"),\n Map.entry(\"prometheus.resources.core.limits.cpu\", \"1000m\"),\n Map.entry(\"prometheus.resources.core.limits.memory\", \"1500Mi\"),\n Map.entry(\"prometheus.resources.core.requests.cpu\", \"750m\"),\n Map.entry(\"prometheus.resources.core.requests.memory\", \"750Mi\"),\n Map.entry(\"prometheus.retention\", \"12h\")\n ))\n .version(\"0.1.0\")\n .build())\n .description(\"Foo rancher2 custom cluster\")\n .enableClusterMonitoring(true)\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 RKE Cluster\n foo-custom:\n type: rancher2:Cluster\n properties:\n clusterMonitoringInput:\n answers:\n exporter-kubelets.https: true\n exporter-node.enabled: true\n exporter-node.ports.metrics.port: 9796\n exporter-node.resources.limits.cpu: 200m\n exporter-node.resources.limits.memory: 200Mi\n grafana.persistence.enabled: false\n grafana.persistence.size: 10Gi\n grafana.persistence.storageClass: default\n operator.resources.limits.memory: 500Mi\n prometheus.persistence.enabled: 'false'\n prometheus.persistence.size: 50Gi\n prometheus.persistence.storageClass: default\n prometheus.persistent.useReleaseName: 'true'\n prometheus.resources.core.limits.cpu: 1000m\n prometheus.resources.core.limits.memory: 1500Mi\n prometheus.resources.core.requests.cpu: 750m\n prometheus.resources.core.requests.memory: 750Mi\n prometheus.retention: 12h\n version: 0.1.0\n description: Foo rancher2 custom cluster\n enableClusterMonitoring: true\n rkeConfig:\n network:\n plugin: canal\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster enabling/customizing monitoring and istio\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 RKE Cluster\nconst foo_customCluster = new rancher2.Cluster(\"foo-customCluster\", {\n description: \"Foo rancher2 custom cluster\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n enableClusterMonitoring: true,\n clusterMonitoringInput: {\n answers: {\n \"exporter-kubelets.https\": true,\n \"exporter-node.enabled\": true,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": false,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version: \"0.1.0\",\n },\n});\n// Create a new rancher2 Cluster Sync for foo-custom cluster\nconst foo_customClusterSync = new rancher2.ClusterSync(\"foo-customClusterSync\", {\n clusterId: foo_customCluster.id,\n waitMonitoring: foo_customCluster.enableClusterMonitoring,\n});\n// Create a new rancher2 Namespace\nconst foo_istio = new rancher2.Namespace(\"foo-istio\", {\n projectId: foo_customClusterSync.systemProjectId,\n description: \"istio namespace\",\n});\n// Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\nconst istio = new rancher2.App(\"istio\", {\n catalogName: \"system-library\",\n description: \"Terraform app acceptance test\",\n projectId: foo_istio.projectId,\n templateName: \"rancher-istio\",\n templateVersion: \"0.1.1\",\n targetNamespace: foo_istio.id,\n answers: {\n \"certmanager.enabled\": false,\n enableCRDs: true,\n \"galley.enabled\": true,\n \"gateways.enabled\": false,\n \"gateways.istio-ingressgateway.resources.limits.cpu\": \"2000m\",\n \"gateways.istio-ingressgateway.resources.limits.memory\": \"1024Mi\",\n \"gateways.istio-ingressgateway.resources.requests.cpu\": \"100m\",\n \"gateways.istio-ingressgateway.resources.requests.memory\": \"128Mi\",\n \"gateways.istio-ingressgateway.type\": \"NodePort\",\n \"global.monitoring.type\": \"cluster-monitoring\",\n \"global.rancher.clusterId\": foo_customClusterSync.clusterId,\n \"istio_cni.enabled\": \"false\",\n \"istiocoredns.enabled\": \"false\",\n \"kiali.enabled\": \"true\",\n \"mixer.enabled\": \"true\",\n \"mixer.policy.enabled\": \"true\",\n \"mixer.policy.resources.limits.cpu\": \"4800m\",\n \"mixer.policy.resources.limits.memory\": \"4096Mi\",\n \"mixer.policy.resources.requests.cpu\": \"1000m\",\n \"mixer.policy.resources.requests.memory\": \"1024Mi\",\n \"mixer.telemetry.resources.limits.cpu\": \"4800m\",\n \"mixer.telemetry.resources.limits.memory\": \"4096Mi\",\n \"mixer.telemetry.resources.requests.cpu\": \"1000m\",\n \"mixer.telemetry.resources.requests.memory\": \"1024Mi\",\n \"mtls.enabled\": false,\n \"nodeagent.enabled\": false,\n \"pilot.enabled\": true,\n \"pilot.resources.limits.cpu\": \"1000m\",\n \"pilot.resources.limits.memory\": \"4096Mi\",\n \"pilot.resources.requests.cpu\": \"500m\",\n \"pilot.resources.requests.memory\": \"2048Mi\",\n \"pilot.traceSampling\": \"1\",\n \"security.enabled\": true,\n \"sidecarInjectorWebhook.enabled\": true,\n \"tracing.enabled\": true,\n \"tracing.jaeger.resources.limits.cpu\": \"500m\",\n \"tracing.jaeger.resources.limits.memory\": \"1024Mi\",\n \"tracing.jaeger.resources.requests.cpu\": \"100m\",\n \"tracing.jaeger.resources.requests.memory\": \"100Mi\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 RKE Cluster\nfoo_custom_cluster = rancher2.Cluster(\"foo-customCluster\",\n description=\"Foo rancher2 custom cluster\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ),\n enable_cluster_monitoring=True,\n cluster_monitoring_input=rancher2.ClusterClusterMonitoringInputArgs(\n answers={\n \"exporter-kubelets.https\": True,\n \"exporter-node.enabled\": True,\n \"exporter-node.ports.metrics.port\": 9796,\n \"exporter-node.resources.limits.cpu\": \"200m\",\n \"exporter-node.resources.limits.memory\": \"200Mi\",\n \"grafana.persistence.enabled\": False,\n \"grafana.persistence.size\": \"10Gi\",\n \"grafana.persistence.storageClass\": \"default\",\n \"operator.resources.limits.memory\": \"500Mi\",\n \"prometheus.persistence.enabled\": \"false\",\n \"prometheus.persistence.size\": \"50Gi\",\n \"prometheus.persistence.storageClass\": \"default\",\n \"prometheus.persistent.useReleaseName\": \"true\",\n \"prometheus.resources.core.limits.cpu\": \"1000m\",\n \"prometheus.resources.core.limits.memory\": \"1500Mi\",\n \"prometheus.resources.core.requests.cpu\": \"750m\",\n \"prometheus.resources.core.requests.memory\": \"750Mi\",\n \"prometheus.retention\": \"12h\",\n },\n version=\"0.1.0\",\n ))\n# Create a new rancher2 Cluster Sync for foo-custom cluster\nfoo_custom_cluster_sync = rancher2.ClusterSync(\"foo-customClusterSync\",\n cluster_id=foo_custom_cluster.id,\n wait_monitoring=foo_custom_cluster.enable_cluster_monitoring)\n# Create a new rancher2 Namespace\nfoo_istio = rancher2.Namespace(\"foo-istio\",\n project_id=foo_custom_cluster_sync.system_project_id,\n description=\"istio namespace\")\n# Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\nistio = rancher2.App(\"istio\",\n catalog_name=\"system-library\",\n description=\"Terraform app acceptance test\",\n project_id=foo_istio.project_id,\n template_name=\"rancher-istio\",\n template_version=\"0.1.1\",\n target_namespace=foo_istio.id,\n answers={\n \"certmanager.enabled\": False,\n \"enableCRDs\": True,\n \"galley.enabled\": True,\n \"gateways.enabled\": False,\n \"gateways.istio-ingressgateway.resources.limits.cpu\": \"2000m\",\n \"gateways.istio-ingressgateway.resources.limits.memory\": \"1024Mi\",\n \"gateways.istio-ingressgateway.resources.requests.cpu\": \"100m\",\n \"gateways.istio-ingressgateway.resources.requests.memory\": \"128Mi\",\n \"gateways.istio-ingressgateway.type\": \"NodePort\",\n \"global.monitoring.type\": \"cluster-monitoring\",\n \"global.rancher.clusterId\": foo_custom_cluster_sync.cluster_id,\n \"istio_cni.enabled\": \"false\",\n \"istiocoredns.enabled\": \"false\",\n \"kiali.enabled\": \"true\",\n \"mixer.enabled\": \"true\",\n \"mixer.policy.enabled\": \"true\",\n \"mixer.policy.resources.limits.cpu\": \"4800m\",\n \"mixer.policy.resources.limits.memory\": \"4096Mi\",\n \"mixer.policy.resources.requests.cpu\": \"1000m\",\n \"mixer.policy.resources.requests.memory\": \"1024Mi\",\n \"mixer.telemetry.resources.limits.cpu\": \"4800m\",\n \"mixer.telemetry.resources.limits.memory\": \"4096Mi\",\n \"mixer.telemetry.resources.requests.cpu\": \"1000m\",\n \"mixer.telemetry.resources.requests.memory\": \"1024Mi\",\n \"mtls.enabled\": False,\n \"nodeagent.enabled\": False,\n \"pilot.enabled\": True,\n \"pilot.resources.limits.cpu\": \"1000m\",\n \"pilot.resources.limits.memory\": \"4096Mi\",\n \"pilot.resources.requests.cpu\": \"500m\",\n \"pilot.resources.requests.memory\": \"2048Mi\",\n \"pilot.traceSampling\": \"1\",\n \"security.enabled\": True,\n \"sidecarInjectorWebhook.enabled\": True,\n \"tracing.enabled\": True,\n \"tracing.jaeger.resources.limits.cpu\": \"500m\",\n \"tracing.jaeger.resources.limits.memory\": \"1024Mi\",\n \"tracing.jaeger.resources.requests.cpu\": \"100m\",\n \"tracing.jaeger.resources.requests.memory\": \"100Mi\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 RKE Cluster\n var foo_customCluster = new Rancher2.Cluster(\"foo-customCluster\", new()\n {\n Description = \"Foo rancher2 custom cluster\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n EnableClusterMonitoring = true,\n ClusterMonitoringInput = new Rancher2.Inputs.ClusterClusterMonitoringInputArgs\n {\n Answers = \n {\n { \"exporter-kubelets.https\", true },\n { \"exporter-node.enabled\", true },\n { \"exporter-node.ports.metrics.port\", 9796 },\n { \"exporter-node.resources.limits.cpu\", \"200m\" },\n { \"exporter-node.resources.limits.memory\", \"200Mi\" },\n { \"grafana.persistence.enabled\", false },\n { \"grafana.persistence.size\", \"10Gi\" },\n { \"grafana.persistence.storageClass\", \"default\" },\n { \"operator.resources.limits.memory\", \"500Mi\" },\n { \"prometheus.persistence.enabled\", \"false\" },\n { \"prometheus.persistence.size\", \"50Gi\" },\n { \"prometheus.persistence.storageClass\", \"default\" },\n { \"prometheus.persistent.useReleaseName\", \"true\" },\n { \"prometheus.resources.core.limits.cpu\", \"1000m\" },\n { \"prometheus.resources.core.limits.memory\", \"1500Mi\" },\n { \"prometheus.resources.core.requests.cpu\", \"750m\" },\n { \"prometheus.resources.core.requests.memory\", \"750Mi\" },\n { \"prometheus.retention\", \"12h\" },\n },\n Version = \"0.1.0\",\n },\n });\n\n // Create a new rancher2 Cluster Sync for foo-custom cluster\n var foo_customClusterSync = new Rancher2.ClusterSync(\"foo-customClusterSync\", new()\n {\n ClusterId = foo_customCluster.Id,\n WaitMonitoring = foo_customCluster.EnableClusterMonitoring,\n });\n\n // Create a new rancher2 Namespace\n var foo_istio = new Rancher2.Namespace(\"foo-istio\", new()\n {\n ProjectId = foo_customClusterSync.SystemProjectId,\n Description = \"istio namespace\",\n });\n\n // Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\n var istio = new Rancher2.App(\"istio\", new()\n {\n CatalogName = \"system-library\",\n Description = \"Terraform app acceptance test\",\n ProjectId = foo_istio.ProjectId,\n TemplateName = \"rancher-istio\",\n TemplateVersion = \"0.1.1\",\n TargetNamespace = foo_istio.Id,\n Answers = \n {\n { \"certmanager.enabled\", false },\n { \"enableCRDs\", true },\n { \"galley.enabled\", true },\n { \"gateways.enabled\", false },\n { \"gateways.istio-ingressgateway.resources.limits.cpu\", \"2000m\" },\n { \"gateways.istio-ingressgateway.resources.limits.memory\", \"1024Mi\" },\n { \"gateways.istio-ingressgateway.resources.requests.cpu\", \"100m\" },\n { \"gateways.istio-ingressgateway.resources.requests.memory\", \"128Mi\" },\n { \"gateways.istio-ingressgateway.type\", \"NodePort\" },\n { \"global.monitoring.type\", \"cluster-monitoring\" },\n { \"global.rancher.clusterId\", foo_customClusterSync.ClusterId },\n { \"istio_cni.enabled\", \"false\" },\n { \"istiocoredns.enabled\", \"false\" },\n { \"kiali.enabled\", \"true\" },\n { \"mixer.enabled\", \"true\" },\n { \"mixer.policy.enabled\", \"true\" },\n { \"mixer.policy.resources.limits.cpu\", \"4800m\" },\n { \"mixer.policy.resources.limits.memory\", \"4096Mi\" },\n { \"mixer.policy.resources.requests.cpu\", \"1000m\" },\n { \"mixer.policy.resources.requests.memory\", \"1024Mi\" },\n { \"mixer.telemetry.resources.limits.cpu\", \"4800m\" },\n { \"mixer.telemetry.resources.limits.memory\", \"4096Mi\" },\n { \"mixer.telemetry.resources.requests.cpu\", \"1000m\" },\n { \"mixer.telemetry.resources.requests.memory\", \"1024Mi\" },\n { \"mtls.enabled\", false },\n { \"nodeagent.enabled\", false },\n { \"pilot.enabled\", true },\n { \"pilot.resources.limits.cpu\", \"1000m\" },\n { \"pilot.resources.limits.memory\", \"4096Mi\" },\n { \"pilot.resources.requests.cpu\", \"500m\" },\n { \"pilot.resources.requests.memory\", \"2048Mi\" },\n { \"pilot.traceSampling\", \"1\" },\n { \"security.enabled\", true },\n { \"sidecarInjectorWebhook.enabled\", true },\n { \"tracing.enabled\", true },\n { \"tracing.jaeger.resources.limits.cpu\", \"500m\" },\n { \"tracing.jaeger.resources.limits.memory\", \"1024Mi\" },\n { \"tracing.jaeger.resources.requests.cpu\", \"100m\" },\n { \"tracing.jaeger.resources.requests.memory\", \"100Mi\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 RKE Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-customCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Foo rancher2 custom cluster\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnableClusterMonitoring: pulumi.Bool(true),\n\t\t\tClusterMonitoringInput: \u0026rancher2.ClusterClusterMonitoringInputArgs{\n\t\t\t\tAnswers: pulumi.Map{\n\t\t\t\t\t\"exporter-kubelets.https\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.enabled\": pulumi.Any(true),\n\t\t\t\t\t\"exporter-node.ports.metrics.port\": pulumi.Any(9796),\n\t\t\t\t\t\"exporter-node.resources.limits.cpu\": pulumi.Any(\"200m\"),\n\t\t\t\t\t\"exporter-node.resources.limits.memory\": pulumi.Any(\"200Mi\"),\n\t\t\t\t\t\"grafana.persistence.enabled\": pulumi.Any(false),\n\t\t\t\t\t\"grafana.persistence.size\": pulumi.Any(\"10Gi\"),\n\t\t\t\t\t\"grafana.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"operator.resources.limits.memory\": pulumi.Any(\"500Mi\"),\n\t\t\t\t\t\"prometheus.persistence.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\t\"prometheus.persistence.size\": pulumi.Any(\"50Gi\"),\n\t\t\t\t\t\"prometheus.persistence.storageClass\": pulumi.Any(\"default\"),\n\t\t\t\t\t\"prometheus.persistent.useReleaseName\": pulumi.Any(\"true\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\t\"prometheus.resources.core.limits.memory\": pulumi.Any(\"1500Mi\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.cpu\": pulumi.Any(\"750m\"),\n\t\t\t\t\t\"prometheus.resources.core.requests.memory\": pulumi.Any(\"750Mi\"),\n\t\t\t\t\t\"prometheus.retention\": pulumi.Any(\"12h\"),\n\t\t\t\t},\n\t\t\t\tVersion: pulumi.String(\"0.1.0\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Cluster Sync for foo-custom cluster\n\t\t_, err = rancher2.NewClusterSync(ctx, \"foo-customClusterSync\", \u0026rancher2.ClusterSyncArgs{\n\t\t\tClusterId: foo_customCluster.ID(),\n\t\t\tWaitMonitoring: foo_customCluster.EnableClusterMonitoring,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Namespace\n\t\t_, err = rancher2.NewNamespace(ctx, \"foo-istio\", \u0026rancher2.NamespaceArgs{\n\t\t\tProjectId: foo_customClusterSync.SystemProjectId,\n\t\t\tDescription: pulumi.String(\"istio namespace\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\n\t\t_, err = rancher2.NewApp(ctx, \"istio\", \u0026rancher2.AppArgs{\n\t\t\tCatalogName: pulumi.String(\"system-library\"),\n\t\t\tDescription: pulumi.String(\"Terraform app acceptance test\"),\n\t\t\tProjectId: foo_istio.ProjectId,\n\t\t\tTemplateName: pulumi.String(\"rancher-istio\"),\n\t\t\tTemplateVersion: pulumi.String(\"0.1.1\"),\n\t\t\tTargetNamespace: foo_istio.ID(),\n\t\t\tAnswers: pulumi.Map{\n\t\t\t\t\"certmanager.enabled\": pulumi.Any(false),\n\t\t\t\t\"enableCRDs\": pulumi.Any(true),\n\t\t\t\t\"galley.enabled\": pulumi.Any(true),\n\t\t\t\t\"gateways.enabled\": pulumi.Any(false),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.limits.cpu\": pulumi.Any(\"2000m\"),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.limits.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.requests.cpu\": pulumi.Any(\"100m\"),\n\t\t\t\t\"gateways.istio-ingressgateway.resources.requests.memory\": pulumi.Any(\"128Mi\"),\n\t\t\t\t\"gateways.istio-ingressgateway.type\": pulumi.Any(\"NodePort\"),\n\t\t\t\t\"global.monitoring.type\": pulumi.Any(\"cluster-monitoring\"),\n\t\t\t\t\"global.rancher.clusterId\": foo_customClusterSync.ClusterId,\n\t\t\t\t\"istio_cni.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\"istiocoredns.enabled\": pulumi.Any(\"false\"),\n\t\t\t\t\"kiali.enabled\": pulumi.Any(\"true\"),\n\t\t\t\t\"mixer.enabled\": pulumi.Any(\"true\"),\n\t\t\t\t\"mixer.policy.enabled\": pulumi.Any(\"true\"),\n\t\t\t\t\"mixer.policy.resources.limits.cpu\": pulumi.Any(\"4800m\"),\n\t\t\t\t\"mixer.policy.resources.limits.memory\": pulumi.Any(\"4096Mi\"),\n\t\t\t\t\"mixer.policy.resources.requests.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\"mixer.policy.resources.requests.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"mixer.telemetry.resources.limits.cpu\": pulumi.Any(\"4800m\"),\n\t\t\t\t\"mixer.telemetry.resources.limits.memory\": pulumi.Any(\"4096Mi\"),\n\t\t\t\t\"mixer.telemetry.resources.requests.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\"mixer.telemetry.resources.requests.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"mtls.enabled\": pulumi.Any(false),\n\t\t\t\t\"nodeagent.enabled\": pulumi.Any(false),\n\t\t\t\t\"pilot.enabled\": pulumi.Any(true),\n\t\t\t\t\"pilot.resources.limits.cpu\": pulumi.Any(\"1000m\"),\n\t\t\t\t\"pilot.resources.limits.memory\": pulumi.Any(\"4096Mi\"),\n\t\t\t\t\"pilot.resources.requests.cpu\": pulumi.Any(\"500m\"),\n\t\t\t\t\"pilot.resources.requests.memory\": pulumi.Any(\"2048Mi\"),\n\t\t\t\t\"pilot.traceSampling\": pulumi.Any(\"1\"),\n\t\t\t\t\"security.enabled\": pulumi.Any(true),\n\t\t\t\t\"sidecarInjectorWebhook.enabled\": pulumi.Any(true),\n\t\t\t\t\"tracing.enabled\": pulumi.Any(true),\n\t\t\t\t\"tracing.jaeger.resources.limits.cpu\": pulumi.Any(\"500m\"),\n\t\t\t\t\"tracing.jaeger.resources.limits.memory\": pulumi.Any(\"1024Mi\"),\n\t\t\t\t\"tracing.jaeger.resources.requests.cpu\": pulumi.Any(\"100m\"),\n\t\t\t\t\"tracing.jaeger.resources.requests.memory\": pulumi.Any(\"100Mi\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.inputs.ClusterClusterMonitoringInputArgs;\nimport com.pulumi.rancher2.ClusterSync;\nimport com.pulumi.rancher2.ClusterSyncArgs;\nimport com.pulumi.rancher2.Namespace;\nimport com.pulumi.rancher2.NamespaceArgs;\nimport com.pulumi.rancher2.App;\nimport com.pulumi.rancher2.AppArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_customCluster = new Cluster(\"foo-customCluster\", ClusterArgs.builder() \n .description(\"Foo rancher2 custom cluster\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .enableClusterMonitoring(true)\n .clusterMonitoringInput(ClusterClusterMonitoringInputArgs.builder()\n .answers(Map.ofEntries(\n Map.entry(\"exporter-kubelets.https\", true),\n Map.entry(\"exporter-node.enabled\", true),\n Map.entry(\"exporter-node.ports.metrics.port\", 9796),\n Map.entry(\"exporter-node.resources.limits.cpu\", \"200m\"),\n Map.entry(\"exporter-node.resources.limits.memory\", \"200Mi\"),\n Map.entry(\"grafana.persistence.enabled\", false),\n Map.entry(\"grafana.persistence.size\", \"10Gi\"),\n Map.entry(\"grafana.persistence.storageClass\", \"default\"),\n Map.entry(\"operator.resources.limits.memory\", \"500Mi\"),\n Map.entry(\"prometheus.persistence.enabled\", \"false\"),\n Map.entry(\"prometheus.persistence.size\", \"50Gi\"),\n Map.entry(\"prometheus.persistence.storageClass\", \"default\"),\n Map.entry(\"prometheus.persistent.useReleaseName\", \"true\"),\n Map.entry(\"prometheus.resources.core.limits.cpu\", \"1000m\"),\n Map.entry(\"prometheus.resources.core.limits.memory\", \"1500Mi\"),\n Map.entry(\"prometheus.resources.core.requests.cpu\", \"750m\"),\n Map.entry(\"prometheus.resources.core.requests.memory\", \"750Mi\"),\n Map.entry(\"prometheus.retention\", \"12h\")\n ))\n .version(\"0.1.0\")\n .build())\n .build());\n\n var foo_customClusterSync = new ClusterSync(\"foo-customClusterSync\", ClusterSyncArgs.builder() \n .clusterId(foo_customCluster.id())\n .waitMonitoring(foo_customCluster.enableClusterMonitoring())\n .build());\n\n var foo_istio = new Namespace(\"foo-istio\", NamespaceArgs.builder() \n .projectId(foo_customClusterSync.systemProjectId())\n .description(\"istio namespace\")\n .build());\n\n var istio = new App(\"istio\", AppArgs.builder() \n .catalogName(\"system-library\")\n .description(\"Terraform app acceptance test\")\n .projectId(foo_istio.projectId())\n .templateName(\"rancher-istio\")\n .templateVersion(\"0.1.1\")\n .targetNamespace(foo_istio.id())\n .answers(Map.ofEntries(\n Map.entry(\"certmanager.enabled\", false),\n Map.entry(\"enableCRDs\", true),\n Map.entry(\"galley.enabled\", true),\n Map.entry(\"gateways.enabled\", false),\n Map.entry(\"gateways.istio-ingressgateway.resources.limits.cpu\", \"2000m\"),\n Map.entry(\"gateways.istio-ingressgateway.resources.limits.memory\", \"1024Mi\"),\n Map.entry(\"gateways.istio-ingressgateway.resources.requests.cpu\", \"100m\"),\n Map.entry(\"gateways.istio-ingressgateway.resources.requests.memory\", \"128Mi\"),\n Map.entry(\"gateways.istio-ingressgateway.type\", \"NodePort\"),\n Map.entry(\"global.monitoring.type\", \"cluster-monitoring\"),\n Map.entry(\"global.rancher.clusterId\", foo_customClusterSync.clusterId()),\n Map.entry(\"istio_cni.enabled\", \"false\"),\n Map.entry(\"istiocoredns.enabled\", \"false\"),\n Map.entry(\"kiali.enabled\", \"true\"),\n Map.entry(\"mixer.enabled\", \"true\"),\n Map.entry(\"mixer.policy.enabled\", \"true\"),\n Map.entry(\"mixer.policy.resources.limits.cpu\", \"4800m\"),\n Map.entry(\"mixer.policy.resources.limits.memory\", \"4096Mi\"),\n Map.entry(\"mixer.policy.resources.requests.cpu\", \"1000m\"),\n Map.entry(\"mixer.policy.resources.requests.memory\", \"1024Mi\"),\n Map.entry(\"mixer.telemetry.resources.limits.cpu\", \"4800m\"),\n Map.entry(\"mixer.telemetry.resources.limits.memory\", \"4096Mi\"),\n Map.entry(\"mixer.telemetry.resources.requests.cpu\", \"1000m\"),\n Map.entry(\"mixer.telemetry.resources.requests.memory\", \"1024Mi\"),\n Map.entry(\"mtls.enabled\", false),\n Map.entry(\"nodeagent.enabled\", false),\n Map.entry(\"pilot.enabled\", true),\n Map.entry(\"pilot.resources.limits.cpu\", \"1000m\"),\n Map.entry(\"pilot.resources.limits.memory\", \"4096Mi\"),\n Map.entry(\"pilot.resources.requests.cpu\", \"500m\"),\n Map.entry(\"pilot.resources.requests.memory\", \"2048Mi\"),\n Map.entry(\"pilot.traceSampling\", \"1\"),\n Map.entry(\"security.enabled\", true),\n Map.entry(\"sidecarInjectorWebhook.enabled\", true),\n Map.entry(\"tracing.enabled\", true),\n Map.entry(\"tracing.jaeger.resources.limits.cpu\", \"500m\"),\n Map.entry(\"tracing.jaeger.resources.limits.memory\", \"1024Mi\"),\n Map.entry(\"tracing.jaeger.resources.requests.cpu\", \"100m\"),\n Map.entry(\"tracing.jaeger.resources.requests.memory\", \"100Mi\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 RKE Cluster\n foo-customCluster:\n type: rancher2:Cluster\n properties:\n description: Foo rancher2 custom cluster\n rkeConfig:\n network:\n plugin: canal\n enableClusterMonitoring: true\n clusterMonitoringInput:\n answers:\n exporter-kubelets.https: true\n exporter-node.enabled: true\n exporter-node.ports.metrics.port: 9796\n exporter-node.resources.limits.cpu: 200m\n exporter-node.resources.limits.memory: 200Mi\n grafana.persistence.enabled: false\n grafana.persistence.size: 10Gi\n grafana.persistence.storageClass: default\n operator.resources.limits.memory: 500Mi\n prometheus.persistence.enabled: 'false'\n prometheus.persistence.size: 50Gi\n prometheus.persistence.storageClass: default\n prometheus.persistent.useReleaseName: 'true'\n prometheus.resources.core.limits.cpu: 1000m\n prometheus.resources.core.limits.memory: 1500Mi\n prometheus.resources.core.requests.cpu: 750m\n prometheus.resources.core.requests.memory: 750Mi\n prometheus.retention: 12h\n version: 0.1.0\n # Create a new rancher2 Cluster Sync for foo-custom cluster\n foo-customClusterSync:\n type: rancher2:ClusterSync\n properties:\n clusterId: ${[\"foo-customCluster\"].id}\n waitMonitoring: ${[\"foo-customCluster\"].enableClusterMonitoring}\n # Create a new rancher2 Namespace\n foo-istio:\n type: rancher2:Namespace\n properties:\n projectId: ${[\"foo-customClusterSync\"].systemProjectId}\n description: istio namespace\n # Create a new rancher2 App deploying istio (should wait until monitoring is up and running)\n istio:\n type: rancher2:App\n properties:\n catalogName: system-library\n description: Terraform app acceptance test\n projectId: ${[\"foo-istio\"].projectId}\n templateName: rancher-istio\n templateVersion: 0.1.1\n targetNamespace: ${[\"foo-istio\"].id}\n answers:\n certmanager.enabled: false\n enableCRDs: true\n galley.enabled: true\n gateways.enabled: false\n gateways.istio-ingressgateway.resources.limits.cpu: 2000m\n gateways.istio-ingressgateway.resources.limits.memory: 1024Mi\n gateways.istio-ingressgateway.resources.requests.cpu: 100m\n gateways.istio-ingressgateway.resources.requests.memory: 128Mi\n gateways.istio-ingressgateway.type: NodePort\n global.monitoring.type: cluster-monitoring\n global.rancher.clusterId: ${[\"foo-customClusterSync\"].clusterId}\n istio_cni.enabled: 'false'\n istiocoredns.enabled: 'false'\n kiali.enabled: 'true'\n mixer.enabled: 'true'\n mixer.policy.enabled: 'true'\n mixer.policy.resources.limits.cpu: 4800m\n mixer.policy.resources.limits.memory: 4096Mi\n mixer.policy.resources.requests.cpu: 1000m\n mixer.policy.resources.requests.memory: 1024Mi\n mixer.telemetry.resources.limits.cpu: 4800m\n mixer.telemetry.resources.limits.memory: 4096Mi\n mixer.telemetry.resources.requests.cpu: 1000m\n mixer.telemetry.resources.requests.memory: 1024Mi\n mtls.enabled: false\n nodeagent.enabled: false\n pilot.enabled: true\n pilot.resources.limits.cpu: 1000m\n pilot.resources.limits.memory: 4096Mi\n pilot.resources.requests.cpu: 500m\n pilot.resources.requests.memory: 2048Mi\n pilot.traceSampling: '1'\n security.enabled: true\n sidecarInjectorWebhook.enabled: true\n tracing.enabled: true\n tracing.jaeger.resources.limits.cpu: 500m\n tracing.jaeger.resources.limits.memory: 1024Mi\n tracing.jaeger.resources.requests.cpu: 100m\n tracing.jaeger.resources.requests.memory: 100Mi\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster assigning a node pool (overlapped planes)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 RKE Cluster\nconst foo_custom = new rancher2.Cluster(\"foo-custom\", {\n description: \"Foo rancher2 custom cluster\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n});\n// Create a new rancher2 Node Template\nconst fooNodeTemplate = new rancher2.NodeTemplate(\"fooNodeTemplate\", {\n description: \"foo test\",\n amazonec2Config: {\n accessKey: \"\u003cAWS_ACCESS_KEY\u003e\",\n secretKey: \"\u003cAWS_SECRET_KEY\u003e\",\n ami: \"\u003cAMI_ID\u003e\",\n region: \"\u003cREGION\u003e\",\n securityGroups: [\"\u003cAWS_SECURITY_GROUP\u003e\"],\n subnetId: \"\u003cSUBNET_ID\u003e\",\n vpcId: \"\u003cVPC_ID\u003e\",\n zone: \"\u003cZONE\u003e\",\n },\n});\n// Create a new rancher2 Node Pool\nconst fooNodePool = new rancher2.NodePool(\"fooNodePool\", {\n clusterId: foo_custom.id,\n hostnamePrefix: \"foo-cluster-0\",\n nodeTemplateId: fooNodeTemplate.id,\n quantity: 3,\n controlPlane: true,\n etcd: true,\n worker: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 RKE Cluster\nfoo_custom = rancher2.Cluster(\"foo-custom\",\n description=\"Foo rancher2 custom cluster\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ))\n# Create a new rancher2 Node Template\nfoo_node_template = rancher2.NodeTemplate(\"fooNodeTemplate\",\n description=\"foo test\",\n amazonec2_config=rancher2.NodeTemplateAmazonec2ConfigArgs(\n access_key=\"\u003cAWS_ACCESS_KEY\u003e\",\n secret_key=\"\u003cAWS_SECRET_KEY\u003e\",\n ami=\"\u003cAMI_ID\u003e\",\n region=\"\u003cREGION\u003e\",\n security_groups=[\"\u003cAWS_SECURITY_GROUP\u003e\"],\n subnet_id=\"\u003cSUBNET_ID\u003e\",\n vpc_id=\"\u003cVPC_ID\u003e\",\n zone=\"\u003cZONE\u003e\",\n ))\n# Create a new rancher2 Node Pool\nfoo_node_pool = rancher2.NodePool(\"fooNodePool\",\n cluster_id=foo_custom.id,\n hostname_prefix=\"foo-cluster-0\",\n node_template_id=foo_node_template.id,\n quantity=3,\n control_plane=True,\n etcd=True,\n worker=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 RKE Cluster\n var foo_custom = new Rancher2.Cluster(\"foo-custom\", new()\n {\n Description = \"Foo rancher2 custom cluster\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n });\n\n // Create a new rancher2 Node Template\n var fooNodeTemplate = new Rancher2.NodeTemplate(\"fooNodeTemplate\", new()\n {\n Description = \"foo test\",\n Amazonec2Config = new Rancher2.Inputs.NodeTemplateAmazonec2ConfigArgs\n {\n AccessKey = \"\u003cAWS_ACCESS_KEY\u003e\",\n SecretKey = \"\u003cAWS_SECRET_KEY\u003e\",\n Ami = \"\u003cAMI_ID\u003e\",\n Region = \"\u003cREGION\u003e\",\n SecurityGroups = new[]\n {\n \"\u003cAWS_SECURITY_GROUP\u003e\",\n },\n SubnetId = \"\u003cSUBNET_ID\u003e\",\n VpcId = \"\u003cVPC_ID\u003e\",\n Zone = \"\u003cZONE\u003e\",\n },\n });\n\n // Create a new rancher2 Node Pool\n var fooNodePool = new Rancher2.NodePool(\"fooNodePool\", new()\n {\n ClusterId = foo_custom.Id,\n HostnamePrefix = \"foo-cluster-0\",\n NodeTemplateId = fooNodeTemplate.Id,\n Quantity = 3,\n ControlPlane = true,\n Etcd = true,\n Worker = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 RKE Cluster\n\t\t_, err := rancher2.NewCluster(ctx, \"foo-custom\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Foo rancher2 custom cluster\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Node Template\n\t\tfooNodeTemplate, err := rancher2.NewNodeTemplate(ctx, \"fooNodeTemplate\", \u0026rancher2.NodeTemplateArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2Config: \u0026rancher2.NodeTemplateAmazonec2ConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003cAWS_ACCESS_KEY\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003cAWS_SECRET_KEY\u003e\"),\n\t\t\t\tAmi: pulumi.String(\"\u003cAMI_ID\u003e\"),\n\t\t\t\tRegion: pulumi.String(\"\u003cREGION\u003e\"),\n\t\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"\u003cAWS_SECURITY_GROUP\u003e\"),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.String(\"\u003cSUBNET_ID\u003e\"),\n\t\t\t\tVpcId: pulumi.String(\"\u003cVPC_ID\u003e\"),\n\t\t\t\tZone: pulumi.String(\"\u003cZONE\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 Node Pool\n\t\t_, err = rancher2.NewNodePool(ctx, \"fooNodePool\", \u0026rancher2.NodePoolArgs{\n\t\t\tClusterId: foo_custom.ID(),\n\t\t\tHostnamePrefix: pulumi.String(\"foo-cluster-0\"),\n\t\t\tNodeTemplateId: fooNodeTemplate.ID(),\n\t\t\tQuantity: pulumi.Int(3),\n\t\t\tControlPlane: pulumi.Bool(true),\n\t\t\tEtcd: pulumi.Bool(true),\n\t\t\tWorker: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.NodeTemplate;\nimport com.pulumi.rancher2.NodeTemplateArgs;\nimport com.pulumi.rancher2.inputs.NodeTemplateAmazonec2ConfigArgs;\nimport com.pulumi.rancher2.NodePool;\nimport com.pulumi.rancher2.NodePoolArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_custom = new Cluster(\"foo-custom\", ClusterArgs.builder() \n .description(\"Foo rancher2 custom cluster\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .build());\n\n var fooNodeTemplate = new NodeTemplate(\"fooNodeTemplate\", NodeTemplateArgs.builder() \n .description(\"foo test\")\n .amazonec2Config(NodeTemplateAmazonec2ConfigArgs.builder()\n .accessKey(\"\u003cAWS_ACCESS_KEY\u003e\")\n .secretKey(\"\u003cAWS_SECRET_KEY\u003e\")\n .ami(\"\u003cAMI_ID\u003e\")\n .region(\"\u003cREGION\u003e\")\n .securityGroups(\"\u003cAWS_SECURITY_GROUP\u003e\")\n .subnetId(\"\u003cSUBNET_ID\u003e\")\n .vpcId(\"\u003cVPC_ID\u003e\")\n .zone(\"\u003cZONE\u003e\")\n .build())\n .build());\n\n var fooNodePool = new NodePool(\"fooNodePool\", NodePoolArgs.builder() \n .clusterId(foo_custom.id())\n .hostnamePrefix(\"foo-cluster-0\")\n .nodeTemplateId(fooNodeTemplate.id())\n .quantity(3)\n .controlPlane(true)\n .etcd(true)\n .worker(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 RKE Cluster\n foo-custom:\n type: rancher2:Cluster\n properties:\n description: Foo rancher2 custom cluster\n rkeConfig:\n network:\n plugin: canal\n # Create a new rancher2 Node Template\n fooNodeTemplate:\n type: rancher2:NodeTemplate\n properties:\n description: foo test\n amazonec2Config:\n accessKey: \u003cAWS_ACCESS_KEY\u003e\n secretKey: \u003cAWS_SECRET_KEY\u003e\n ami: \u003cAMI_ID\u003e\n region: \u003cREGION\u003e\n securityGroups:\n - \u003cAWS_SECURITY_GROUP\u003e\n subnetId: \u003cSUBNET_ID\u003e\n vpcId: \u003cVPC_ID\u003e\n zone: \u003cZONE\u003e\n # Create a new rancher2 Node Pool\n fooNodePool:\n type: rancher2:NodePool\n properties:\n clusterId: ${[\"foo-custom\"].id}\n hostnamePrefix: foo-cluster-0\n nodeTemplateId: ${fooNodeTemplate.id}\n quantity: 3\n controlPlane: true\n etcd: true\n worker: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster from template. For Rancher v2.3.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Create a new rancher2 cluster template\nconst fooClusterTemplate = new rancher2.ClusterTemplate(\"fooClusterTemplate\", {\n members: [{\n accessType: \"owner\",\n userPrincipalId: \"local://user-XXXXX\",\n }],\n templateRevisions: [{\n name: \"V1\",\n clusterConfig: {\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n services: {\n etcd: {\n creation: \"6h\",\n retention: \"24h\",\n },\n },\n },\n },\n \"default\": true,\n }],\n description: \"Test cluster template v2\",\n});\n// Create a new rancher2 RKE Cluster from template\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n clusterTemplateId: fooClusterTemplate.id,\n clusterTemplateRevisionId: fooClusterTemplate.templateRevisions.apply(templateRevisions =\u003e templateRevisions[0].id),\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Create a new rancher2 cluster template\nfoo_cluster_template = rancher2.ClusterTemplate(\"fooClusterTemplate\",\n members=[rancher2.ClusterTemplateMemberArgs(\n access_type=\"owner\",\n user_principal_id=\"local://user-XXXXX\",\n )],\n template_revisions=[rancher2.ClusterTemplateTemplateRevisionArgs(\n name=\"V1\",\n cluster_config=rancher2.ClusterTemplateTemplateRevisionClusterConfigArgs(\n rke_config=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs(\n network=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n services=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs(\n etcd=rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs(\n creation=\"6h\",\n retention=\"24h\",\n ),\n ),\n ),\n ),\n default=True,\n )],\n description=\"Test cluster template v2\")\n# Create a new rancher2 RKE Cluster from template\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n cluster_template_id=foo_cluster_template.id,\n cluster_template_revision_id=foo_cluster_template.template_revisions[0].id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new rancher2 cluster template\n var fooClusterTemplate = new Rancher2.ClusterTemplate(\"fooClusterTemplate\", new()\n {\n Members = new[]\n {\n new Rancher2.Inputs.ClusterTemplateMemberArgs\n {\n AccessType = \"owner\",\n UserPrincipalId = \"local://user-XXXXX\",\n },\n },\n TemplateRevisions = new[]\n {\n new Rancher2.Inputs.ClusterTemplateTemplateRevisionArgs\n {\n Name = \"V1\",\n ClusterConfig = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigArgs\n {\n RkeConfig = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n Services = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs\n {\n Etcd = new Rancher2.Inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs\n {\n Creation = \"6h\",\n Retention = \"24h\",\n },\n },\n },\n },\n Default = true,\n },\n },\n Description = \"Test cluster template v2\",\n });\n\n // Create a new rancher2 RKE Cluster from template\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n ClusterTemplateId = fooClusterTemplate.Id,\n ClusterTemplateRevisionId = fooClusterTemplate.TemplateRevisions.Apply(templateRevisions =\u003e templateRevisions[0].Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new rancher2 cluster template\n\t\tfooClusterTemplate, err := rancher2.NewClusterTemplate(ctx, \"fooClusterTemplate\", \u0026rancher2.ClusterTemplateArgs{\n\t\t\tMembers: rancher2.ClusterTemplateMemberArray{\n\t\t\t\t\u0026rancher2.ClusterTemplateMemberArgs{\n\t\t\t\t\tAccessType: pulumi.String(\"owner\"),\n\t\t\t\t\tUserPrincipalId: pulumi.String(\"local://user-XXXXX\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTemplateRevisions: rancher2.ClusterTemplateTemplateRevisionArray{\n\t\t\t\t\u0026rancher2.ClusterTemplateTemplateRevisionArgs{\n\t\t\t\t\tName: pulumi.String(\"V1\"),\n\t\t\t\t\tClusterConfig: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigArgs{\n\t\t\t\t\t\tRkeConfig: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs{\n\t\t\t\t\t\t\tNetwork: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs{\n\t\t\t\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tServices: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs{\n\t\t\t\t\t\t\t\tEtcd: \u0026rancher2.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs{\n\t\t\t\t\t\t\t\t\tCreation: pulumi.String(\"6h\"),\n\t\t\t\t\t\t\t\t\tRetention: pulumi.String(\"24h\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tDefault: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Test cluster template v2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new rancher2 RKE Cluster from template\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tClusterTemplateId: fooClusterTemplate.ID(),\n\t\t\tClusterTemplateRevisionId: fooClusterTemplate.TemplateRevisions.ApplyT(func(templateRevisions []rancher2.ClusterTemplateTemplateRevision) (*string, error) {\n\t\t\t\treturn \u0026templateRevisions[0].Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.ClusterTemplate;\nimport com.pulumi.rancher2.ClusterTemplateArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateMemberArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs;\nimport com.pulumi.rancher2.inputs.ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooClusterTemplate = new ClusterTemplate(\"fooClusterTemplate\", ClusterTemplateArgs.builder() \n .members(ClusterTemplateMemberArgs.builder()\n .accessType(\"owner\")\n .userPrincipalId(\"local://user-XXXXX\")\n .build())\n .templateRevisions(ClusterTemplateTemplateRevisionArgs.builder()\n .name(\"V1\")\n .clusterConfig(ClusterTemplateTemplateRevisionClusterConfigArgs.builder()\n .rkeConfig(ClusterTemplateTemplateRevisionClusterConfigRkeConfigArgs.builder()\n .network(ClusterTemplateTemplateRevisionClusterConfigRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .services(ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesArgs.builder()\n .etcd(ClusterTemplateTemplateRevisionClusterConfigRkeConfigServicesEtcdArgs.builder()\n .creation(\"6h\")\n .retention(\"24h\")\n .build())\n .build())\n .build())\n .build())\n .default_(true)\n .build())\n .description(\"Test cluster template v2\")\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .clusterTemplateId(fooClusterTemplate.id())\n .clusterTemplateRevisionId(fooClusterTemplate.templateRevisions().applyValue(templateRevisions -\u003e templateRevisions[0].id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new rancher2 cluster template\n fooClusterTemplate:\n type: rancher2:ClusterTemplate\n properties:\n members:\n - accessType: owner\n userPrincipalId: local://user-XXXXX\n templateRevisions:\n - name: V1\n clusterConfig:\n rkeConfig:\n network:\n plugin: canal\n services:\n etcd:\n creation: 6h\n retention: 24h\n default: true\n description: Test cluster template v2\n # Create a new rancher2 RKE Cluster from template\n fooCluster:\n type: rancher2:Cluster\n properties:\n clusterTemplateId: ${fooClusterTemplate.id}\n clusterTemplateRevisionId: ${fooClusterTemplate.templateRevisions[0].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster with upgrade strategy. For Rancher v2.4.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst foo = new rancher2.Cluster(\"foo\", {\n description: \"Terraform custom cluster\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n services: {\n etcd: {\n creation: \"6h\",\n retention: \"24h\",\n },\n kubeApi: {\n auditLog: {\n configuration: {\n format: \"json\",\n maxAge: 5,\n maxBackup: 5,\n maxSize: 100,\n path: \"-\",\n policy: `apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n`,\n },\n enabled: true,\n },\n },\n },\n upgradeStrategy: {\n drain: true,\n maxUnavailableWorker: \"20%\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo = rancher2.Cluster(\"foo\",\n description=\"Terraform custom cluster\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n services=rancher2.ClusterRkeConfigServicesArgs(\n etcd=rancher2.ClusterRkeConfigServicesEtcdArgs(\n creation=\"6h\",\n retention=\"24h\",\n ),\n kube_api=rancher2.ClusterRkeConfigServicesKubeApiArgs(\n audit_log=rancher2.ClusterRkeConfigServicesKubeApiAuditLogArgs(\n configuration=rancher2.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs(\n format=\"json\",\n max_age=5,\n max_backup=5,\n max_size=100,\n path=\"-\",\n policy=\"\"\"apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n\"\"\",\n ),\n enabled=True,\n ),\n ),\n ),\n upgrade_strategy=rancher2.ClusterRkeConfigUpgradeStrategyArgs(\n drain=True,\n max_unavailable_worker=\"20%\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Rancher2.Cluster(\"foo\", new()\n {\n Description = \"Terraform custom cluster\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n Services = new Rancher2.Inputs.ClusterRkeConfigServicesArgs\n {\n Etcd = new Rancher2.Inputs.ClusterRkeConfigServicesEtcdArgs\n {\n Creation = \"6h\",\n Retention = \"24h\",\n },\n KubeApi = new Rancher2.Inputs.ClusterRkeConfigServicesKubeApiArgs\n {\n AuditLog = new Rancher2.Inputs.ClusterRkeConfigServicesKubeApiAuditLogArgs\n {\n Configuration = new Rancher2.Inputs.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs\n {\n Format = \"json\",\n MaxAge = 5,\n MaxBackup = 5,\n MaxSize = 100,\n Path = \"-\",\n Policy = @\"apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n\",\n },\n Enabled = true,\n },\n },\n },\n UpgradeStrategy = new Rancher2.Inputs.ClusterRkeConfigUpgradeStrategyArgs\n {\n Drain = true,\n MaxUnavailableWorker = \"20%\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rancher2.NewCluster(ctx, \"foo\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform custom cluster\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t\tServices: \u0026rancher2.ClusterRkeConfigServicesArgs{\n\t\t\t\t\tEtcd: \u0026rancher2.ClusterRkeConfigServicesEtcdArgs{\n\t\t\t\t\t\tCreation: pulumi.String(\"6h\"),\n\t\t\t\t\t\tRetention: pulumi.String(\"24h\"),\n\t\t\t\t\t},\n\t\t\t\t\tKubeApi: \u0026rancher2.ClusterRkeConfigServicesKubeApiArgs{\n\t\t\t\t\t\tAuditLog: \u0026rancher2.ClusterRkeConfigServicesKubeApiAuditLogArgs{\n\t\t\t\t\t\t\tConfiguration: \u0026rancher2.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs{\n\t\t\t\t\t\t\t\tFormat: pulumi.String(\"json\"),\n\t\t\t\t\t\t\t\tMaxAge: pulumi.Int(5),\n\t\t\t\t\t\t\t\tMaxBackup: pulumi.Int(5),\n\t\t\t\t\t\t\t\tMaxSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tPath: pulumi.String(\"-\"),\n\t\t\t\t\t\t\t\tPolicy: pulumi.String(`apiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n`),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpgradeStrategy: \u0026rancher2.ClusterRkeConfigUpgradeStrategyArgs{\n\t\t\t\t\tDrain: pulumi.Bool(true),\n\t\t\t\t\tMaxUnavailableWorker: pulumi.String(\"20%\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesEtcdArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesKubeApiArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesKubeApiAuditLogArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigUpgradeStrategyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Cluster(\"foo\", ClusterArgs.builder() \n .description(\"Terraform custom cluster\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .services(ClusterRkeConfigServicesArgs.builder()\n .etcd(ClusterRkeConfigServicesEtcdArgs.builder()\n .creation(\"6h\")\n .retention(\"24h\")\n .build())\n .kubeApi(ClusterRkeConfigServicesKubeApiArgs.builder()\n .auditLog(ClusterRkeConfigServicesKubeApiAuditLogArgs.builder()\n .configuration(ClusterRkeConfigServicesKubeApiAuditLogConfigurationArgs.builder()\n .format(\"json\")\n .maxAge(5)\n .maxBackup(5)\n .maxSize(100)\n .path(\"-\")\n .policy(\"\"\"\napiVersion: audit.k8s.io/v1\nkind: Policy\nmetadata:\n creationTimestamp: null\nomitStages:\n- RequestReceived\nrules:\n- level: RequestResponse\n resources:\n - resources:\n - pods\n\n \"\"\")\n .build())\n .enabled(true)\n .build())\n .build())\n .build())\n .upgradeStrategy(ClusterRkeConfigUpgradeStrategyArgs.builder()\n .drain(true)\n .maxUnavailableWorker(\"20%\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: rancher2:Cluster\n properties:\n description: Terraform custom cluster\n rkeConfig:\n network:\n plugin: canal\n services:\n etcd:\n creation: 6h\n retention: 24h\n kubeApi:\n auditLog:\n configuration:\n format: json\n maxAge: 5\n maxBackup: 5\n maxSize: 100\n path: '-'\n policy: |+\n apiVersion: audit.k8s.io/v1\n kind: Policy\n metadata:\n creationTimestamp: null\n omitStages:\n - RequestReceived\n rules:\n - level: RequestResponse\n resources:\n - resources:\n - pods\n\n enabled: true\n upgradeStrategy:\n drain: true\n maxUnavailableWorker: 20%\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster with cluster agent customization. For Rancher v2.7.5 and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst foo = new rancher2.Cluster(\"foo\", {\n clusterAgentDeploymentCustomizations: [{\n appendTolerations: [{\n effect: \"NoSchedule\",\n key: \"tolerate/control-plane\",\n value: \"true\",\n }],\n overrideAffinity: `{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n`,\n overrideResourceRequirements: [{\n cpuLimit: \"800\",\n cpuRequest: \"500\",\n memoryLimit: \"800\",\n memoryRequest: \"500\",\n }],\n }],\n description: \"Terraform cluster with agent customization\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo = rancher2.Cluster(\"foo\",\n cluster_agent_deployment_customizations=[rancher2.ClusterClusterAgentDeploymentCustomizationArgs(\n append_tolerations=[rancher2.ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs(\n effect=\"NoSchedule\",\n key=\"tolerate/control-plane\",\n value=\"true\",\n )],\n override_affinity=\"\"\"{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n\"\"\",\n override_resource_requirements=[rancher2.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs(\n cpu_limit=\"800\",\n cpu_request=\"500\",\n memory_limit=\"800\",\n memory_request=\"500\",\n )],\n )],\n description=\"Terraform cluster with agent customization\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Rancher2.Cluster(\"foo\", new()\n {\n ClusterAgentDeploymentCustomizations = new[]\n {\n new Rancher2.Inputs.ClusterClusterAgentDeploymentCustomizationArgs\n {\n AppendTolerations = new[]\n {\n new Rancher2.Inputs.ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs\n {\n Effect = \"NoSchedule\",\n Key = \"tolerate/control-plane\",\n Value = \"true\",\n },\n },\n OverrideAffinity = @\"{\n \"\"nodeAffinity\"\": {\n \"\"requiredDuringSchedulingIgnoredDuringExecution\"\": {\n \"\"nodeSelectorTerms\"\": [{\n \"\"matchExpressions\"\": [{\n \"\"key\"\": \"\"not.this/nodepool\"\",\n \"\"operator\"\": \"\"In\"\",\n \"\"values\"\": [\n \"\"true\"\"\n ]\n }]\n }]\n }\n }\n}\n\n\",\n OverrideResourceRequirements = new[]\n {\n new Rancher2.Inputs.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs\n {\n CpuLimit = \"800\",\n CpuRequest = \"500\",\n MemoryLimit = \"800\",\n MemoryRequest = \"500\",\n },\n },\n },\n },\n Description = \"Terraform cluster with agent customization\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rancher2.NewCluster(ctx, \"foo\", \u0026rancher2.ClusterArgs{\n\t\t\tClusterAgentDeploymentCustomizations: rancher2.ClusterClusterAgentDeploymentCustomizationArray{\n\t\t\t\t\u0026rancher2.ClusterClusterAgentDeploymentCustomizationArgs{\n\t\t\t\t\tAppendTolerations: rancher2.ClusterClusterAgentDeploymentCustomizationAppendTolerationArray{\n\t\t\t\t\t\t\u0026rancher2.ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs{\n\t\t\t\t\t\t\tEffect: pulumi.String(\"NoSchedule\"),\n\t\t\t\t\t\t\tKey: pulumi.String(\"tolerate/control-plane\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tOverrideAffinity: pulumi.String(`{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n`),\n\t\t\t\t\tOverrideResourceRequirements: rancher2.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArray{\n\t\t\t\t\t\t\u0026rancher2.ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs{\n\t\t\t\t\t\t\tCpuLimit: pulumi.String(\"800\"),\n\t\t\t\t\t\t\tCpuRequest: pulumi.String(\"500\"),\n\t\t\t\t\t\t\tMemoryLimit: pulumi.String(\"800\"),\n\t\t\t\t\t\t\tMemoryRequest: pulumi.String(\"500\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Terraform cluster with agent customization\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterClusterAgentDeploymentCustomizationArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new Cluster(\"foo\", ClusterArgs.builder() \n .clusterAgentDeploymentCustomizations(ClusterClusterAgentDeploymentCustomizationArgs.builder()\n .appendTolerations(ClusterClusterAgentDeploymentCustomizationAppendTolerationArgs.builder()\n .effect(\"NoSchedule\")\n .key(\"tolerate/control-plane\")\n .value(\"true\")\n .build())\n .overrideAffinity(\"\"\"\n{\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n}\n\n \"\"\")\n .overrideResourceRequirements(ClusterClusterAgentDeploymentCustomizationOverrideResourceRequirementArgs.builder()\n .cpuLimit(\"800\")\n .cpuRequest(\"500\")\n .memoryLimit(\"800\")\n .memoryRequest(\"500\")\n .build())\n .build())\n .description(\"Terraform cluster with agent customization\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: rancher2:Cluster\n properties:\n clusterAgentDeploymentCustomizations:\n - appendTolerations:\n - effect: NoSchedule\n key: tolerate/control-plane\n value: 'true'\n overrideAffinity: |+\n {\n \"nodeAffinity\": {\n \"requiredDuringSchedulingIgnoredDuringExecution\": {\n \"nodeSelectorTerms\": [{\n \"matchExpressions\": [{\n \"key\": \"not.this/nodepool\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }]\n }]\n }\n }\n }\n\n overrideResourceRequirements:\n - cpuLimit: '800'\n cpuRequest: '500'\n memoryLimit: '800'\n memoryRequest: '500'\n description: Terraform cluster with agent customization\n rkeConfig:\n network:\n plugin: canal\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating Rancher v2 RKE cluster with Pod Security Admission Configuration Template (PSACT). For Rancher v2.7.2 and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\n// Custom PSACT (if you wish to use your own)\nconst fooPodSecurityAdmissionConfigurationTemplate = new rancher2.PodSecurityAdmissionConfigurationTemplate(\"fooPodSecurityAdmissionConfigurationTemplate\", {\n defaults: {\n audit: \"restricted\",\n auditVersion: \"latest\",\n enforce: \"restricted\",\n enforceVersion: \"latest\",\n warn: \"restricted\",\n warnVersion: \"latest\",\n },\n description: \"This is my custom Pod Security Admission Configuration Template\",\n exemptions: {\n namespaces: [\n \"ingress-nginx\",\n \"kube-system\",\n ],\n runtimeClasses: [\"testclass\"],\n usernames: [\"testuser\"],\n },\n});\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n defaultPodSecurityAdmissionConfigurationTemplateName: \"\u003cname\u003e\",\n description: \"Terraform cluster with PSACT\",\n rkeConfig: {\n network: {\n plugin: \"canal\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\n# Custom PSACT (if you wish to use your own)\nfoo_pod_security_admission_configuration_template = rancher2.PodSecurityAdmissionConfigurationTemplate(\"fooPodSecurityAdmissionConfigurationTemplate\",\n defaults=rancher2.PodSecurityAdmissionConfigurationTemplateDefaultsArgs(\n audit=\"restricted\",\n audit_version=\"latest\",\n enforce=\"restricted\",\n enforce_version=\"latest\",\n warn=\"restricted\",\n warn_version=\"latest\",\n ),\n description=\"This is my custom Pod Security Admission Configuration Template\",\n exemptions=rancher2.PodSecurityAdmissionConfigurationTemplateExemptionsArgs(\n namespaces=[\n \"ingress-nginx\",\n \"kube-system\",\n ],\n runtime_classes=[\"testclass\"],\n usernames=[\"testuser\"],\n ))\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n default_pod_security_admission_configuration_template_name=\"\u003cname\u003e\",\n description=\"Terraform cluster with PSACT\",\n rke_config=rancher2.ClusterRkeConfigArgs(\n network=rancher2.ClusterRkeConfigNetworkArgs(\n plugin=\"canal\",\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Custom PSACT (if you wish to use your own)\n var fooPodSecurityAdmissionConfigurationTemplate = new Rancher2.PodSecurityAdmissionConfigurationTemplate(\"fooPodSecurityAdmissionConfigurationTemplate\", new()\n {\n Defaults = new Rancher2.Inputs.PodSecurityAdmissionConfigurationTemplateDefaultsArgs\n {\n Audit = \"restricted\",\n AuditVersion = \"latest\",\n Enforce = \"restricted\",\n EnforceVersion = \"latest\",\n Warn = \"restricted\",\n WarnVersion = \"latest\",\n },\n Description = \"This is my custom Pod Security Admission Configuration Template\",\n Exemptions = new Rancher2.Inputs.PodSecurityAdmissionConfigurationTemplateExemptionsArgs\n {\n Namespaces = new[]\n {\n \"ingress-nginx\",\n \"kube-system\",\n },\n RuntimeClasses = new[]\n {\n \"testclass\",\n },\n Usernames = new[]\n {\n \"testuser\",\n },\n },\n });\n\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n DefaultPodSecurityAdmissionConfigurationTemplateName = \"\u003cname\u003e\",\n Description = \"Terraform cluster with PSACT\",\n RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs\n {\n Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs\n {\n Plugin = \"canal\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Custom PSACT (if you wish to use your own)\n\t\t_, err := rancher2.NewPodSecurityAdmissionConfigurationTemplate(ctx, \"fooPodSecurityAdmissionConfigurationTemplate\", \u0026rancher2.PodSecurityAdmissionConfigurationTemplateArgs{\n\t\t\tDefaults: \u0026rancher2.PodSecurityAdmissionConfigurationTemplateDefaultsArgs{\n\t\t\t\tAudit: pulumi.String(\"restricted\"),\n\t\t\t\tAuditVersion: pulumi.String(\"latest\"),\n\t\t\t\tEnforce: pulumi.String(\"restricted\"),\n\t\t\t\tEnforceVersion: pulumi.String(\"latest\"),\n\t\t\t\tWarn: pulumi.String(\"restricted\"),\n\t\t\t\tWarnVersion: pulumi.String(\"latest\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"This is my custom Pod Security Admission Configuration Template\"),\n\t\t\tExemptions: \u0026rancher2.PodSecurityAdmissionConfigurationTemplateExemptionsArgs{\n\t\t\t\tNamespaces: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ingress-nginx\"),\n\t\t\t\t\tpulumi.String(\"kube-system\"),\n\t\t\t\t},\n\t\t\t\tRuntimeClasses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"testclass\"),\n\t\t\t\t},\n\t\t\t\tUsernames: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"testuser\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDefaultPodSecurityAdmissionConfigurationTemplateName: pulumi.String(\"\u003cname\u003e\"),\n\t\t\tDescription: pulumi.String(\"Terraform cluster with PSACT\"),\n\t\t\tRkeConfig: \u0026rancher2.ClusterRkeConfigArgs{\n\t\t\t\tNetwork: \u0026rancher2.ClusterRkeConfigNetworkArgs{\n\t\t\t\t\tPlugin: pulumi.String(\"canal\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.PodSecurityAdmissionConfigurationTemplate;\nimport com.pulumi.rancher2.PodSecurityAdmissionConfigurationTemplateArgs;\nimport com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateDefaultsArgs;\nimport com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateExemptionsArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigArgs;\nimport com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooPodSecurityAdmissionConfigurationTemplate = new PodSecurityAdmissionConfigurationTemplate(\"fooPodSecurityAdmissionConfigurationTemplate\", PodSecurityAdmissionConfigurationTemplateArgs.builder() \n .defaults(PodSecurityAdmissionConfigurationTemplateDefaultsArgs.builder()\n .audit(\"restricted\")\n .auditVersion(\"latest\")\n .enforce(\"restricted\")\n .enforceVersion(\"latest\")\n .warn(\"restricted\")\n .warnVersion(\"latest\")\n .build())\n .description(\"This is my custom Pod Security Admission Configuration Template\")\n .exemptions(PodSecurityAdmissionConfigurationTemplateExemptionsArgs.builder()\n .namespaces( \n \"ingress-nginx\",\n \"kube-system\")\n .runtimeClasses(\"testclass\")\n .usernames(\"testuser\")\n .build())\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .defaultPodSecurityAdmissionConfigurationTemplateName(\"\u003cname\u003e\")\n .description(\"Terraform cluster with PSACT\")\n .rkeConfig(ClusterRkeConfigArgs.builder()\n .network(ClusterRkeConfigNetworkArgs.builder()\n .plugin(\"canal\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Custom PSACT (if you wish to use your own)\n fooPodSecurityAdmissionConfigurationTemplate:\n type: rancher2:PodSecurityAdmissionConfigurationTemplate\n properties:\n defaults:\n audit: restricted\n auditVersion: latest\n enforce: restricted\n enforceVersion: latest\n warn: restricted\n warnVersion: latest\n description: This is my custom Pod Security Admission Configuration Template\n exemptions:\n namespaces:\n - ingress-nginx\n - kube-system\n runtimeClasses:\n - testclass\n usernames:\n - testuser\n fooCluster:\n type: rancher2:Cluster\n properties:\n defaultPodSecurityAdmissionConfigurationTemplateName: \u003cname\u003e\n # privileged, baseline, restricted or name of custom template\n description: Terraform cluster with PSACT\n rkeConfig:\n network:\n plugin: canal\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Importing EKS cluster to Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst fooCloudCredential = new rancher2.CloudCredential(\"fooCloudCredential\", {\n description: \"foo test\",\n amazonec2CredentialConfig: {\n accessKey: \"\u003caws-access-key\u003e\",\n secretKey: \"\u003caws-secret-key\u003e\",\n },\n});\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n description: \"Terraform EKS cluster\",\n eksConfigV2: {\n cloudCredentialId: fooCloudCredential.id,\n name: \"\u003ccluster-name\u003e\",\n region: \"\u003ceks-region\u003e\",\n imported: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_cloud_credential = rancher2.CloudCredential(\"fooCloudCredential\",\n description=\"foo test\",\n amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs(\n access_key=\"\u003caws-access-key\u003e\",\n secret_key=\"\u003caws-secret-key\u003e\",\n ))\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n description=\"Terraform EKS cluster\",\n eks_config_v2=rancher2.ClusterEksConfigV2Args(\n cloud_credential_id=foo_cloud_credential.id,\n name=\"\u003ccluster-name\u003e\",\n region=\"\u003ceks-region\u003e\",\n imported=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooCloudCredential = new Rancher2.CloudCredential(\"fooCloudCredential\", new()\n {\n Description = \"foo test\",\n Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs\n {\n AccessKey = \"\u003caws-access-key\u003e\",\n SecretKey = \"\u003caws-secret-key\u003e\",\n },\n });\n\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n Description = \"Terraform EKS cluster\",\n EksConfigV2 = new Rancher2.Inputs.ClusterEksConfigV2Args\n {\n CloudCredentialId = fooCloudCredential.Id,\n Name = \"\u003ccluster-name\u003e\",\n Region = \"\u003ceks-region\u003e\",\n Imported = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooCloudCredential, err := rancher2.NewCloudCredential(ctx, \"fooCloudCredential\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2CredentialConfig: \u0026rancher2.CloudCredentialAmazonec2CredentialConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003caws-access-key\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003caws-secret-key\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform EKS cluster\"),\n\t\t\tEksConfigV2: \u0026rancher2.ClusterEksConfigV2Args{\n\t\t\t\tCloudCredentialId: fooCloudCredential.ID(),\n\t\t\t\tName: pulumi.String(\"\u003ccluster-name\u003e\"),\n\t\t\t\tRegion: pulumi.String(\"\u003ceks-region\u003e\"),\n\t\t\t\tImported: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAmazonec2CredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterEksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooCloudCredential = new CloudCredential(\"fooCloudCredential\", CloudCredentialArgs.builder() \n .description(\"foo test\")\n .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder()\n .accessKey(\"\u003caws-access-key\u003e\")\n .secretKey(\"\u003caws-secret-key\u003e\")\n .build())\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .description(\"Terraform EKS cluster\")\n .eksConfigV2(ClusterEksConfigV2Args.builder()\n .cloudCredentialId(fooCloudCredential.id())\n .name(\"\u003ccluster-name\u003e\")\n .region(\"\u003ceks-region\u003e\")\n .imported(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooCloudCredential:\n type: rancher2:CloudCredential\n properties:\n description: foo test\n amazonec2CredentialConfig:\n accessKey: \u003caws-access-key\u003e\n secretKey: \u003caws-secret-key\u003e\n fooCluster:\n type: rancher2:Cluster\n properties:\n description: Terraform EKS cluster\n eksConfigV2:\n cloudCredentialId: ${fooCloudCredential.id}\n name: \u003ccluster-name\u003e\n region: \u003ceks-region\u003e\n imported: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating EKS cluster from Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst fooCloudCredential = new rancher2.CloudCredential(\"fooCloudCredential\", {\n description: \"foo test\",\n amazonec2CredentialConfig: {\n accessKey: \"\u003caws-access-key\u003e\",\n secretKey: \"\u003caws-secret-key\u003e\",\n },\n});\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n description: \"Terraform EKS cluster\",\n eksConfigV2: {\n cloudCredentialId: fooCloudCredential.id,\n region: \"\u003cEKS_REGION\u003e\",\n kubernetesVersion: \"1.24\",\n loggingTypes: [\n \"audit\",\n \"api\",\n ],\n nodeGroups: [\n {\n name: \"node_group1\",\n instanceType: \"t3.medium\",\n desiredSize: 3,\n maxSize: 5,\n },\n {\n name: \"node_group2\",\n instanceType: \"m5.xlarge\",\n desiredSize: 2,\n maxSize: 3,\n nodeRole: \"arn:aws:iam::role/test-NodeInstanceRole\",\n },\n ],\n privateAccess: true,\n publicAccess: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_cloud_credential = rancher2.CloudCredential(\"fooCloudCredential\",\n description=\"foo test\",\n amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs(\n access_key=\"\u003caws-access-key\u003e\",\n secret_key=\"\u003caws-secret-key\u003e\",\n ))\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n description=\"Terraform EKS cluster\",\n eks_config_v2=rancher2.ClusterEksConfigV2Args(\n cloud_credential_id=foo_cloud_credential.id,\n region=\"\u003cEKS_REGION\u003e\",\n kubernetes_version=\"1.24\",\n logging_types=[\n \"audit\",\n \"api\",\n ],\n node_groups=[\n rancher2.ClusterEksConfigV2NodeGroupArgs(\n name=\"node_group1\",\n instance_type=\"t3.medium\",\n desired_size=3,\n max_size=5,\n ),\n rancher2.ClusterEksConfigV2NodeGroupArgs(\n name=\"node_group2\",\n instance_type=\"m5.xlarge\",\n desired_size=2,\n max_size=3,\n node_role=\"arn:aws:iam::role/test-NodeInstanceRole\",\n ),\n ],\n private_access=True,\n public_access=False,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooCloudCredential = new Rancher2.CloudCredential(\"fooCloudCredential\", new()\n {\n Description = \"foo test\",\n Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs\n {\n AccessKey = \"\u003caws-access-key\u003e\",\n SecretKey = \"\u003caws-secret-key\u003e\",\n },\n });\n\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n Description = \"Terraform EKS cluster\",\n EksConfigV2 = new Rancher2.Inputs.ClusterEksConfigV2Args\n {\n CloudCredentialId = fooCloudCredential.Id,\n Region = \"\u003cEKS_REGION\u003e\",\n KubernetesVersion = \"1.24\",\n LoggingTypes = new[]\n {\n \"audit\",\n \"api\",\n },\n NodeGroups = new[]\n {\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupArgs\n {\n Name = \"node_group1\",\n InstanceType = \"t3.medium\",\n DesiredSize = 3,\n MaxSize = 5,\n },\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupArgs\n {\n Name = \"node_group2\",\n InstanceType = \"m5.xlarge\",\n DesiredSize = 2,\n MaxSize = 3,\n NodeRole = \"arn:aws:iam::role/test-NodeInstanceRole\",\n },\n },\n PrivateAccess = true,\n PublicAccess = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooCloudCredential, err := rancher2.NewCloudCredential(ctx, \"fooCloudCredential\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2CredentialConfig: \u0026rancher2.CloudCredentialAmazonec2CredentialConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003caws-access-key\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003caws-secret-key\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform EKS cluster\"),\n\t\t\tEksConfigV2: \u0026rancher2.ClusterEksConfigV2Args{\n\t\t\t\tCloudCredentialId: fooCloudCredential.ID(),\n\t\t\t\tRegion: pulumi.String(\"\u003cEKS_REGION\u003e\"),\n\t\t\t\tKubernetesVersion: pulumi.String(\"1.24\"),\n\t\t\t\tLoggingTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\t},\n\t\t\t\tNodeGroups: rancher2.ClusterEksConfigV2NodeGroupArray{\n\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupArgs{\n\t\t\t\t\t\tName: pulumi.String(\"node_group1\"),\n\t\t\t\t\t\tInstanceType: pulumi.String(\"t3.medium\"),\n\t\t\t\t\t\tDesiredSize: pulumi.Int(3),\n\t\t\t\t\t\tMaxSize: pulumi.Int(5),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupArgs{\n\t\t\t\t\t\tName: pulumi.String(\"node_group2\"),\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m5.xlarge\"),\n\t\t\t\t\t\tDesiredSize: pulumi.Int(2),\n\t\t\t\t\t\tMaxSize: pulumi.Int(3),\n\t\t\t\t\t\tNodeRole: pulumi.String(\"arn:aws:iam::role/test-NodeInstanceRole\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateAccess: pulumi.Bool(true),\n\t\t\t\tPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAmazonec2CredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterEksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooCloudCredential = new CloudCredential(\"fooCloudCredential\", CloudCredentialArgs.builder() \n .description(\"foo test\")\n .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder()\n .accessKey(\"\u003caws-access-key\u003e\")\n .secretKey(\"\u003caws-secret-key\u003e\")\n .build())\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .description(\"Terraform EKS cluster\")\n .eksConfigV2(ClusterEksConfigV2Args.builder()\n .cloudCredentialId(fooCloudCredential.id())\n .region(\"\u003cEKS_REGION\u003e\")\n .kubernetesVersion(\"1.24\")\n .loggingTypes( \n \"audit\",\n \"api\")\n .nodeGroups( \n ClusterEksConfigV2NodeGroupArgs.builder()\n .name(\"node_group1\")\n .instanceType(\"t3.medium\")\n .desiredSize(3)\n .maxSize(5)\n .build(),\n ClusterEksConfigV2NodeGroupArgs.builder()\n .name(\"node_group2\")\n .instanceType(\"m5.xlarge\")\n .desiredSize(2)\n .maxSize(3)\n .nodeRole(\"arn:aws:iam::role/test-NodeInstanceRole\")\n .build())\n .privateAccess(true)\n .publicAccess(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooCloudCredential:\n type: rancher2:CloudCredential\n properties:\n description: foo test\n amazonec2CredentialConfig:\n accessKey: \u003caws-access-key\u003e\n secretKey: \u003caws-secret-key\u003e\n fooCluster:\n type: rancher2:Cluster\n properties:\n description: Terraform EKS cluster\n eksConfigV2:\n cloudCredentialId: ${fooCloudCredential.id}\n region: \u003cEKS_REGION\u003e\n kubernetesVersion: '1.24'\n loggingTypes:\n - audit\n - api\n nodeGroups:\n - name: node_group1\n instanceType: t3.medium\n desiredSize: 3\n maxSize: 5\n - name: node_group2\n instanceType: m5.xlarge\n desiredSize: 2\n maxSize: 3\n nodeRole: arn:aws:iam::role/test-NodeInstanceRole\n privateAccess: true\n publicAccess: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating EKS cluster from Rancher v2, using `eks_config_v2` and launch template. For Rancher v2.5.6 and above.\n\nNote: To use `launch_template` you must provide the ID (seen as `\u003cEC2_LAUNCH_TEMPLATE_ID\u003e`) to the template either as a static value. Or fetched via AWS data-source using one of: aws_ami first and provide the ID to that.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst fooCloudCredential = new rancher2.CloudCredential(\"fooCloudCredential\", {\n description: \"foo test\",\n amazonec2CredentialConfig: {\n accessKey: \"\u003caws-access-key\u003e\",\n secretKey: \"\u003caws-secret-key\u003e\",\n },\n});\nconst fooCluster = new rancher2.Cluster(\"fooCluster\", {\n description: \"Terraform EKS cluster\",\n eksConfigV2: {\n cloudCredentialId: fooCloudCredential.id,\n region: \"\u003cEKS_REGION\u003e\",\n kubernetesVersion: \"1.24\",\n loggingTypes: [\n \"audit\",\n \"api\",\n ],\n nodeGroups: [{\n desiredSize: 3,\n maxSize: 5,\n name: \"node_group1\",\n launchTemplates: [{\n id: \"\u003cec2-launch-template-id\u003e\",\n version: 1,\n }],\n }],\n privateAccess: true,\n publicAccess: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_cloud_credential = rancher2.CloudCredential(\"fooCloudCredential\",\n description=\"foo test\",\n amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs(\n access_key=\"\u003caws-access-key\u003e\",\n secret_key=\"\u003caws-secret-key\u003e\",\n ))\nfoo_cluster = rancher2.Cluster(\"fooCluster\",\n description=\"Terraform EKS cluster\",\n eks_config_v2=rancher2.ClusterEksConfigV2Args(\n cloud_credential_id=foo_cloud_credential.id,\n region=\"\u003cEKS_REGION\u003e\",\n kubernetes_version=\"1.24\",\n logging_types=[\n \"audit\",\n \"api\",\n ],\n node_groups=[rancher2.ClusterEksConfigV2NodeGroupArgs(\n desired_size=3,\n max_size=5,\n name=\"node_group1\",\n launch_templates=[rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArgs(\n id=\"\u003cec2-launch-template-id\u003e\",\n version=1,\n )],\n )],\n private_access=True,\n public_access=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooCloudCredential = new Rancher2.CloudCredential(\"fooCloudCredential\", new()\n {\n Description = \"foo test\",\n Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs\n {\n AccessKey = \"\u003caws-access-key\u003e\",\n SecretKey = \"\u003caws-secret-key\u003e\",\n },\n });\n\n var fooCluster = new Rancher2.Cluster(\"fooCluster\", new()\n {\n Description = \"Terraform EKS cluster\",\n EksConfigV2 = new Rancher2.Inputs.ClusterEksConfigV2Args\n {\n CloudCredentialId = fooCloudCredential.Id,\n Region = \"\u003cEKS_REGION\u003e\",\n KubernetesVersion = \"1.24\",\n LoggingTypes = new[]\n {\n \"audit\",\n \"api\",\n },\n NodeGroups = new[]\n {\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupArgs\n {\n DesiredSize = 3,\n MaxSize = 5,\n Name = \"node_group1\",\n LaunchTemplates = new[]\n {\n new Rancher2.Inputs.ClusterEksConfigV2NodeGroupLaunchTemplateArgs\n {\n Id = \"\u003cec2-launch-template-id\u003e\",\n Version = 1,\n },\n },\n },\n },\n PrivateAccess = true,\n PublicAccess = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooCloudCredential, err := rancher2.NewCloudCredential(ctx, \"fooCloudCredential\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tDescription: pulumi.String(\"foo test\"),\n\t\t\tAmazonec2CredentialConfig: \u0026rancher2.CloudCredentialAmazonec2CredentialConfigArgs{\n\t\t\t\tAccessKey: pulumi.String(\"\u003caws-access-key\u003e\"),\n\t\t\t\tSecretKey: pulumi.String(\"\u003caws-secret-key\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"fooCluster\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform EKS cluster\"),\n\t\t\tEksConfigV2: \u0026rancher2.ClusterEksConfigV2Args{\n\t\t\t\tCloudCredentialId: fooCloudCredential.ID(),\n\t\t\t\tRegion: pulumi.String(\"\u003cEKS_REGION\u003e\"),\n\t\t\t\tKubernetesVersion: pulumi.String(\"1.24\"),\n\t\t\t\tLoggingTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\t},\n\t\t\t\tNodeGroups: rancher2.ClusterEksConfigV2NodeGroupArray{\n\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupArgs{\n\t\t\t\t\t\tDesiredSize: pulumi.Int(3),\n\t\t\t\t\t\tMaxSize: pulumi.Int(5),\n\t\t\t\t\t\tName: pulumi.String(\"node_group1\"),\n\t\t\t\t\t\tLaunchTemplates: rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArray{\n\t\t\t\t\t\t\t\u0026rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArgs{\n\t\t\t\t\t\t\t\tId: pulumi.String(\"\u003cec2-launch-template-id\u003e\"),\n\t\t\t\t\t\t\t\tVersion: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateAccess: pulumi.Bool(true),\n\t\t\t\tPublicAccess: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAmazonec2CredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterEksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooCloudCredential = new CloudCredential(\"fooCloudCredential\", CloudCredentialArgs.builder() \n .description(\"foo test\")\n .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder()\n .accessKey(\"\u003caws-access-key\u003e\")\n .secretKey(\"\u003caws-secret-key\u003e\")\n .build())\n .build());\n\n var fooCluster = new Cluster(\"fooCluster\", ClusterArgs.builder() \n .description(\"Terraform EKS cluster\")\n .eksConfigV2(ClusterEksConfigV2Args.builder()\n .cloudCredentialId(fooCloudCredential.id())\n .region(\"\u003cEKS_REGION\u003e\")\n .kubernetesVersion(\"1.24\")\n .loggingTypes( \n \"audit\",\n \"api\")\n .nodeGroups(ClusterEksConfigV2NodeGroupArgs.builder()\n .desiredSize(3)\n .maxSize(5)\n .name(\"node_group1\")\n .launchTemplates(ClusterEksConfigV2NodeGroupLaunchTemplateArgs.builder()\n .id(\"\u003cec2-launch-template-id\u003e\")\n .version(1)\n .build())\n .build())\n .privateAccess(true)\n .publicAccess(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooCloudCredential:\n type: rancher2:CloudCredential\n properties:\n description: foo test\n amazonec2CredentialConfig:\n accessKey: \u003caws-access-key\u003e\n secretKey: \u003caws-secret-key\u003e\n fooCluster:\n type: rancher2:Cluster\n properties:\n description: Terraform EKS cluster\n eksConfigV2:\n cloudCredentialId: ${fooCloudCredential.id}\n region: \u003cEKS_REGION\u003e\n kubernetesVersion: '1.24'\n loggingTypes:\n - audit\n - api\n nodeGroups:\n - desiredSize: 3\n maxSize: 5\n name: node_group1\n launchTemplates:\n - id: \u003cec2-launch-template-id\u003e\n version: 1\n privateAccess: true\n publicAccess: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Creating AKS cluster from Rancher v2, using `aks_config_v2`. For Rancher v2.6.0 and above.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as rancher2 from \"@pulumi/rancher2\";\n\nconst foo_aks = new rancher2.CloudCredential(\"foo-aks\", {azureCredentialConfig: {\n clientId: \"\u003cclient-id\u003e\",\n clientSecret: \"\u003cclient-secret\u003e\",\n subscriptionId: \"\u003csubscription-id\u003e\",\n}});\nconst foo = new rancher2.Cluster(\"foo\", {\n description: \"Terraform AKS cluster\",\n aksConfigV2: {\n cloudCredentialId: foo_aks.id,\n resourceGroup: \"\u003cresource-group\u003e\",\n resourceLocation: \"\u003cresource-location\u003e\",\n dnsPrefix: \"\u003cdns-prefix\u003e\",\n kubernetesVersion: \"1.24.6\",\n networkPlugin: \"\u003cnetwork-plugin\u003e\",\n nodePools: [\n {\n availabilityZones: [\n \"1\",\n \"2\",\n \"3\",\n ],\n name: \"\u003cnodepool-name-1\u003e\",\n mode: \"System\",\n count: 1,\n orchestratorVersion: \"1.21.2\",\n osDiskSizeGb: 128,\n vmSize: \"Standard_DS2_v2\",\n },\n {\n availabilityZones: [\n \"1\",\n \"2\",\n \"3\",\n ],\n name: \"\u003cnodepool-name-2\u003e\",\n count: 1,\n mode: \"User\",\n orchestratorVersion: \"1.21.2\",\n osDiskSizeGb: 128,\n vmSize: \"Standard_DS2_v2\",\n maxSurge: \"25%\",\n labels: {\n test1: \"data1\",\n test2: \"data2\",\n },\n taints: [\"none:PreferNoSchedule\"],\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_rancher2 as rancher2\n\nfoo_aks = rancher2.CloudCredential(\"foo-aks\", azure_credential_config=rancher2.CloudCredentialAzureCredentialConfigArgs(\n client_id=\"\u003cclient-id\u003e\",\n client_secret=\"\u003cclient-secret\u003e\",\n subscription_id=\"\u003csubscription-id\u003e\",\n))\nfoo = rancher2.Cluster(\"foo\",\n description=\"Terraform AKS cluster\",\n aks_config_v2=rancher2.ClusterAksConfigV2Args(\n cloud_credential_id=foo_aks.id,\n resource_group=\"\u003cresource-group\u003e\",\n resource_location=\"\u003cresource-location\u003e\",\n dns_prefix=\"\u003cdns-prefix\u003e\",\n kubernetes_version=\"1.24.6\",\n network_plugin=\"\u003cnetwork-plugin\u003e\",\n node_pools=[\n rancher2.ClusterAksConfigV2NodePoolArgs(\n availability_zones=[\n \"1\",\n \"2\",\n \"3\",\n ],\n name=\"\u003cnodepool-name-1\u003e\",\n mode=\"System\",\n count=1,\n orchestrator_version=\"1.21.2\",\n os_disk_size_gb=128,\n vm_size=\"Standard_DS2_v2\",\n ),\n rancher2.ClusterAksConfigV2NodePoolArgs(\n availability_zones=[\n \"1\",\n \"2\",\n \"3\",\n ],\n name=\"\u003cnodepool-name-2\u003e\",\n count=1,\n mode=\"User\",\n orchestrator_version=\"1.21.2\",\n os_disk_size_gb=128,\n vm_size=\"Standard_DS2_v2\",\n max_surge=\"25%\",\n labels={\n \"test1\": \"data1\",\n \"test2\": \"data2\",\n },\n taints=[\"none:PreferNoSchedule\"],\n ),\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Rancher2 = Pulumi.Rancher2;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo_aks = new Rancher2.CloudCredential(\"foo-aks\", new()\n {\n AzureCredentialConfig = new Rancher2.Inputs.CloudCredentialAzureCredentialConfigArgs\n {\n ClientId = \"\u003cclient-id\u003e\",\n ClientSecret = \"\u003cclient-secret\u003e\",\n SubscriptionId = \"\u003csubscription-id\u003e\",\n },\n });\n\n var foo = new Rancher2.Cluster(\"foo\", new()\n {\n Description = \"Terraform AKS cluster\",\n AksConfigV2 = new Rancher2.Inputs.ClusterAksConfigV2Args\n {\n CloudCredentialId = foo_aks.Id,\n ResourceGroup = \"\u003cresource-group\u003e\",\n ResourceLocation = \"\u003cresource-location\u003e\",\n DnsPrefix = \"\u003cdns-prefix\u003e\",\n KubernetesVersion = \"1.24.6\",\n NetworkPlugin = \"\u003cnetwork-plugin\u003e\",\n NodePools = new[]\n {\n new Rancher2.Inputs.ClusterAksConfigV2NodePoolArgs\n {\n AvailabilityZones = new[]\n {\n \"1\",\n \"2\",\n \"3\",\n },\n Name = \"\u003cnodepool-name-1\u003e\",\n Mode = \"System\",\n Count = 1,\n OrchestratorVersion = \"1.21.2\",\n OsDiskSizeGb = 128,\n VmSize = \"Standard_DS2_v2\",\n },\n new Rancher2.Inputs.ClusterAksConfigV2NodePoolArgs\n {\n AvailabilityZones = new[]\n {\n \"1\",\n \"2\",\n \"3\",\n },\n Name = \"\u003cnodepool-name-2\u003e\",\n Count = 1,\n Mode = \"User\",\n OrchestratorVersion = \"1.21.2\",\n OsDiskSizeGb = 128,\n VmSize = \"Standard_DS2_v2\",\n MaxSurge = \"25%\",\n Labels = \n {\n { \"test1\", \"data1\" },\n { \"test2\", \"data2\" },\n },\n Taints = new[]\n {\n \"none:PreferNoSchedule\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rancher2.NewCloudCredential(ctx, \"foo-aks\", \u0026rancher2.CloudCredentialArgs{\n\t\t\tAzureCredentialConfig: \u0026rancher2.CloudCredentialAzureCredentialConfigArgs{\n\t\t\t\tClientId: pulumi.String(\"\u003cclient-id\u003e\"),\n\t\t\t\tClientSecret: pulumi.String(\"\u003cclient-secret\u003e\"),\n\t\t\t\tSubscriptionId: pulumi.String(\"\u003csubscription-id\u003e\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rancher2.NewCluster(ctx, \"foo\", \u0026rancher2.ClusterArgs{\n\t\t\tDescription: pulumi.String(\"Terraform AKS cluster\"),\n\t\t\tAksConfigV2: \u0026rancher2.ClusterAksConfigV2Args{\n\t\t\t\tCloudCredentialId: foo_aks.ID(),\n\t\t\t\tResourceGroup: pulumi.String(\"\u003cresource-group\u003e\"),\n\t\t\t\tResourceLocation: pulumi.String(\"\u003cresource-location\u003e\"),\n\t\t\t\tDnsPrefix: pulumi.String(\"\u003cdns-prefix\u003e\"),\n\t\t\t\tKubernetesVersion: pulumi.String(\"1.24.6\"),\n\t\t\t\tNetworkPlugin: pulumi.String(\"\u003cnetwork-plugin\u003e\"),\n\t\t\t\tNodePools: rancher2.ClusterAksConfigV2NodePoolArray{\n\t\t\t\t\t\u0026rancher2.ClusterAksConfigV2NodePoolArgs{\n\t\t\t\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"1\"),\n\t\t\t\t\t\t\tpulumi.String(\"2\"),\n\t\t\t\t\t\t\tpulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tName: pulumi.String(\"\u003cnodepool-name-1\u003e\"),\n\t\t\t\t\t\tMode: pulumi.String(\"System\"),\n\t\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t\t\tOrchestratorVersion: pulumi.String(\"1.21.2\"),\n\t\t\t\t\t\tOsDiskSizeGb: pulumi.Int(128),\n\t\t\t\t\t\tVmSize: pulumi.String(\"Standard_DS2_v2\"),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026rancher2.ClusterAksConfigV2NodePoolArgs{\n\t\t\t\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"1\"),\n\t\t\t\t\t\t\tpulumi.String(\"2\"),\n\t\t\t\t\t\t\tpulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tName: pulumi.String(\"\u003cnodepool-name-2\u003e\"),\n\t\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t\t\tMode: pulumi.String(\"User\"),\n\t\t\t\t\t\tOrchestratorVersion: pulumi.String(\"1.21.2\"),\n\t\t\t\t\t\tOsDiskSizeGb: pulumi.Int(128),\n\t\t\t\t\t\tVmSize: pulumi.String(\"Standard_DS2_v2\"),\n\t\t\t\t\t\tMaxSurge: pulumi.String(\"25%\"),\n\t\t\t\t\t\tLabels: pulumi.Map{\n\t\t\t\t\t\t\t\"test1\": pulumi.Any(\"data1\"),\n\t\t\t\t\t\t\t\"test2\": pulumi.Any(\"data2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTaints: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"none:PreferNoSchedule\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.rancher2.CloudCredential;\nimport com.pulumi.rancher2.CloudCredentialArgs;\nimport com.pulumi.rancher2.inputs.CloudCredentialAzureCredentialConfigArgs;\nimport com.pulumi.rancher2.Cluster;\nimport com.pulumi.rancher2.ClusterArgs;\nimport com.pulumi.rancher2.inputs.ClusterAksConfigV2Args;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo_aks = new CloudCredential(\"foo-aks\", CloudCredentialArgs.builder() \n .azureCredentialConfig(CloudCredentialAzureCredentialConfigArgs.builder()\n .clientId(\"\u003cclient-id\u003e\")\n .clientSecret(\"\u003cclient-secret\u003e\")\n .subscriptionId(\"\u003csubscription-id\u003e\")\n .build())\n .build());\n\n var foo = new Cluster(\"foo\", ClusterArgs.builder() \n .description(\"Terraform AKS cluster\")\n .aksConfigV2(ClusterAksConfigV2Args.builder()\n .cloudCredentialId(foo_aks.id())\n .resourceGroup(\"\u003cresource-group\u003e\")\n .resourceLocation(\"\u003cresource-location\u003e\")\n .dnsPrefix(\"\u003cdns-prefix\u003e\")\n .kubernetesVersion(\"1.24.6\")\n .networkPlugin(\"\u003cnetwork-plugin\u003e\")\n .nodePools( \n ClusterAksConfigV2NodePoolArgs.builder()\n .availabilityZones( \n \"1\",\n \"2\",\n \"3\")\n .name(\"\u003cnodepool-name-1\u003e\")\n .mode(\"System\")\n .count(1)\n .orchestratorVersion(\"1.21.2\")\n .osDiskSizeGb(128)\n .vmSize(\"Standard_DS2_v2\")\n .build(),\n ClusterAksConfigV2NodePoolArgs.builder()\n .availabilityZones( \n \"1\",\n \"2\",\n \"3\")\n .name(\"\u003cnodepool-name-2\u003e\")\n .count(1)\n .mode(\"User\")\n .orchestratorVersion(\"1.21.2\")\n .osDiskSizeGb(128)\n .vmSize(\"Standard_DS2_v2\")\n .maxSurge(\"25%\")\n .labels(Map.ofEntries(\n Map.entry(\"test1\", \"data1\"),\n Map.entry(\"test2\", \"data2\")\n ))\n .taints(\"none:PreferNoSchedule\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo-aks:\n type: rancher2:CloudCredential\n properties:\n azureCredentialConfig:\n clientId: \u003cclient-id\u003e\n clientSecret: \u003cclient-secret\u003e\n subscriptionId: \u003csubscription-id\u003e\n foo:\n type: rancher2:Cluster\n properties:\n description: Terraform AKS cluster\n aksConfigV2:\n cloudCredentialId: ${[\"foo-aks\"].id}\n resourceGroup: \u003cresource-group\u003e\n resourceLocation: \u003cresource-location\u003e\n dnsPrefix: \u003cdns-prefix\u003e\n kubernetesVersion: 1.24.6\n networkPlugin: \u003cnetwork-plugin\u003e\n nodePools:\n - availabilityZones:\n - '1'\n - '2'\n - '3'\n name: \u003cnodepool-name-1\u003e\n mode: System\n count: 1\n orchestratorVersion: 1.21.2\n osDiskSizeGb: 128\n vmSize: Standard_DS2_v2\n - availabilityZones:\n - '1'\n - '2'\n - '3'\n name: \u003cnodepool-name-2\u003e\n count: 1\n mode: User\n orchestratorVersion: 1.21.2\n osDiskSizeGb: 128\n vmSize: Standard_DS2_v2\n maxSurge: 25%\n labels:\n test1: data1\n test2: data2\n taints:\n - none:PreferNoSchedule\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClusters can be imported using the Rancher Cluster ID\n\n```sh\n$ pulumi import rancher2:index/cluster:Cluster foo \u0026lt;CLUSTER_ID\u0026gt;\n```\n", "properties": { "agentEnvVars": { "type": "array", @@ -25699,7 +25809,7 @@ }, "defaultPodSecurityAdmissionConfigurationTemplateName": { "type": "string", - "description": "Cluster default pod security admission configuration template name (string)\n" + "description": "The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string)\n" }, "defaultPodSecurityPolicyTemplateId": { "type": "string", @@ -25906,7 +26016,7 @@ }, "defaultPodSecurityAdmissionConfigurationTemplateName": { "type": "string", - "description": "Cluster default pod security admission configuration template name (string)\n" + "description": "The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string)\n" }, "defaultPodSecurityPolicyTemplateId": { "type": "string", @@ -26074,7 +26184,7 @@ }, "defaultPodSecurityAdmissionConfigurationTemplateName": { "type": "string", - "description": "Cluster default pod security admission configuration template name (string)\n" + "description": "The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string)\n" }, "defaultPodSecurityPolicyTemplateId": { "type": "string", @@ -30286,6 +30396,119 @@ "type": "object" } }, + "rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate": { + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Annotations of the resource\n" + }, + "defaults": { + "$ref": "#/types/rancher2:index/PodSecurityAdmissionConfigurationTemplateDefaults:PodSecurityAdmissionConfigurationTemplateDefaults", + "description": "defaults allows the user to define admission control mode for Pod Security\n" + }, + "description": { + "type": "string", + "description": "Pod Security Admission Configuration template description\n" + }, + "exemptions": { + "$ref": "#/types/rancher2:index/PodSecurityAdmissionConfigurationTemplateExemptions:PodSecurityAdmissionConfigurationTemplateExemptions", + "description": "exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be\nprohibited\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Labels of the resource\n" + }, + "name": { + "type": "string", + "description": "Pod Security Admission Configuration template name\n" + } + }, + "required": [ + "annotations", + "defaults", + "labels", + "name" + ], + "inputProperties": { + "annotations": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Annotations of the resource\n" + }, + "defaults": { + "$ref": "#/types/rancher2:index/PodSecurityAdmissionConfigurationTemplateDefaults:PodSecurityAdmissionConfigurationTemplateDefaults", + "description": "defaults allows the user to define admission control mode for Pod Security\n" + }, + "description": { + "type": "string", + "description": "Pod Security Admission Configuration template description\n" + }, + "exemptions": { + "$ref": "#/types/rancher2:index/PodSecurityAdmissionConfigurationTemplateExemptions:PodSecurityAdmissionConfigurationTemplateExemptions", + "description": "exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be\nprohibited\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Labels of the resource\n" + }, + "name": { + "type": "string", + "description": "Pod Security Admission Configuration template name\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "defaults" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PodSecurityAdmissionConfigurationTemplate resources.\n", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Annotations of the resource\n" + }, + "defaults": { + "$ref": "#/types/rancher2:index/PodSecurityAdmissionConfigurationTemplateDefaults:PodSecurityAdmissionConfigurationTemplateDefaults", + "description": "defaults allows the user to define admission control mode for Pod Security\n" + }, + "description": { + "type": "string", + "description": "Pod Security Admission Configuration template description\n" + }, + "exemptions": { + "$ref": "#/types/rancher2:index/PodSecurityAdmissionConfigurationTemplateExemptions:PodSecurityAdmissionConfigurationTemplateExemptions", + "description": "exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be\nprohibited\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "Labels of the resource\n" + }, + "name": { + "type": "string", + "description": "Pod Security Admission Configuration template name\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate": { "description": "Provides a Rancher v2 PodSecurityPolicyTemplate resource. This can be used to create PodSecurityPolicyTemplates for Rancher v2 environments and retrieve their information.\n\n## Example Usage\n\n```hcl-terraform\n# Create a new rancher2 PodSecurityPolicyTemplate\nresource \"rancher2_pod_security_policy_template\" \"foo\" {\n name = \"foo\"\n description = \"Terraform PodSecurityPolicyTemplate acceptance test - update\"\n allow_privilege_escalation = false\n allowed_csi_driver {\n name = \"something\"\n }\n allowed_csi_driver {\n name = \"something-else\"\n }\n allowed_flex_volume {\n driver = \"something\"\n }\n allowed_flex_volume {\n driver = \"something-else\"\n }\n allowed_host_path {\n path_prefix = \"/\"\n read_only = true\n }\n allowed_host_path {\n path_prefix = \"//\"\n read_only = false\n }\n allowed_proc_mount_types = [\"Default\"]\n default_allow_privilege_escalation = false\n fs_group {\n rule = \"MustRunAs\"\n range {\n min = 0\n max = 100\n }\n range {\n min = 0\n max = 100\n }\n }\n host_ipc = false\n host_network = false\n host_pid = false\n host_port {\n min = 0\n max = 65535\n }\n host_port {\n min = 1024\n max = 8080\n }\n privileged = false\n read_only_root_filesystem = false\n required_drop_capabilities = [\"something\"]\n\n run_as_user {\n rule = \"MustRunAs\"\n range {\n min = 1\n max = 100\n }\n range {\n min = 2\n max = 1024\n }\n }\n run_as_group {\n rule = \"MustRunAs\"\n range {\n min = 1\n max = 100\n }\n range {\n min = 2\n max = 1024\n }\n }\n runtime_class {\n default_runtime_class_name = \"something\"\n allowed_runtime_class_names = [\"something\"]\n }\n se_linux {\n rule = \"RunAsAny\"\n }\n supplemental_group {\n rule = \"RunAsAny\"\n }\n volumes = [\"azureFile\"]\n}\n```\n\n## Import\n\nPodSecurityPolicyTemplate can be imported using the Rancher PodSecurityPolicyTemplate Name\n\n```sh\n$ pulumi import rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate foo \u0026lt;pod_security_policy_name\u0026gt;\n```\n", "properties": { @@ -35001,6 +35224,75 @@ ] } }, + "rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate": { + "inputs": { + "description": "A collection of arguments for invoking getPodSecurityAdmissionConfigurationTemplate.\n", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + } + }, + "labels": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + } + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getPodSecurityAdmissionConfigurationTemplate.\n", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + } + }, + "defaults": { + "$ref": "#/types/rancher2:index/getPodSecurityAdmissionConfigurationTemplateDefaults:getPodSecurityAdmissionConfigurationTemplateDefaults" + }, + "description": { + "type": "string" + }, + "exemptions": { + "$ref": "#/types/rancher2:index/getPodSecurityAdmissionConfigurationTemplateExemptions:getPodSecurityAdmissionConfigurationTemplateExemptions" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + } + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "annotations", + "defaults", + "description", + "exemptions", + "labels", + "name", + "id" + ] + } + }, "rancher2:index/getPodSecurityPolicyTemplate:getPodSecurityPolicyTemplate": { "description": "Use this data source to retrieve information about a Rancher v2 PodSecurityPolicyTemplate.\n\n## Example Usage\n\n```hcl-terraform\ndata \"rancher2_pod_security_policy_template\" \"foo\" {\n name = \"foo\"\n}\n```\n", "inputs": { diff --git a/provider/go.mod b/provider/go.mod index d5e2bc705..46fdd45f5 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -59,7 +59,7 @@ require ( github.com/hashicorp/terraform-plugin-sdk v1.17.2 github.com/pulumi/pulumi-terraform-bridge/v3 v3.77.0 github.com/pulumi/pulumi/sdk/v3 v3.108.1 - github.com/rancher/terraform-provider-rancher2 v1.25.1-0.20240205172342-160eda274458 + github.com/rancher/terraform-provider-rancher2 v1.25.1-0.20240306215549-383a664a3660 ) require ( diff --git a/provider/go.sum b/provider/go.sum index c27e3fe60..2de4e66bb 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1944,8 +1944,9 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= +github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= @@ -2982,8 +2983,8 @@ github.com/rancher/rancher/pkg/client v0.0.0-20230901132600-5e1ee2611616 h1:4GkR github.com/rancher/rancher/pkg/client v0.0.0-20230901132600-5e1ee2611616/go.mod h1:eDLHGs0Wrq0gvAY3YCBPbWatkhj1/R+lg04S3slbroY= github.com/rancher/rke v1.5.0-rc2 h1:gec//2jkyEimO/fZLMMRVAJF8GpKqDf3voe+k3jrhGg= github.com/rancher/rke v1.5.0-rc2/go.mod h1:wUwsm6dXyzzxWlVwmPPR5XMWX6ICjAdWJ+l45ZqV+P0= -github.com/rancher/terraform-provider-rancher2 v1.25.1-0.20240205172342-160eda274458 h1:MGlZd1WPuLUvZ8Neojyd2vKR5raT8SgbSKuoo5yEfyE= -github.com/rancher/terraform-provider-rancher2 v1.25.1-0.20240205172342-160eda274458/go.mod h1:MTQSBIbx2Ru6D6Xmu+5GQv4t20e5N/wxbMuBsvss+AE= +github.com/rancher/terraform-provider-rancher2 v1.25.1-0.20240306215549-383a664a3660 h1:2nJf0Z4jkcnYp7X+Q1LQhj2lTELs5RfpNUA3OT5/UK8= +github.com/rancher/terraform-provider-rancher2 v1.25.1-0.20240306215549-383a664a3660/go.mod h1:zjtXfgdh6xhy8hNBW24ZhYxt86W4jWaqIK2G6iWCkHU= github.com/rancher/wrangler v0.6.1/go.mod h1:L4HtjPeX8iqLgsxfJgz+JjKMcX2q3qbRXSeTlC/CSd4= github.com/rancher/wrangler v0.8.11-0.20220120160420-18c996a8e956/go.mod h1:Lte9WjPtGYxYacIWeiS9qawvu2R4NujFU9xuXWJvc/0= github.com/rancher/wrangler v1.1.1 h1:wmqUwqc2M7ADfXnBCJTFkTB5ZREWpD78rnZMzmxwMvM= diff --git a/provider/resources.go b/provider/resources.go index 6955bc6a0..ea169a695 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -89,6 +89,13 @@ func Provider() tfbridge.ProviderInfo { // Override capitalization for backwards compatibility. "rancher2_auth_config_activedirectory": {Tok: makeResource("AuthConfigActiveDirectory")}, + + "rancher2_pod_security_admission_configuration_template": { + Docs: &tfbridge.DocInfo{AllowMissing: true}}, + }, + DataSources: map[string]*tfbridge.DataSourceInfo{ + "rancher2_pod_security_admission_configuration_template": { + Docs: &tfbridge.DocInfo{AllowMissing: true}}, }, JavaScript: &tfbridge.JavaScriptInfo{ // List any npm dependencies and their versions diff --git a/sdk/dotnet/Cluster.cs b/sdk/dotnet/Cluster.cs index 5a5b9a4ce..0279d1bda 100644 --- a/sdk/dotnet/Cluster.cs +++ b/sdk/dotnet/Cluster.cs @@ -475,6 +475,65 @@ namespace Pulumi.Rancher2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ### Creating Rancher v2 RKE cluster with Pod Security Admission Configuration Template (PSACT). For Rancher v2.7.2 and above. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Rancher2 = Pulumi.Rancher2; + /// + /// return await Deployment.RunAsync(() => + /// { + /// // Custom PSACT (if you wish to use your own) + /// var fooPodSecurityAdmissionConfigurationTemplate = new Rancher2.PodSecurityAdmissionConfigurationTemplate("fooPodSecurityAdmissionConfigurationTemplate", new() + /// { + /// Defaults = new Rancher2.Inputs.PodSecurityAdmissionConfigurationTemplateDefaultsArgs + /// { + /// Audit = "restricted", + /// AuditVersion = "latest", + /// Enforce = "restricted", + /// EnforceVersion = "latest", + /// Warn = "restricted", + /// WarnVersion = "latest", + /// }, + /// Description = "This is my custom Pod Security Admission Configuration Template", + /// Exemptions = new Rancher2.Inputs.PodSecurityAdmissionConfigurationTemplateExemptionsArgs + /// { + /// Namespaces = new[] + /// { + /// "ingress-nginx", + /// "kube-system", + /// }, + /// RuntimeClasses = new[] + /// { + /// "testclass", + /// }, + /// Usernames = new[] + /// { + /// "testuser", + /// }, + /// }, + /// }); + /// + /// var fooCluster = new Rancher2.Cluster("fooCluster", new() + /// { + /// DefaultPodSecurityAdmissionConfigurationTemplateName = "<name>", + /// Description = "Terraform cluster with PSACT", + /// RkeConfig = new Rancher2.Inputs.ClusterRkeConfigArgs + /// { + /// Network = new Rancher2.Inputs.ClusterRkeConfigNetworkArgs + /// { + /// Plugin = "canal", + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ### Importing EKS cluster to Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above. /// /// <!--Start PulumiCodeChooser --> @@ -491,8 +550,8 @@ namespace Pulumi.Rancher2 /// Description = "foo test", /// Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs /// { - /// AccessKey = "<AWS_ACCESS_KEY>", - /// SecretKey = "<AWS_SECRET_KEY>", + /// AccessKey = "<aws-access-key>", + /// SecretKey = "<aws-secret-key>", /// }, /// }); /// @@ -502,8 +561,8 @@ namespace Pulumi.Rancher2 /// EksConfigV2 = new Rancher2.Inputs.ClusterEksConfigV2Args /// { /// CloudCredentialId = fooCloudCredential.Id, - /// Name = "<CLUSTER_NAME>", - /// Region = "<EKS_REGION>", + /// Name = "<cluster-name>", + /// Region = "<eks-region>", /// Imported = true, /// }, /// }); @@ -528,8 +587,8 @@ namespace Pulumi.Rancher2 /// Description = "foo test", /// Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs /// { - /// AccessKey = "<AWS_ACCESS_KEY>", - /// SecretKey = "<AWS_SECRET_KEY>", + /// AccessKey = "<aws-access-key>", + /// SecretKey = "<aws-secret-key>", /// }, /// }); /// @@ -575,6 +634,8 @@ namespace Pulumi.Rancher2 /// /// ### Creating EKS cluster from Rancher v2, using `eks_config_v2` and launch template. For Rancher v2.5.6 and above. /// + /// Note: To use `launch_template` you must provide the ID (seen as `<EC2_LAUNCH_TEMPLATE_ID>`) to the template either as a static value. Or fetched via AWS data-source using one of: aws_ami first and provide the ID to that. + /// /// <!--Start PulumiCodeChooser --> /// ```csharp /// using System.Collections.Generic; @@ -589,8 +650,8 @@ namespace Pulumi.Rancher2 /// Description = "foo test", /// Amazonec2CredentialConfig = new Rancher2.Inputs.CloudCredentialAmazonec2CredentialConfigArgs /// { - /// AccessKey = "<AWS_ACCESS_KEY>", - /// SecretKey = "<AWS_SECRET_KEY>", + /// AccessKey = "<aws-access-key>", + /// SecretKey = "<aws-secret-key>", /// }, /// }); /// @@ -618,7 +679,7 @@ namespace Pulumi.Rancher2 /// { /// new Rancher2.Inputs.ClusterEksConfigV2NodeGroupLaunchTemplateArgs /// { - /// Id = "<EC2_LAUNCH_TEMPLATE_ID>", + /// Id = "<ec2-launch-template-id>", /// Version = 1, /// }, /// }, @@ -648,9 +709,9 @@ namespace Pulumi.Rancher2 /// { /// AzureCredentialConfig = new Rancher2.Inputs.CloudCredentialAzureCredentialConfigArgs /// { - /// ClientId = "<CLIENT_ID>", - /// ClientSecret = "<CLIENT_SECRET>", - /// SubscriptionId = "<SUBSCRIPTION_ID>", + /// ClientId = "<client-id>", + /// ClientSecret = "<client-secret>", + /// SubscriptionId = "<subscription-id>", /// }, /// }); /// @@ -660,11 +721,11 @@ namespace Pulumi.Rancher2 /// AksConfigV2 = new Rancher2.Inputs.ClusterAksConfigV2Args /// { /// CloudCredentialId = foo_aks.Id, - /// ResourceGroup = "<RESOURCE_GROUP>", - /// ResourceLocation = "<RESOURCE_LOCATION>", - /// DnsPrefix = "<DNS_PREFIX>", + /// ResourceGroup = "<resource-group>", + /// ResourceLocation = "<resource-location>", + /// DnsPrefix = "<dns-prefix>", /// KubernetesVersion = "1.24.6", - /// NetworkPlugin = "<NETWORK_PLUGIN>", + /// NetworkPlugin = "<network-plugin>", /// NodePools = new[] /// { /// new Rancher2.Inputs.ClusterAksConfigV2NodePoolArgs @@ -675,7 +736,7 @@ namespace Pulumi.Rancher2 /// "2", /// "3", /// }, - /// Name = "<NODEPOOL_NAME_1>", + /// Name = "<nodepool-name-1>", /// Mode = "System", /// Count = 1, /// OrchestratorVersion = "1.21.2", @@ -690,7 +751,7 @@ namespace Pulumi.Rancher2 /// "2", /// "3", /// }, - /// Name = "<NODEPOOL_NAME_2>", + /// Name = "<nodepool-name-2>", /// Count = 1, /// Mode = "User", /// OrchestratorVersion = "1.21.2", @@ -805,7 +866,7 @@ public partial class Cluster : global::Pulumi.CustomResource public Output ClusterTemplateRevisionId { get; private set; } = null!; /// - /// Cluster default pod security admission configuration template name (string) + /// The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) /// [Output("defaultPodSecurityAdmissionConfigurationTemplateName")] public Output DefaultPodSecurityAdmissionConfigurationTemplateName { get; private set; } = null!; @@ -1114,7 +1175,7 @@ public InputList ClusterTemplateQuest public Input? ClusterTemplateRevisionId { get; set; } /// - /// Cluster default pod security admission configuration template name (string) + /// The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) /// [Input("defaultPodSecurityAdmissionConfigurationTemplateName")] public Input? DefaultPodSecurityAdmissionConfigurationTemplateName { get; set; } @@ -1384,7 +1445,7 @@ public InputList ClusterTemplateQu public Input? ClusterTemplateRevisionId { get; set; } /// - /// Cluster default pod security admission configuration template name (string) + /// The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) /// [Input("defaultPodSecurityAdmissionConfigurationTemplateName")] public Input? DefaultPodSecurityAdmissionConfigurationTemplateName { get; set; } diff --git a/sdk/dotnet/GetPodSecurityAdmissionConfigurationTemplate.cs b/sdk/dotnet/GetPodSecurityAdmissionConfigurationTemplate.cs new file mode 100644 index 000000000..dcc4ad990 --- /dev/null +++ b/sdk/dotnet/GetPodSecurityAdmissionConfigurationTemplate.cs @@ -0,0 +1,116 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2 +{ + public static class GetPodSecurityAdmissionConfigurationTemplate + { + public static Task InvokeAsync(GetPodSecurityAdmissionConfigurationTemplateArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate", args ?? new GetPodSecurityAdmissionConfigurationTemplateArgs(), options.WithDefaults()); + + public static Output Invoke(GetPodSecurityAdmissionConfigurationTemplateInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate", args ?? new GetPodSecurityAdmissionConfigurationTemplateInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetPodSecurityAdmissionConfigurationTemplateArgs : global::Pulumi.InvokeArgs + { + [Input("annotations")] + private Dictionary? _annotations; + public Dictionary Annotations + { + get => _annotations ?? (_annotations = new Dictionary()); + set => _annotations = value; + } + + [Input("labels")] + private Dictionary? _labels; + public Dictionary Labels + { + get => _labels ?? (_labels = new Dictionary()); + set => _labels = value; + } + + [Input("name", required: true)] + public string Name { get; set; } = null!; + + public GetPodSecurityAdmissionConfigurationTemplateArgs() + { + } + public static new GetPodSecurityAdmissionConfigurationTemplateArgs Empty => new GetPodSecurityAdmissionConfigurationTemplateArgs(); + } + + public sealed class GetPodSecurityAdmissionConfigurationTemplateInvokeArgs : global::Pulumi.InvokeArgs + { + [Input("annotations")] + private InputMap? _annotations; + public InputMap Annotations + { + get => _annotations ?? (_annotations = new InputMap()); + set => _annotations = value; + } + + [Input("labels")] + private InputMap? _labels; + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + [Input("name", required: true)] + public Input Name { get; set; } = null!; + + public GetPodSecurityAdmissionConfigurationTemplateInvokeArgs() + { + } + public static new GetPodSecurityAdmissionConfigurationTemplateInvokeArgs Empty => new GetPodSecurityAdmissionConfigurationTemplateInvokeArgs(); + } + + + [OutputType] + public sealed class GetPodSecurityAdmissionConfigurationTemplateResult + { + public readonly ImmutableDictionary Annotations; + public readonly Outputs.GetPodSecurityAdmissionConfigurationTemplateDefaultsResult Defaults; + public readonly string Description; + public readonly Outputs.GetPodSecurityAdmissionConfigurationTemplateExemptionsResult Exemptions; + /// + /// The provider-assigned unique ID for this managed resource. + /// + public readonly string Id; + public readonly ImmutableDictionary Labels; + public readonly string Name; + + [OutputConstructor] + private GetPodSecurityAdmissionConfigurationTemplateResult( + ImmutableDictionary annotations, + + Outputs.GetPodSecurityAdmissionConfigurationTemplateDefaultsResult defaults, + + string description, + + Outputs.GetPodSecurityAdmissionConfigurationTemplateExemptionsResult exemptions, + + string id, + + ImmutableDictionary labels, + + string name) + { + Annotations = annotations; + Defaults = defaults; + Description = description; + Exemptions = exemptions; + Id = id; + Labels = labels; + Name = name; + } + } +} diff --git a/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.cs b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.cs new file mode 100644 index 000000000..1f14fd60a --- /dev/null +++ b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Inputs +{ + + public sealed class PodSecurityAdmissionConfigurationTemplateDefaultsArgs : global::Pulumi.ResourceArgs + { + /// + /// Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + [Input("audit")] + public Input? Audit { get; set; } + + /// + /// Pod Security Admission Configuration audit version (default: latest) + /// + [Input("auditVersion")] + public Input? AuditVersion { get; set; } + + /// + /// Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + [Input("enforce")] + public Input? Enforce { get; set; } + + /// + /// Pod Security Admission Configuration enforce version (default: latest) + /// + [Input("enforceVersion")] + public Input? EnforceVersion { get; set; } + + /// + /// Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + [Input("warn")] + public Input? Warn { get; set; } + + /// + /// Pod Security Admission Configuration warn version (default: latest) + /// + [Input("warnVersion")] + public Input? WarnVersion { get; set; } + + public PodSecurityAdmissionConfigurationTemplateDefaultsArgs() + { + } + public static new PodSecurityAdmissionConfigurationTemplateDefaultsArgs Empty => new PodSecurityAdmissionConfigurationTemplateDefaultsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs.cs b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs.cs new file mode 100644 index 000000000..b39baca39 --- /dev/null +++ b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Inputs +{ + + public sealed class PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + [Input("audit")] + public Input? Audit { get; set; } + + /// + /// Pod Security Admission Configuration audit version (default: latest) + /// + [Input("auditVersion")] + public Input? AuditVersion { get; set; } + + /// + /// Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + [Input("enforce")] + public Input? Enforce { get; set; } + + /// + /// Pod Security Admission Configuration enforce version (default: latest) + /// + [Input("enforceVersion")] + public Input? EnforceVersion { get; set; } + + /// + /// Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + [Input("warn")] + public Input? Warn { get; set; } + + /// + /// Pod Security Admission Configuration warn version (default: latest) + /// + [Input("warnVersion")] + public Input? WarnVersion { get; set; } + + public PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs() + { + } + public static new PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs Empty => new PodSecurityAdmissionConfigurationTemplateDefaultsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.cs b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.cs new file mode 100644 index 000000000..74c0a918a --- /dev/null +++ b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Inputs +{ + + public sealed class PodSecurityAdmissionConfigurationTemplateExemptionsArgs : global::Pulumi.ResourceArgs + { + [Input("namespaces")] + private InputList? _namespaces; + + /// + /// Pod Security Admission Configuration namespace exemptions + /// + public InputList Namespaces + { + get => _namespaces ?? (_namespaces = new InputList()); + set => _namespaces = value; + } + + [Input("runtimeClasses")] + private InputList? _runtimeClasses; + + /// + /// Pod Security Admission Configuration runtime class exemptions + /// + public InputList RuntimeClasses + { + get => _runtimeClasses ?? (_runtimeClasses = new InputList()); + set => _runtimeClasses = value; + } + + [Input("usernames")] + private InputList? _usernames; + + /// + /// Pod Security Admission Configuration username exemptions + /// + public InputList Usernames + { + get => _usernames ?? (_usernames = new InputList()); + set => _usernames = value; + } + + public PodSecurityAdmissionConfigurationTemplateExemptionsArgs() + { + } + public static new PodSecurityAdmissionConfigurationTemplateExemptionsArgs Empty => new PodSecurityAdmissionConfigurationTemplateExemptionsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs.cs b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs.cs new file mode 100644 index 000000000..c47f5fa3d --- /dev/null +++ b/sdk/dotnet/Inputs/PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Inputs +{ + + public sealed class PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs : global::Pulumi.ResourceArgs + { + [Input("namespaces")] + private InputList? _namespaces; + + /// + /// Pod Security Admission Configuration namespace exemptions + /// + public InputList Namespaces + { + get => _namespaces ?? (_namespaces = new InputList()); + set => _namespaces = value; + } + + [Input("runtimeClasses")] + private InputList? _runtimeClasses; + + /// + /// Pod Security Admission Configuration runtime class exemptions + /// + public InputList RuntimeClasses + { + get => _runtimeClasses ?? (_runtimeClasses = new InputList()); + set => _runtimeClasses = value; + } + + [Input("usernames")] + private InputList? _usernames; + + /// + /// Pod Security Admission Configuration username exemptions + /// + public InputList Usernames + { + get => _usernames ?? (_usernames = new InputList()); + set => _usernames = value; + } + + public PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs() + { + } + public static new PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs Empty => new PodSecurityAdmissionConfigurationTemplateExemptionsGetArgs(); + } +} diff --git a/sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateDefaultsResult.cs b/sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateDefaultsResult.cs new file mode 100644 index 000000000..670e0f024 --- /dev/null +++ b/sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateDefaultsResult.cs @@ -0,0 +1,63 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Outputs +{ + + [OutputType] + public sealed class GetPodSecurityAdmissionConfigurationTemplateDefaultsResult + { + /// + /// Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + public readonly string? Audit; + /// + /// Pod Security Admission Configuration audit version (default: latest) + /// + public readonly string? AuditVersion; + /// + /// Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + public readonly string? Enforce; + /// + /// Pod Security Admission Configuration enforce version (default: latest) + /// + public readonly string? EnforceVersion; + /// + /// Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + public readonly string? Warn; + /// + /// Pod Security Admission Configuration warn version (default: latest) + /// + public readonly string? WarnVersion; + + [OutputConstructor] + private GetPodSecurityAdmissionConfigurationTemplateDefaultsResult( + string? audit, + + string? auditVersion, + + string? enforce, + + string? enforceVersion, + + string? warn, + + string? warnVersion) + { + Audit = audit; + AuditVersion = auditVersion; + Enforce = enforce; + EnforceVersion = enforceVersion; + Warn = warn; + WarnVersion = warnVersion; + } + } +} diff --git a/sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateExemptionsResult.cs b/sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateExemptionsResult.cs new file mode 100644 index 000000000..d840ee11c --- /dev/null +++ b/sdk/dotnet/Outputs/GetPodSecurityAdmissionConfigurationTemplateExemptionsResult.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Outputs +{ + + [OutputType] + public sealed class GetPodSecurityAdmissionConfigurationTemplateExemptionsResult + { + /// + /// Pod Security Admission Configuration namespace exemptions + /// + public readonly ImmutableArray Namespaces; + /// + /// Pod Security Admission Configuration runtime class exemptions + /// + public readonly ImmutableArray RuntimeClasses; + /// + /// Pod Security Admission Configuration username exemptions + /// + public readonly ImmutableArray Usernames; + + [OutputConstructor] + private GetPodSecurityAdmissionConfigurationTemplateExemptionsResult( + ImmutableArray namespaces, + + ImmutableArray runtimeClasses, + + ImmutableArray usernames) + { + Namespaces = namespaces; + RuntimeClasses = runtimeClasses; + Usernames = usernames; + } + } +} diff --git a/sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateDefaults.cs b/sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateDefaults.cs new file mode 100644 index 000000000..416dd96cb --- /dev/null +++ b/sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateDefaults.cs @@ -0,0 +1,63 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Outputs +{ + + [OutputType] + public sealed class PodSecurityAdmissionConfigurationTemplateDefaults + { + /// + /// Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + public readonly string? Audit; + /// + /// Pod Security Admission Configuration audit version (default: latest) + /// + public readonly string? AuditVersion; + /// + /// Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + public readonly string? Enforce; + /// + /// Pod Security Admission Configuration enforce version (default: latest) + /// + public readonly string? EnforceVersion; + /// + /// Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + /// + public readonly string? Warn; + /// + /// Pod Security Admission Configuration warn version (default: latest) + /// + public readonly string? WarnVersion; + + [OutputConstructor] + private PodSecurityAdmissionConfigurationTemplateDefaults( + string? audit, + + string? auditVersion, + + string? enforce, + + string? enforceVersion, + + string? warn, + + string? warnVersion) + { + Audit = audit; + AuditVersion = auditVersion; + Enforce = enforce; + EnforceVersion = enforceVersion; + Warn = warn; + WarnVersion = warnVersion; + } + } +} diff --git a/sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateExemptions.cs b/sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateExemptions.cs new file mode 100644 index 000000000..c6c9edb2d --- /dev/null +++ b/sdk/dotnet/Outputs/PodSecurityAdmissionConfigurationTemplateExemptions.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2.Outputs +{ + + [OutputType] + public sealed class PodSecurityAdmissionConfigurationTemplateExemptions + { + /// + /// Pod Security Admission Configuration namespace exemptions + /// + public readonly ImmutableArray Namespaces; + /// + /// Pod Security Admission Configuration runtime class exemptions + /// + public readonly ImmutableArray RuntimeClasses; + /// + /// Pod Security Admission Configuration username exemptions + /// + public readonly ImmutableArray Usernames; + + [OutputConstructor] + private PodSecurityAdmissionConfigurationTemplateExemptions( + ImmutableArray namespaces, + + ImmutableArray runtimeClasses, + + ImmutableArray usernames) + { + Namespaces = namespaces; + RuntimeClasses = runtimeClasses; + Usernames = usernames; + } + } +} diff --git a/sdk/dotnet/PodSecurityAdmissionConfigurationTemplate.cs b/sdk/dotnet/PodSecurityAdmissionConfigurationTemplate.cs new file mode 100644 index 000000000..8a6a5078a --- /dev/null +++ b/sdk/dotnet/PodSecurityAdmissionConfigurationTemplate.cs @@ -0,0 +1,209 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Rancher2 +{ + [Rancher2ResourceType("rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate")] + public partial class PodSecurityAdmissionConfigurationTemplate : global::Pulumi.CustomResource + { + /// + /// Annotations of the resource + /// + [Output("annotations")] + public Output> Annotations { get; private set; } = null!; + + /// + /// defaults allows the user to define admission control mode for Pod Security + /// + [Output("defaults")] + public Output Defaults { get; private set; } = null!; + + /// + /// Pod Security Admission Configuration template description + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + /// prohibited + /// + [Output("exemptions")] + public Output Exemptions { get; private set; } = null!; + + /// + /// Labels of the resource + /// + [Output("labels")] + public Output> Labels { get; private set; } = null!; + + /// + /// Pod Security Admission Configuration template name + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + + /// + /// Create a PodSecurityAdmissionConfigurationTemplate resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public PodSecurityAdmissionConfigurationTemplate(string name, PodSecurityAdmissionConfigurationTemplateArgs args, CustomResourceOptions? options = null) + : base("rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate", name, args ?? new PodSecurityAdmissionConfigurationTemplateArgs(), MakeResourceOptions(options, "")) + { + } + + private PodSecurityAdmissionConfigurationTemplate(string name, Input id, PodSecurityAdmissionConfigurationTemplateState? state = null, CustomResourceOptions? options = null) + : base("rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing PodSecurityAdmissionConfigurationTemplate resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static PodSecurityAdmissionConfigurationTemplate Get(string name, Input id, PodSecurityAdmissionConfigurationTemplateState? state = null, CustomResourceOptions? options = null) + { + return new PodSecurityAdmissionConfigurationTemplate(name, id, state, options); + } + } + + public sealed class PodSecurityAdmissionConfigurationTemplateArgs : global::Pulumi.ResourceArgs + { + [Input("annotations")] + private InputMap? _annotations; + + /// + /// Annotations of the resource + /// + public InputMap Annotations + { + get => _annotations ?? (_annotations = new InputMap()); + set => _annotations = value; + } + + /// + /// defaults allows the user to define admission control mode for Pod Security + /// + [Input("defaults", required: true)] + public Input Defaults { get; set; } = null!; + + /// + /// Pod Security Admission Configuration template description + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + /// prohibited + /// + [Input("exemptions")] + public Input? Exemptions { get; set; } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Labels of the resource + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// Pod Security Admission Configuration template name + /// + [Input("name")] + public Input? Name { get; set; } + + public PodSecurityAdmissionConfigurationTemplateArgs() + { + } + public static new PodSecurityAdmissionConfigurationTemplateArgs Empty => new PodSecurityAdmissionConfigurationTemplateArgs(); + } + + public sealed class PodSecurityAdmissionConfigurationTemplateState : global::Pulumi.ResourceArgs + { + [Input("annotations")] + private InputMap? _annotations; + + /// + /// Annotations of the resource + /// + public InputMap Annotations + { + get => _annotations ?? (_annotations = new InputMap()); + set => _annotations = value; + } + + /// + /// defaults allows the user to define admission control mode for Pod Security + /// + [Input("defaults")] + public Input? Defaults { get; set; } + + /// + /// Pod Security Admission Configuration template description + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + /// prohibited + /// + [Input("exemptions")] + public Input? Exemptions { get; set; } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Labels of the resource + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// Pod Security Admission Configuration template name + /// + [Input("name")] + public Input? Name { get; set; } + + public PodSecurityAdmissionConfigurationTemplateState() + { + } + public static new PodSecurityAdmissionConfigurationTemplateState Empty => new PodSecurityAdmissionConfigurationTemplateState(); + } +} diff --git a/sdk/go/rancher2/cluster.go b/sdk/go/rancher2/cluster.go index 25d41cb80..857bf5f98 100644 --- a/sdk/go/rancher2/cluster.go +++ b/sdk/go/rancher2/cluster.go @@ -507,6 +507,67 @@ import ( // ``` // // +// ### Creating Rancher v2 RKE cluster with Pod Security Admission Configuration Template (PSACT). For Rancher v2.7.2 and above. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// // Custom PSACT (if you wish to use your own) +// _, err := rancher2.NewPodSecurityAdmissionConfigurationTemplate(ctx, "fooPodSecurityAdmissionConfigurationTemplate", &rancher2.PodSecurityAdmissionConfigurationTemplateArgs{ +// Defaults: &rancher2.PodSecurityAdmissionConfigurationTemplateDefaultsArgs{ +// Audit: pulumi.String("restricted"), +// AuditVersion: pulumi.String("latest"), +// Enforce: pulumi.String("restricted"), +// EnforceVersion: pulumi.String("latest"), +// Warn: pulumi.String("restricted"), +// WarnVersion: pulumi.String("latest"), +// }, +// Description: pulumi.String("This is my custom Pod Security Admission Configuration Template"), +// Exemptions: &rancher2.PodSecurityAdmissionConfigurationTemplateExemptionsArgs{ +// Namespaces: pulumi.StringArray{ +// pulumi.String("ingress-nginx"), +// pulumi.String("kube-system"), +// }, +// RuntimeClasses: pulumi.StringArray{ +// pulumi.String("testclass"), +// }, +// Usernames: pulumi.StringArray{ +// pulumi.String("testuser"), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// _, err = rancher2.NewCluster(ctx, "fooCluster", &rancher2.ClusterArgs{ +// DefaultPodSecurityAdmissionConfigurationTemplateName: pulumi.String(""), +// Description: pulumi.String("Terraform cluster with PSACT"), +// RkeConfig: &rancher2.ClusterRkeConfigArgs{ +// Network: &rancher2.ClusterRkeConfigNetworkArgs{ +// Plugin: pulumi.String("canal"), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ### Importing EKS cluster to Rancher v2, using `eksConfigV2`. For Rancher v2.5.x and above. // // @@ -525,8 +586,8 @@ import ( // fooCloudCredential, err := rancher2.NewCloudCredential(ctx, "fooCloudCredential", &rancher2.CloudCredentialArgs{ // Description: pulumi.String("foo test"), // Amazonec2CredentialConfig: &rancher2.CloudCredentialAmazonec2CredentialConfigArgs{ -// AccessKey: pulumi.String(""), -// SecretKey: pulumi.String(""), +// AccessKey: pulumi.String(""), +// SecretKey: pulumi.String(""), // }, // }) // if err != nil { @@ -536,8 +597,8 @@ import ( // Description: pulumi.String("Terraform EKS cluster"), // EksConfigV2: &rancher2.ClusterEksConfigV2Args{ // CloudCredentialId: fooCloudCredential.ID(), -// Name: pulumi.String(""), -// Region: pulumi.String(""), +// Name: pulumi.String(""), +// Region: pulumi.String(""), // Imported: pulumi.Bool(true), // }, // }) @@ -569,8 +630,8 @@ import ( // fooCloudCredential, err := rancher2.NewCloudCredential(ctx, "fooCloudCredential", &rancher2.CloudCredentialArgs{ // Description: pulumi.String("foo test"), // Amazonec2CredentialConfig: &rancher2.CloudCredentialAmazonec2CredentialConfigArgs{ -// AccessKey: pulumi.String(""), -// SecretKey: pulumi.String(""), +// AccessKey: pulumi.String(""), +// SecretKey: pulumi.String(""), // }, // }) // if err != nil { @@ -617,6 +678,8 @@ import ( // // ### Creating EKS cluster from Rancher v2, using `eksConfigV2` and launch template. For Rancher v2.5.6 and above. // +// Note: To use `launchTemplate` you must provide the ID (seen as ``) to the template either as a static value. Or fetched via AWS data-source using one of: awsAmi first and provide the ID to that. +// // // ```go // package main @@ -633,8 +696,8 @@ import ( // fooCloudCredential, err := rancher2.NewCloudCredential(ctx, "fooCloudCredential", &rancher2.CloudCredentialArgs{ // Description: pulumi.String("foo test"), // Amazonec2CredentialConfig: &rancher2.CloudCredentialAmazonec2CredentialConfigArgs{ -// AccessKey: pulumi.String(""), -// SecretKey: pulumi.String(""), +// AccessKey: pulumi.String(""), +// SecretKey: pulumi.String(""), // }, // }) // if err != nil { @@ -657,7 +720,7 @@ import ( // Name: pulumi.String("node_group1"), // LaunchTemplates: rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArray{ // &rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArgs{ -// Id: pulumi.String(""), +// Id: pulumi.String(""), // Version: pulumi.Int(1), // }, // }, @@ -694,9 +757,9 @@ import ( // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := rancher2.NewCloudCredential(ctx, "foo-aks", &rancher2.CloudCredentialArgs{ // AzureCredentialConfig: &rancher2.CloudCredentialAzureCredentialConfigArgs{ -// ClientId: pulumi.String(""), -// ClientSecret: pulumi.String(""), -// SubscriptionId: pulumi.String(""), +// ClientId: pulumi.String(""), +// ClientSecret: pulumi.String(""), +// SubscriptionId: pulumi.String(""), // }, // }) // if err != nil { @@ -706,11 +769,11 @@ import ( // Description: pulumi.String("Terraform AKS cluster"), // AksConfigV2: &rancher2.ClusterAksConfigV2Args{ // CloudCredentialId: foo_aks.ID(), -// ResourceGroup: pulumi.String(""), -// ResourceLocation: pulumi.String(""), -// DnsPrefix: pulumi.String(""), +// ResourceGroup: pulumi.String(""), +// ResourceLocation: pulumi.String(""), +// DnsPrefix: pulumi.String(""), // KubernetesVersion: pulumi.String("1.24.6"), -// NetworkPlugin: pulumi.String(""), +// NetworkPlugin: pulumi.String(""), // NodePools: rancher2.ClusterAksConfigV2NodePoolArray{ // &rancher2.ClusterAksConfigV2NodePoolArgs{ // AvailabilityZones: pulumi.StringArray{ @@ -718,7 +781,7 @@ import ( // pulumi.String("2"), // pulumi.String("3"), // }, -// Name: pulumi.String(""), +// Name: pulumi.String(""), // Mode: pulumi.String("System"), // Count: pulumi.Int(1), // OrchestratorVersion: pulumi.String("1.21.2"), @@ -731,7 +794,7 @@ import ( // pulumi.String("2"), // pulumi.String("3"), // }, -// Name: pulumi.String(""), +// Name: pulumi.String(""), // Count: pulumi.Int(1), // Mode: pulumi.String("User"), // OrchestratorVersion: pulumi.String("1.21.2"), @@ -795,7 +858,7 @@ type Cluster struct { ClusterTemplateQuestions ClusterClusterTemplateQuestionArrayOutput `pulumi:"clusterTemplateQuestions"` // Cluster template revision ID. For Rancher v2.3.x and above (string) ClusterTemplateRevisionId pulumi.StringPtrOutput `pulumi:"clusterTemplateRevisionId"` - // Cluster default pod security admission configuration template name (string) + // The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) DefaultPodSecurityAdmissionConfigurationTemplateName pulumi.StringOutput `pulumi:"defaultPodSecurityAdmissionConfigurationTemplateName"` // [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) DefaultPodSecurityPolicyTemplateId pulumi.StringOutput `pulumi:"defaultPodSecurityPolicyTemplateId"` @@ -916,7 +979,7 @@ type clusterState struct { ClusterTemplateQuestions []ClusterClusterTemplateQuestion `pulumi:"clusterTemplateQuestions"` // Cluster template revision ID. For Rancher v2.3.x and above (string) ClusterTemplateRevisionId *string `pulumi:"clusterTemplateRevisionId"` - // Cluster default pod security admission configuration template name (string) + // The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) DefaultPodSecurityAdmissionConfigurationTemplateName *string `pulumi:"defaultPodSecurityAdmissionConfigurationTemplateName"` // [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) DefaultPodSecurityPolicyTemplateId *string `pulumi:"defaultPodSecurityPolicyTemplateId"` @@ -1003,7 +1066,7 @@ type ClusterState struct { ClusterTemplateQuestions ClusterClusterTemplateQuestionArrayInput // Cluster template revision ID. For Rancher v2.3.x and above (string) ClusterTemplateRevisionId pulumi.StringPtrInput - // Cluster default pod security admission configuration template name (string) + // The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) DefaultPodSecurityAdmissionConfigurationTemplateName pulumi.StringPtrInput // [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) DefaultPodSecurityPolicyTemplateId pulumi.StringPtrInput @@ -1090,7 +1153,7 @@ type clusterArgs struct { ClusterTemplateQuestions []ClusterClusterTemplateQuestion `pulumi:"clusterTemplateQuestions"` // Cluster template revision ID. For Rancher v2.3.x and above (string) ClusterTemplateRevisionId *string `pulumi:"clusterTemplateRevisionId"` - // Cluster default pod security admission configuration template name (string) + // The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) DefaultPodSecurityAdmissionConfigurationTemplateName *string `pulumi:"defaultPodSecurityAdmissionConfigurationTemplateName"` // [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) DefaultPodSecurityPolicyTemplateId *string `pulumi:"defaultPodSecurityPolicyTemplateId"` @@ -1162,7 +1225,7 @@ type ClusterArgs struct { ClusterTemplateQuestions ClusterClusterTemplateQuestionArrayInput // Cluster template revision ID. For Rancher v2.3.x and above (string) ClusterTemplateRevisionId pulumi.StringPtrInput - // Cluster default pod security admission configuration template name (string) + // The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) DefaultPodSecurityAdmissionConfigurationTemplateName pulumi.StringPtrInput // [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) DefaultPodSecurityPolicyTemplateId pulumi.StringPtrInput @@ -1364,7 +1427,7 @@ func (o ClusterOutput) ClusterTemplateRevisionId() pulumi.StringPtrOutput { return o.ApplyT(func(v *Cluster) pulumi.StringPtrOutput { return v.ClusterTemplateRevisionId }).(pulumi.StringPtrOutput) } -// Cluster default pod security admission configuration template name (string) +// The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) func (o ClusterOutput) DefaultPodSecurityAdmissionConfigurationTemplateName() pulumi.StringOutput { return o.ApplyT(func(v *Cluster) pulumi.StringOutput { return v.DefaultPodSecurityAdmissionConfigurationTemplateName }).(pulumi.StringOutput) } diff --git a/sdk/go/rancher2/getPodSecurityAdmissionConfigurationTemplate.go b/sdk/go/rancher2/getPodSecurityAdmissionConfigurationTemplate.go new file mode 100644 index 000000000..90eec3ce8 --- /dev/null +++ b/sdk/go/rancher2/getPodSecurityAdmissionConfigurationTemplate.go @@ -0,0 +1,119 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package rancher2 + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +func LookupPodSecurityAdmissionConfigurationTemplate(ctx *pulumi.Context, args *LookupPodSecurityAdmissionConfigurationTemplateArgs, opts ...pulumi.InvokeOption) (*LookupPodSecurityAdmissionConfigurationTemplateResult, error) { + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupPodSecurityAdmissionConfigurationTemplateResult + err := ctx.Invoke("rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate", args, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +// A collection of arguments for invoking getPodSecurityAdmissionConfigurationTemplate. +type LookupPodSecurityAdmissionConfigurationTemplateArgs struct { + Annotations map[string]interface{} `pulumi:"annotations"` + Labels map[string]interface{} `pulumi:"labels"` + Name string `pulumi:"name"` +} + +// A collection of values returned by getPodSecurityAdmissionConfigurationTemplate. +type LookupPodSecurityAdmissionConfigurationTemplateResult struct { + Annotations map[string]interface{} `pulumi:"annotations"` + Defaults GetPodSecurityAdmissionConfigurationTemplateDefaults `pulumi:"defaults"` + Description string `pulumi:"description"` + Exemptions GetPodSecurityAdmissionConfigurationTemplateExemptions `pulumi:"exemptions"` + // The provider-assigned unique ID for this managed resource. + Id string `pulumi:"id"` + Labels map[string]interface{} `pulumi:"labels"` + Name string `pulumi:"name"` +} + +func LookupPodSecurityAdmissionConfigurationTemplateOutput(ctx *pulumi.Context, args LookupPodSecurityAdmissionConfigurationTemplateOutputArgs, opts ...pulumi.InvokeOption) LookupPodSecurityAdmissionConfigurationTemplateResultOutput { + return pulumi.ToOutputWithContext(context.Background(), args). + ApplyT(func(v interface{}) (LookupPodSecurityAdmissionConfigurationTemplateResult, error) { + args := v.(LookupPodSecurityAdmissionConfigurationTemplateArgs) + r, err := LookupPodSecurityAdmissionConfigurationTemplate(ctx, &args, opts...) + var s LookupPodSecurityAdmissionConfigurationTemplateResult + if r != nil { + s = *r + } + return s, err + }).(LookupPodSecurityAdmissionConfigurationTemplateResultOutput) +} + +// A collection of arguments for invoking getPodSecurityAdmissionConfigurationTemplate. +type LookupPodSecurityAdmissionConfigurationTemplateOutputArgs struct { + Annotations pulumi.MapInput `pulumi:"annotations"` + Labels pulumi.MapInput `pulumi:"labels"` + Name pulumi.StringInput `pulumi:"name"` +} + +func (LookupPodSecurityAdmissionConfigurationTemplateOutputArgs) ElementType() reflect.Type { + return reflect.TypeOf((*LookupPodSecurityAdmissionConfigurationTemplateArgs)(nil)).Elem() +} + +// A collection of values returned by getPodSecurityAdmissionConfigurationTemplate. +type LookupPodSecurityAdmissionConfigurationTemplateResultOutput struct{ *pulumi.OutputState } + +func (LookupPodSecurityAdmissionConfigurationTemplateResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LookupPodSecurityAdmissionConfigurationTemplateResult)(nil)).Elem() +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) ToLookupPodSecurityAdmissionConfigurationTemplateResultOutput() LookupPodSecurityAdmissionConfigurationTemplateResultOutput { + return o +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) ToLookupPodSecurityAdmissionConfigurationTemplateResultOutputWithContext(ctx context.Context) LookupPodSecurityAdmissionConfigurationTemplateResultOutput { + return o +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) Annotations() pulumi.MapOutput { + return o.ApplyT(func(v LookupPodSecurityAdmissionConfigurationTemplateResult) map[string]interface{} { + return v.Annotations + }).(pulumi.MapOutput) +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) Defaults() GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return o.ApplyT(func(v LookupPodSecurityAdmissionConfigurationTemplateResult) GetPodSecurityAdmissionConfigurationTemplateDefaults { + return v.Defaults + }).(GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) Description() pulumi.StringOutput { + return o.ApplyT(func(v LookupPodSecurityAdmissionConfigurationTemplateResult) string { return v.Description }).(pulumi.StringOutput) +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) Exemptions() GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return o.ApplyT(func(v LookupPodSecurityAdmissionConfigurationTemplateResult) GetPodSecurityAdmissionConfigurationTemplateExemptions { + return v.Exemptions + }).(GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v LookupPodSecurityAdmissionConfigurationTemplateResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) Labels() pulumi.MapOutput { + return o.ApplyT(func(v LookupPodSecurityAdmissionConfigurationTemplateResult) map[string]interface{} { return v.Labels }).(pulumi.MapOutput) +} + +func (o LookupPodSecurityAdmissionConfigurationTemplateResultOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v LookupPodSecurityAdmissionConfigurationTemplateResult) string { return v.Name }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterOutputType(LookupPodSecurityAdmissionConfigurationTemplateResultOutput{}) +} diff --git a/sdk/go/rancher2/init.go b/sdk/go/rancher2/init.go index 34df5284f..cbafdf4ec 100644 --- a/sdk/go/rancher2/init.go +++ b/sdk/go/rancher2/init.go @@ -99,6 +99,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &NodeTemplate{} case "rancher2:index/notifier:Notifier": r = &Notifier{} + case "rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate": + r = &PodSecurityAdmissionConfigurationTemplate{} case "rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate": r = &PodSecurityPolicyTemplate{} case "rancher2:index/project:Project": @@ -351,6 +353,11 @@ func init() { "index/notifier", &module{version}, ) + pulumi.RegisterResourceModule( + "rancher2", + "index/podSecurityAdmissionConfigurationTemplate", + &module{version}, + ) pulumi.RegisterResourceModule( "rancher2", "index/podSecurityPolicyTemplate", diff --git a/sdk/go/rancher2/podSecurityAdmissionConfigurationTemplate.go b/sdk/go/rancher2/podSecurityAdmissionConfigurationTemplate.go new file mode 100644 index 000000000..85bcd7096 --- /dev/null +++ b/sdk/go/rancher2/podSecurityAdmissionConfigurationTemplate.go @@ -0,0 +1,303 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package rancher2 + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-rancher2/sdk/v6/go/rancher2/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +type PodSecurityAdmissionConfigurationTemplate struct { + pulumi.CustomResourceState + + // Annotations of the resource + Annotations pulumi.MapOutput `pulumi:"annotations"` + // defaults allows the user to define admission control mode for Pod Security + Defaults PodSecurityAdmissionConfigurationTemplateDefaultsOutput `pulumi:"defaults"` + // Pod Security Admission Configuration template description + Description pulumi.StringPtrOutput `pulumi:"description"` + // exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + // prohibited + Exemptions PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput `pulumi:"exemptions"` + // Labels of the resource + Labels pulumi.MapOutput `pulumi:"labels"` + // Pod Security Admission Configuration template name + Name pulumi.StringOutput `pulumi:"name"` +} + +// NewPodSecurityAdmissionConfigurationTemplate registers a new resource with the given unique name, arguments, and options. +func NewPodSecurityAdmissionConfigurationTemplate(ctx *pulumi.Context, + name string, args *PodSecurityAdmissionConfigurationTemplateArgs, opts ...pulumi.ResourceOption) (*PodSecurityAdmissionConfigurationTemplate, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Defaults == nil { + return nil, errors.New("invalid value for required argument 'Defaults'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource PodSecurityAdmissionConfigurationTemplate + err := ctx.RegisterResource("rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetPodSecurityAdmissionConfigurationTemplate gets an existing PodSecurityAdmissionConfigurationTemplate resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetPodSecurityAdmissionConfigurationTemplate(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *PodSecurityAdmissionConfigurationTemplateState, opts ...pulumi.ResourceOption) (*PodSecurityAdmissionConfigurationTemplate, error) { + var resource PodSecurityAdmissionConfigurationTemplate + err := ctx.ReadResource("rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering PodSecurityAdmissionConfigurationTemplate resources. +type podSecurityAdmissionConfigurationTemplateState struct { + // Annotations of the resource + Annotations map[string]interface{} `pulumi:"annotations"` + // defaults allows the user to define admission control mode for Pod Security + Defaults *PodSecurityAdmissionConfigurationTemplateDefaults `pulumi:"defaults"` + // Pod Security Admission Configuration template description + Description *string `pulumi:"description"` + // exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + // prohibited + Exemptions *PodSecurityAdmissionConfigurationTemplateExemptions `pulumi:"exemptions"` + // Labels of the resource + Labels map[string]interface{} `pulumi:"labels"` + // Pod Security Admission Configuration template name + Name *string `pulumi:"name"` +} + +type PodSecurityAdmissionConfigurationTemplateState struct { + // Annotations of the resource + Annotations pulumi.MapInput + // defaults allows the user to define admission control mode for Pod Security + Defaults PodSecurityAdmissionConfigurationTemplateDefaultsPtrInput + // Pod Security Admission Configuration template description + Description pulumi.StringPtrInput + // exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + // prohibited + Exemptions PodSecurityAdmissionConfigurationTemplateExemptionsPtrInput + // Labels of the resource + Labels pulumi.MapInput + // Pod Security Admission Configuration template name + Name pulumi.StringPtrInput +} + +func (PodSecurityAdmissionConfigurationTemplateState) ElementType() reflect.Type { + return reflect.TypeOf((*podSecurityAdmissionConfigurationTemplateState)(nil)).Elem() +} + +type podSecurityAdmissionConfigurationTemplateArgs struct { + // Annotations of the resource + Annotations map[string]interface{} `pulumi:"annotations"` + // defaults allows the user to define admission control mode for Pod Security + Defaults PodSecurityAdmissionConfigurationTemplateDefaults `pulumi:"defaults"` + // Pod Security Admission Configuration template description + Description *string `pulumi:"description"` + // exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + // prohibited + Exemptions *PodSecurityAdmissionConfigurationTemplateExemptions `pulumi:"exemptions"` + // Labels of the resource + Labels map[string]interface{} `pulumi:"labels"` + // Pod Security Admission Configuration template name + Name *string `pulumi:"name"` +} + +// The set of arguments for constructing a PodSecurityAdmissionConfigurationTemplate resource. +type PodSecurityAdmissionConfigurationTemplateArgs struct { + // Annotations of the resource + Annotations pulumi.MapInput + // defaults allows the user to define admission control mode for Pod Security + Defaults PodSecurityAdmissionConfigurationTemplateDefaultsInput + // Pod Security Admission Configuration template description + Description pulumi.StringPtrInput + // exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + // prohibited + Exemptions PodSecurityAdmissionConfigurationTemplateExemptionsPtrInput + // Labels of the resource + Labels pulumi.MapInput + // Pod Security Admission Configuration template name + Name pulumi.StringPtrInput +} + +func (PodSecurityAdmissionConfigurationTemplateArgs) ElementType() reflect.Type { + return reflect.TypeOf((*podSecurityAdmissionConfigurationTemplateArgs)(nil)).Elem() +} + +type PodSecurityAdmissionConfigurationTemplateInput interface { + pulumi.Input + + ToPodSecurityAdmissionConfigurationTemplateOutput() PodSecurityAdmissionConfigurationTemplateOutput + ToPodSecurityAdmissionConfigurationTemplateOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateOutput +} + +func (*PodSecurityAdmissionConfigurationTemplate) ElementType() reflect.Type { + return reflect.TypeOf((**PodSecurityAdmissionConfigurationTemplate)(nil)).Elem() +} + +func (i *PodSecurityAdmissionConfigurationTemplate) ToPodSecurityAdmissionConfigurationTemplateOutput() PodSecurityAdmissionConfigurationTemplateOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateOutputWithContext(context.Background()) +} + +func (i *PodSecurityAdmissionConfigurationTemplate) ToPodSecurityAdmissionConfigurationTemplateOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateOutput) +} + +// PodSecurityAdmissionConfigurationTemplateArrayInput is an input type that accepts PodSecurityAdmissionConfigurationTemplateArray and PodSecurityAdmissionConfigurationTemplateArrayOutput values. +// You can construct a concrete instance of `PodSecurityAdmissionConfigurationTemplateArrayInput` via: +// +// PodSecurityAdmissionConfigurationTemplateArray{ PodSecurityAdmissionConfigurationTemplateArgs{...} } +type PodSecurityAdmissionConfigurationTemplateArrayInput interface { + pulumi.Input + + ToPodSecurityAdmissionConfigurationTemplateArrayOutput() PodSecurityAdmissionConfigurationTemplateArrayOutput + ToPodSecurityAdmissionConfigurationTemplateArrayOutputWithContext(context.Context) PodSecurityAdmissionConfigurationTemplateArrayOutput +} + +type PodSecurityAdmissionConfigurationTemplateArray []PodSecurityAdmissionConfigurationTemplateInput + +func (PodSecurityAdmissionConfigurationTemplateArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*PodSecurityAdmissionConfigurationTemplate)(nil)).Elem() +} + +func (i PodSecurityAdmissionConfigurationTemplateArray) ToPodSecurityAdmissionConfigurationTemplateArrayOutput() PodSecurityAdmissionConfigurationTemplateArrayOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateArrayOutputWithContext(context.Background()) +} + +func (i PodSecurityAdmissionConfigurationTemplateArray) ToPodSecurityAdmissionConfigurationTemplateArrayOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateArrayOutput) +} + +// PodSecurityAdmissionConfigurationTemplateMapInput is an input type that accepts PodSecurityAdmissionConfigurationTemplateMap and PodSecurityAdmissionConfigurationTemplateMapOutput values. +// You can construct a concrete instance of `PodSecurityAdmissionConfigurationTemplateMapInput` via: +// +// PodSecurityAdmissionConfigurationTemplateMap{ "key": PodSecurityAdmissionConfigurationTemplateArgs{...} } +type PodSecurityAdmissionConfigurationTemplateMapInput interface { + pulumi.Input + + ToPodSecurityAdmissionConfigurationTemplateMapOutput() PodSecurityAdmissionConfigurationTemplateMapOutput + ToPodSecurityAdmissionConfigurationTemplateMapOutputWithContext(context.Context) PodSecurityAdmissionConfigurationTemplateMapOutput +} + +type PodSecurityAdmissionConfigurationTemplateMap map[string]PodSecurityAdmissionConfigurationTemplateInput + +func (PodSecurityAdmissionConfigurationTemplateMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*PodSecurityAdmissionConfigurationTemplate)(nil)).Elem() +} + +func (i PodSecurityAdmissionConfigurationTemplateMap) ToPodSecurityAdmissionConfigurationTemplateMapOutput() PodSecurityAdmissionConfigurationTemplateMapOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateMapOutputWithContext(context.Background()) +} + +func (i PodSecurityAdmissionConfigurationTemplateMap) ToPodSecurityAdmissionConfigurationTemplateMapOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateMapOutput) +} + +type PodSecurityAdmissionConfigurationTemplateOutput struct{ *pulumi.OutputState } + +func (PodSecurityAdmissionConfigurationTemplateOutput) ElementType() reflect.Type { + return reflect.TypeOf((**PodSecurityAdmissionConfigurationTemplate)(nil)).Elem() +} + +func (o PodSecurityAdmissionConfigurationTemplateOutput) ToPodSecurityAdmissionConfigurationTemplateOutput() PodSecurityAdmissionConfigurationTemplateOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateOutput) ToPodSecurityAdmissionConfigurationTemplateOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateOutput { + return o +} + +// Annotations of the resource +func (o PodSecurityAdmissionConfigurationTemplateOutput) Annotations() pulumi.MapOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplate) pulumi.MapOutput { return v.Annotations }).(pulumi.MapOutput) +} + +// defaults allows the user to define admission control mode for Pod Security +func (o PodSecurityAdmissionConfigurationTemplateOutput) Defaults() PodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplate) PodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return v.Defaults + }).(PodSecurityAdmissionConfigurationTemplateDefaultsOutput) +} + +// Pod Security Admission Configuration template description +func (o PodSecurityAdmissionConfigurationTemplateOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplate) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +// exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be +// prohibited +func (o PodSecurityAdmissionConfigurationTemplateOutput) Exemptions() PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplate) PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return v.Exemptions + }).(PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) +} + +// Labels of the resource +func (o PodSecurityAdmissionConfigurationTemplateOutput) Labels() pulumi.MapOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplate) pulumi.MapOutput { return v.Labels }).(pulumi.MapOutput) +} + +// Pod Security Admission Configuration template name +func (o PodSecurityAdmissionConfigurationTemplateOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplate) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +type PodSecurityAdmissionConfigurationTemplateArrayOutput struct{ *pulumi.OutputState } + +func (PodSecurityAdmissionConfigurationTemplateArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*PodSecurityAdmissionConfigurationTemplate)(nil)).Elem() +} + +func (o PodSecurityAdmissionConfigurationTemplateArrayOutput) ToPodSecurityAdmissionConfigurationTemplateArrayOutput() PodSecurityAdmissionConfigurationTemplateArrayOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateArrayOutput) ToPodSecurityAdmissionConfigurationTemplateArrayOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateArrayOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateArrayOutput) Index(i pulumi.IntInput) PodSecurityAdmissionConfigurationTemplateOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *PodSecurityAdmissionConfigurationTemplate { + return vs[0].([]*PodSecurityAdmissionConfigurationTemplate)[vs[1].(int)] + }).(PodSecurityAdmissionConfigurationTemplateOutput) +} + +type PodSecurityAdmissionConfigurationTemplateMapOutput struct{ *pulumi.OutputState } + +func (PodSecurityAdmissionConfigurationTemplateMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*PodSecurityAdmissionConfigurationTemplate)(nil)).Elem() +} + +func (o PodSecurityAdmissionConfigurationTemplateMapOutput) ToPodSecurityAdmissionConfigurationTemplateMapOutput() PodSecurityAdmissionConfigurationTemplateMapOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateMapOutput) ToPodSecurityAdmissionConfigurationTemplateMapOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateMapOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateMapOutput) MapIndex(k pulumi.StringInput) PodSecurityAdmissionConfigurationTemplateOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *PodSecurityAdmissionConfigurationTemplate { + return vs[0].(map[string]*PodSecurityAdmissionConfigurationTemplate)[vs[1].(string)] + }).(PodSecurityAdmissionConfigurationTemplateOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateInput)(nil)).Elem(), &PodSecurityAdmissionConfigurationTemplate{}) + pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateArrayInput)(nil)).Elem(), PodSecurityAdmissionConfigurationTemplateArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateMapInput)(nil)).Elem(), PodSecurityAdmissionConfigurationTemplateMap{}) + pulumi.RegisterOutputType(PodSecurityAdmissionConfigurationTemplateOutput{}) + pulumi.RegisterOutputType(PodSecurityAdmissionConfigurationTemplateArrayOutput{}) + pulumi.RegisterOutputType(PodSecurityAdmissionConfigurationTemplateMapOutput{}) +} diff --git a/sdk/go/rancher2/pulumiTypes.go b/sdk/go/rancher2/pulumiTypes.go index 8734078b6..a219f3153 100644 --- a/sdk/go/rancher2/pulumiTypes.go +++ b/sdk/go/rancher2/pulumiTypes.go @@ -61487,6 +61487,413 @@ func (o NotifierWechatConfigPtrOutput) Secret() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } +type PodSecurityAdmissionConfigurationTemplateDefaults struct { + // Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Audit *string `pulumi:"audit"` + // Pod Security Admission Configuration audit version (default: latest) + AuditVersion *string `pulumi:"auditVersion"` + // Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Enforce *string `pulumi:"enforce"` + // Pod Security Admission Configuration enforce version (default: latest) + EnforceVersion *string `pulumi:"enforceVersion"` + // Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Warn *string `pulumi:"warn"` + // Pod Security Admission Configuration warn version (default: latest) + WarnVersion *string `pulumi:"warnVersion"` +} + +// PodSecurityAdmissionConfigurationTemplateDefaultsInput is an input type that accepts PodSecurityAdmissionConfigurationTemplateDefaultsArgs and PodSecurityAdmissionConfigurationTemplateDefaultsOutput values. +// You can construct a concrete instance of `PodSecurityAdmissionConfigurationTemplateDefaultsInput` via: +// +// PodSecurityAdmissionConfigurationTemplateDefaultsArgs{...} +type PodSecurityAdmissionConfigurationTemplateDefaultsInput interface { + pulumi.Input + + ToPodSecurityAdmissionConfigurationTemplateDefaultsOutput() PodSecurityAdmissionConfigurationTemplateDefaultsOutput + ToPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsOutput +} + +type PodSecurityAdmissionConfigurationTemplateDefaultsArgs struct { + // Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Audit pulumi.StringPtrInput `pulumi:"audit"` + // Pod Security Admission Configuration audit version (default: latest) + AuditVersion pulumi.StringPtrInput `pulumi:"auditVersion"` + // Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Enforce pulumi.StringPtrInput `pulumi:"enforce"` + // Pod Security Admission Configuration enforce version (default: latest) + EnforceVersion pulumi.StringPtrInput `pulumi:"enforceVersion"` + // Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Warn pulumi.StringPtrInput `pulumi:"warn"` + // Pod Security Admission Configuration warn version (default: latest) + WarnVersion pulumi.StringPtrInput `pulumi:"warnVersion"` +} + +func (PodSecurityAdmissionConfigurationTemplateDefaultsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateDefaults)(nil)).Elem() +} + +func (i PodSecurityAdmissionConfigurationTemplateDefaultsArgs) ToPodSecurityAdmissionConfigurationTemplateDefaultsOutput() PodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(context.Background()) +} + +func (i PodSecurityAdmissionConfigurationTemplateDefaultsArgs) ToPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateDefaultsOutput) +} + +func (i PodSecurityAdmissionConfigurationTemplateDefaultsArgs) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput() PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(context.Background()) +} + +func (i PodSecurityAdmissionConfigurationTemplateDefaultsArgs) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateDefaultsOutput).ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(ctx) +} + +// PodSecurityAdmissionConfigurationTemplateDefaultsPtrInput is an input type that accepts PodSecurityAdmissionConfigurationTemplateDefaultsArgs, PodSecurityAdmissionConfigurationTemplateDefaultsPtr and PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput values. +// You can construct a concrete instance of `PodSecurityAdmissionConfigurationTemplateDefaultsPtrInput` via: +// +// PodSecurityAdmissionConfigurationTemplateDefaultsArgs{...} +// +// or: +// +// nil +type PodSecurityAdmissionConfigurationTemplateDefaultsPtrInput interface { + pulumi.Input + + ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput() PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput + ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput +} + +type podSecurityAdmissionConfigurationTemplateDefaultsPtrType PodSecurityAdmissionConfigurationTemplateDefaultsArgs + +func PodSecurityAdmissionConfigurationTemplateDefaultsPtr(v *PodSecurityAdmissionConfigurationTemplateDefaultsArgs) PodSecurityAdmissionConfigurationTemplateDefaultsPtrInput { + return (*podSecurityAdmissionConfigurationTemplateDefaultsPtrType)(v) +} + +func (*podSecurityAdmissionConfigurationTemplateDefaultsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**PodSecurityAdmissionConfigurationTemplateDefaults)(nil)).Elem() +} + +func (i *podSecurityAdmissionConfigurationTemplateDefaultsPtrType) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput() PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(context.Background()) +} + +func (i *podSecurityAdmissionConfigurationTemplateDefaultsPtrType) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) +} + +type PodSecurityAdmissionConfigurationTemplateDefaultsOutput struct{ *pulumi.OutputState } + +func (PodSecurityAdmissionConfigurationTemplateDefaultsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateDefaults)(nil)).Elem() +} + +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) ToPodSecurityAdmissionConfigurationTemplateDefaultsOutput() PodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) ToPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput() PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return o.ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(context.Background()) +} + +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v PodSecurityAdmissionConfigurationTemplateDefaults) *PodSecurityAdmissionConfigurationTemplateDefaults { + return &v + }).(PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) +} + +// Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) Audit() pulumi.StringPtrOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.Audit }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration audit version (default: latest) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) AuditVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.AuditVersion }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) Enforce() pulumi.StringPtrOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.Enforce }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration enforce version (default: latest) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) EnforceVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.EnforceVersion }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) Warn() pulumi.StringPtrOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.Warn }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration warn version (default: latest) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsOutput) WarnVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.WarnVersion }).(pulumi.StringPtrOutput) +} + +type PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput struct{ *pulumi.OutputState } + +func (PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**PodSecurityAdmissionConfigurationTemplateDefaults)(nil)).Elem() +} + +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput() PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) ToPodSecurityAdmissionConfigurationTemplateDefaultsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) Elem() PodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateDefaults) PodSecurityAdmissionConfigurationTemplateDefaults { + if v != nil { + return *v + } + var ret PodSecurityAdmissionConfigurationTemplateDefaults + return ret + }).(PodSecurityAdmissionConfigurationTemplateDefaultsOutput) +} + +// Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) Audit() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateDefaults) *string { + if v == nil { + return nil + } + return v.Audit + }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration audit version (default: latest) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) AuditVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateDefaults) *string { + if v == nil { + return nil + } + return v.AuditVersion + }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) Enforce() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateDefaults) *string { + if v == nil { + return nil + } + return v.Enforce + }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration enforce version (default: latest) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) EnforceVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateDefaults) *string { + if v == nil { + return nil + } + return v.EnforceVersion + }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) Warn() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateDefaults) *string { + if v == nil { + return nil + } + return v.Warn + }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration warn version (default: latest) +func (o PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput) WarnVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateDefaults) *string { + if v == nil { + return nil + } + return v.WarnVersion + }).(pulumi.StringPtrOutput) +} + +type PodSecurityAdmissionConfigurationTemplateExemptions struct { + // Pod Security Admission Configuration namespace exemptions + Namespaces []string `pulumi:"namespaces"` + // Pod Security Admission Configuration runtime class exemptions + RuntimeClasses []string `pulumi:"runtimeClasses"` + // Pod Security Admission Configuration username exemptions + Usernames []string `pulumi:"usernames"` +} + +// PodSecurityAdmissionConfigurationTemplateExemptionsInput is an input type that accepts PodSecurityAdmissionConfigurationTemplateExemptionsArgs and PodSecurityAdmissionConfigurationTemplateExemptionsOutput values. +// You can construct a concrete instance of `PodSecurityAdmissionConfigurationTemplateExemptionsInput` via: +// +// PodSecurityAdmissionConfigurationTemplateExemptionsArgs{...} +type PodSecurityAdmissionConfigurationTemplateExemptionsInput interface { + pulumi.Input + + ToPodSecurityAdmissionConfigurationTemplateExemptionsOutput() PodSecurityAdmissionConfigurationTemplateExemptionsOutput + ToPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsOutput +} + +type PodSecurityAdmissionConfigurationTemplateExemptionsArgs struct { + // Pod Security Admission Configuration namespace exemptions + Namespaces pulumi.StringArrayInput `pulumi:"namespaces"` + // Pod Security Admission Configuration runtime class exemptions + RuntimeClasses pulumi.StringArrayInput `pulumi:"runtimeClasses"` + // Pod Security Admission Configuration username exemptions + Usernames pulumi.StringArrayInput `pulumi:"usernames"` +} + +func (PodSecurityAdmissionConfigurationTemplateExemptionsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateExemptions)(nil)).Elem() +} + +func (i PodSecurityAdmissionConfigurationTemplateExemptionsArgs) ToPodSecurityAdmissionConfigurationTemplateExemptionsOutput() PodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(context.Background()) +} + +func (i PodSecurityAdmissionConfigurationTemplateExemptionsArgs) ToPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateExemptionsOutput) +} + +func (i PodSecurityAdmissionConfigurationTemplateExemptionsArgs) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput() PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(context.Background()) +} + +func (i PodSecurityAdmissionConfigurationTemplateExemptionsArgs) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateExemptionsOutput).ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(ctx) +} + +// PodSecurityAdmissionConfigurationTemplateExemptionsPtrInput is an input type that accepts PodSecurityAdmissionConfigurationTemplateExemptionsArgs, PodSecurityAdmissionConfigurationTemplateExemptionsPtr and PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput values. +// You can construct a concrete instance of `PodSecurityAdmissionConfigurationTemplateExemptionsPtrInput` via: +// +// PodSecurityAdmissionConfigurationTemplateExemptionsArgs{...} +// +// or: +// +// nil +type PodSecurityAdmissionConfigurationTemplateExemptionsPtrInput interface { + pulumi.Input + + ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput() PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput + ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput +} + +type podSecurityAdmissionConfigurationTemplateExemptionsPtrType PodSecurityAdmissionConfigurationTemplateExemptionsArgs + +func PodSecurityAdmissionConfigurationTemplateExemptionsPtr(v *PodSecurityAdmissionConfigurationTemplateExemptionsArgs) PodSecurityAdmissionConfigurationTemplateExemptionsPtrInput { + return (*podSecurityAdmissionConfigurationTemplateExemptionsPtrType)(v) +} + +func (*podSecurityAdmissionConfigurationTemplateExemptionsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**PodSecurityAdmissionConfigurationTemplateExemptions)(nil)).Elem() +} + +func (i *podSecurityAdmissionConfigurationTemplateExemptionsPtrType) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput() PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return i.ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(context.Background()) +} + +func (i *podSecurityAdmissionConfigurationTemplateExemptionsPtrType) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) +} + +type PodSecurityAdmissionConfigurationTemplateExemptionsOutput struct{ *pulumi.OutputState } + +func (PodSecurityAdmissionConfigurationTemplateExemptionsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateExemptions)(nil)).Elem() +} + +func (o PodSecurityAdmissionConfigurationTemplateExemptionsOutput) ToPodSecurityAdmissionConfigurationTemplateExemptionsOutput() PodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateExemptionsOutput) ToPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateExemptionsOutput) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput() PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return o.ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(context.Background()) +} + +func (o PodSecurityAdmissionConfigurationTemplateExemptionsOutput) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v PodSecurityAdmissionConfigurationTemplateExemptions) *PodSecurityAdmissionConfigurationTemplateExemptions { + return &v + }).(PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) +} + +// Pod Security Admission Configuration namespace exemptions +func (o PodSecurityAdmissionConfigurationTemplateExemptionsOutput) Namespaces() pulumi.StringArrayOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateExemptions) []string { return v.Namespaces }).(pulumi.StringArrayOutput) +} + +// Pod Security Admission Configuration runtime class exemptions +func (o PodSecurityAdmissionConfigurationTemplateExemptionsOutput) RuntimeClasses() pulumi.StringArrayOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateExemptions) []string { return v.RuntimeClasses }).(pulumi.StringArrayOutput) +} + +// Pod Security Admission Configuration username exemptions +func (o PodSecurityAdmissionConfigurationTemplateExemptionsOutput) Usernames() pulumi.StringArrayOutput { + return o.ApplyT(func(v PodSecurityAdmissionConfigurationTemplateExemptions) []string { return v.Usernames }).(pulumi.StringArrayOutput) +} + +type PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput struct{ *pulumi.OutputState } + +func (PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**PodSecurityAdmissionConfigurationTemplateExemptions)(nil)).Elem() +} + +func (o PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput() PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) ToPodSecurityAdmissionConfigurationTemplateExemptionsPtrOutputWithContext(ctx context.Context) PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput { + return o +} + +func (o PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) Elem() PodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateExemptions) PodSecurityAdmissionConfigurationTemplateExemptions { + if v != nil { + return *v + } + var ret PodSecurityAdmissionConfigurationTemplateExemptions + return ret + }).(PodSecurityAdmissionConfigurationTemplateExemptionsOutput) +} + +// Pod Security Admission Configuration namespace exemptions +func (o PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) Namespaces() pulumi.StringArrayOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateExemptions) []string { + if v == nil { + return nil + } + return v.Namespaces + }).(pulumi.StringArrayOutput) +} + +// Pod Security Admission Configuration runtime class exemptions +func (o PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) RuntimeClasses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateExemptions) []string { + if v == nil { + return nil + } + return v.RuntimeClasses + }).(pulumi.StringArrayOutput) +} + +// Pod Security Admission Configuration username exemptions +func (o PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput) Usernames() pulumi.StringArrayOutput { + return o.ApplyT(func(v *PodSecurityAdmissionConfigurationTemplateExemptions) []string { + if v == nil { + return nil + } + return v.Usernames + }).(pulumi.StringArrayOutput) +} + type PodSecurityPolicyTemplateAllowedCsiDriver struct { // The name of the PodSecurityPolicyTemplate (string) Name string `pulumi:"name"` @@ -99282,173 +99689,6 @@ func (o GetNotifierSlackConfigOutput) Url() pulumi.StringOutput { return o.ApplyT(func(v GetNotifierSlackConfig) string { return v.Url }).(pulumi.StringOutput) } -type GetNotifierSmtpConfig struct { - // SMTP default recipient address - DefaultRecipient string `pulumi:"defaultRecipient"` - // SMTP host - Host string `pulumi:"host"` - // SMTP password - Password *string `pulumi:"password"` - // SMTP port - Port int `pulumi:"port"` - // SMTP sender - Sender string `pulumi:"sender"` - // SMTP TLS - Tls *bool `pulumi:"tls"` - // SMTP username - Username *string `pulumi:"username"` -} - -// GetNotifierSmtpConfigInput is an input type that accepts GetNotifierSmtpConfigArgs and GetNotifierSmtpConfigOutput values. -// You can construct a concrete instance of `GetNotifierSmtpConfigInput` via: -// -// GetNotifierSmtpConfigArgs{...} -type GetNotifierSmtpConfigInput interface { - pulumi.Input - - ToGetNotifierSmtpConfigOutput() GetNotifierSmtpConfigOutput - ToGetNotifierSmtpConfigOutputWithContext(context.Context) GetNotifierSmtpConfigOutput -} - -type GetNotifierSmtpConfigArgs struct { - // SMTP default recipient address - DefaultRecipient pulumi.StringInput `pulumi:"defaultRecipient"` - // SMTP host - Host pulumi.StringInput `pulumi:"host"` - // SMTP password - Password pulumi.StringPtrInput `pulumi:"password"` - // SMTP port - Port pulumi.IntInput `pulumi:"port"` - // SMTP sender - Sender pulumi.StringInput `pulumi:"sender"` - // SMTP TLS - Tls pulumi.BoolPtrInput `pulumi:"tls"` - // SMTP username - Username pulumi.StringPtrInput `pulumi:"username"` -} - -func (GetNotifierSmtpConfigArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetNotifierSmtpConfig)(nil)).Elem() -} - -func (i GetNotifierSmtpConfigArgs) ToGetNotifierSmtpConfigOutput() GetNotifierSmtpConfigOutput { - return i.ToGetNotifierSmtpConfigOutputWithContext(context.Background()) -} - -func (i GetNotifierSmtpConfigArgs) ToGetNotifierSmtpConfigOutputWithContext(ctx context.Context) GetNotifierSmtpConfigOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetNotifierSmtpConfigOutput) -} - -type GetNotifierSmtpConfigOutput struct{ *pulumi.OutputState } - -func (GetNotifierSmtpConfigOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetNotifierSmtpConfig)(nil)).Elem() -} - -func (o GetNotifierSmtpConfigOutput) ToGetNotifierSmtpConfigOutput() GetNotifierSmtpConfigOutput { - return o -} - -func (o GetNotifierSmtpConfigOutput) ToGetNotifierSmtpConfigOutputWithContext(ctx context.Context) GetNotifierSmtpConfigOutput { - return o -} - -// SMTP default recipient address -func (o GetNotifierSmtpConfigOutput) DefaultRecipient() pulumi.StringOutput { - return o.ApplyT(func(v GetNotifierSmtpConfig) string { return v.DefaultRecipient }).(pulumi.StringOutput) -} - -// SMTP host -func (o GetNotifierSmtpConfigOutput) Host() pulumi.StringOutput { - return o.ApplyT(func(v GetNotifierSmtpConfig) string { return v.Host }).(pulumi.StringOutput) -} - -// SMTP password -func (o GetNotifierSmtpConfigOutput) Password() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetNotifierSmtpConfig) *string { return v.Password }).(pulumi.StringPtrOutput) -} - -// SMTP port -func (o GetNotifierSmtpConfigOutput) Port() pulumi.IntOutput { - return o.ApplyT(func(v GetNotifierSmtpConfig) int { return v.Port }).(pulumi.IntOutput) -} - -// SMTP sender -func (o GetNotifierSmtpConfigOutput) Sender() pulumi.StringOutput { - return o.ApplyT(func(v GetNotifierSmtpConfig) string { return v.Sender }).(pulumi.StringOutput) -} - -// SMTP TLS -func (o GetNotifierSmtpConfigOutput) Tls() pulumi.BoolPtrOutput { - return o.ApplyT(func(v GetNotifierSmtpConfig) *bool { return v.Tls }).(pulumi.BoolPtrOutput) -} - -// SMTP username -func (o GetNotifierSmtpConfigOutput) Username() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetNotifierSmtpConfig) *string { return v.Username }).(pulumi.StringPtrOutput) -} - -type GetNotifierWebhookConfig struct { - // Webhook proxy URL - ProxyUrl *string `pulumi:"proxyUrl"` - // Webhook URL - Url string `pulumi:"url"` -} - -// GetNotifierWebhookConfigInput is an input type that accepts GetNotifierWebhookConfigArgs and GetNotifierWebhookConfigOutput values. -// You can construct a concrete instance of `GetNotifierWebhookConfigInput` via: -// -// GetNotifierWebhookConfigArgs{...} -type GetNotifierWebhookConfigInput interface { - pulumi.Input - - ToGetNotifierWebhookConfigOutput() GetNotifierWebhookConfigOutput - ToGetNotifierWebhookConfigOutputWithContext(context.Context) GetNotifierWebhookConfigOutput -} - -type GetNotifierWebhookConfigArgs struct { - // Webhook proxy URL - ProxyUrl pulumi.StringPtrInput `pulumi:"proxyUrl"` - // Webhook URL - Url pulumi.StringInput `pulumi:"url"` -} - -func (GetNotifierWebhookConfigArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetNotifierWebhookConfig)(nil)).Elem() -} - -func (i GetNotifierWebhookConfigArgs) ToGetNotifierWebhookConfigOutput() GetNotifierWebhookConfigOutput { - return i.ToGetNotifierWebhookConfigOutputWithContext(context.Background()) -} - -func (i GetNotifierWebhookConfigArgs) ToGetNotifierWebhookConfigOutputWithContext(ctx context.Context) GetNotifierWebhookConfigOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetNotifierWebhookConfigOutput) -} - -type GetNotifierWebhookConfigOutput struct{ *pulumi.OutputState } - -func (GetNotifierWebhookConfigOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetNotifierWebhookConfig)(nil)).Elem() -} - -func (o GetNotifierWebhookConfigOutput) ToGetNotifierWebhookConfigOutput() GetNotifierWebhookConfigOutput { - return o -} - -func (o GetNotifierWebhookConfigOutput) ToGetNotifierWebhookConfigOutputWithContext(ctx context.Context) GetNotifierWebhookConfigOutput { - return o -} - -// Webhook proxy URL -func (o GetNotifierWebhookConfigOutput) ProxyUrl() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetNotifierWebhookConfig) *string { return v.ProxyUrl }).(pulumi.StringPtrOutput) -} - -// Webhook URL -func (o GetNotifierWebhookConfigOutput) Url() pulumi.StringOutput { - return o.ApplyT(func(v GetNotifierWebhookConfig) string { return v.Url }).(pulumi.StringOutput) -} - func init() { pulumi.RegisterInputType(reflect.TypeOf((*CloudCredentialAmazonec2CredentialConfigInput)(nil)).Elem(), CloudCredentialAmazonec2CredentialConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CloudCredentialAmazonec2CredentialConfigPtrInput)(nil)).Elem(), CloudCredentialAmazonec2CredentialConfigArgs{}) @@ -99963,6 +100203,10 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*NotifierWebhookConfigPtrInput)(nil)).Elem(), NotifierWebhookConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*NotifierWechatConfigInput)(nil)).Elem(), NotifierWechatConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*NotifierWechatConfigPtrInput)(nil)).Elem(), NotifierWechatConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateDefaultsInput)(nil)).Elem(), PodSecurityAdmissionConfigurationTemplateDefaultsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateDefaultsPtrInput)(nil)).Elem(), PodSecurityAdmissionConfigurationTemplateDefaultsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateExemptionsInput)(nil)).Elem(), PodSecurityAdmissionConfigurationTemplateExemptionsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityAdmissionConfigurationTemplateExemptionsPtrInput)(nil)).Elem(), PodSecurityAdmissionConfigurationTemplateExemptionsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityPolicyTemplateAllowedCsiDriverInput)(nil)).Elem(), PodSecurityPolicyTemplateAllowedCsiDriverArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityPolicyTemplateAllowedCsiDriverArrayInput)(nil)).Elem(), PodSecurityPolicyTemplateAllowedCsiDriverArray{}) pulumi.RegisterInputType(reflect.TypeOf((*PodSecurityPolicyTemplateAllowedFlexVolumeInput)(nil)).Elem(), PodSecurityPolicyTemplateAllowedFlexVolumeArgs{}) @@ -100364,8 +100608,6 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierMsteamsConfigPtrInput)(nil)).Elem(), GetNotifierMsteamsConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierPagerdutyConfigInput)(nil)).Elem(), GetNotifierPagerdutyConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierSlackConfigInput)(nil)).Elem(), GetNotifierSlackConfigArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierSmtpConfigInput)(nil)).Elem(), GetNotifierSmtpConfigArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierWebhookConfigInput)(nil)).Elem(), GetNotifierWebhookConfigArgs{}) pulumi.RegisterOutputType(CloudCredentialAmazonec2CredentialConfigOutput{}) pulumi.RegisterOutputType(CloudCredentialAmazonec2CredentialConfigPtrOutput{}) pulumi.RegisterOutputType(CloudCredentialAzureCredentialConfigOutput{}) @@ -100879,6 +101121,10 @@ func init() { pulumi.RegisterOutputType(NotifierWebhookConfigPtrOutput{}) pulumi.RegisterOutputType(NotifierWechatConfigOutput{}) pulumi.RegisterOutputType(NotifierWechatConfigPtrOutput{}) + pulumi.RegisterOutputType(PodSecurityAdmissionConfigurationTemplateDefaultsOutput{}) + pulumi.RegisterOutputType(PodSecurityAdmissionConfigurationTemplateDefaultsPtrOutput{}) + pulumi.RegisterOutputType(PodSecurityAdmissionConfigurationTemplateExemptionsOutput{}) + pulumi.RegisterOutputType(PodSecurityAdmissionConfigurationTemplateExemptionsPtrOutput{}) pulumi.RegisterOutputType(PodSecurityPolicyTemplateAllowedCsiDriverOutput{}) pulumi.RegisterOutputType(PodSecurityPolicyTemplateAllowedCsiDriverArrayOutput{}) pulumi.RegisterOutputType(PodSecurityPolicyTemplateAllowedFlexVolumeOutput{}) @@ -101280,6 +101526,4 @@ func init() { pulumi.RegisterOutputType(GetNotifierMsteamsConfigPtrOutput{}) pulumi.RegisterOutputType(GetNotifierPagerdutyConfigOutput{}) pulumi.RegisterOutputType(GetNotifierSlackConfigOutput{}) - pulumi.RegisterOutputType(GetNotifierSmtpConfigOutput{}) - pulumi.RegisterOutputType(GetNotifierWebhookConfigOutput{}) } diff --git a/sdk/go/rancher2/pulumiTypes1.go b/sdk/go/rancher2/pulumiTypes1.go index 38b9158cd..e910c163a 100644 --- a/sdk/go/rancher2/pulumiTypes1.go +++ b/sdk/go/rancher2/pulumiTypes1.go @@ -13,6 +13,173 @@ import ( var _ = internal.GetEnvOrDefault +type GetNotifierSmtpConfig struct { + // SMTP default recipient address + DefaultRecipient string `pulumi:"defaultRecipient"` + // SMTP host + Host string `pulumi:"host"` + // SMTP password + Password *string `pulumi:"password"` + // SMTP port + Port int `pulumi:"port"` + // SMTP sender + Sender string `pulumi:"sender"` + // SMTP TLS + Tls *bool `pulumi:"tls"` + // SMTP username + Username *string `pulumi:"username"` +} + +// GetNotifierSmtpConfigInput is an input type that accepts GetNotifierSmtpConfigArgs and GetNotifierSmtpConfigOutput values. +// You can construct a concrete instance of `GetNotifierSmtpConfigInput` via: +// +// GetNotifierSmtpConfigArgs{...} +type GetNotifierSmtpConfigInput interface { + pulumi.Input + + ToGetNotifierSmtpConfigOutput() GetNotifierSmtpConfigOutput + ToGetNotifierSmtpConfigOutputWithContext(context.Context) GetNotifierSmtpConfigOutput +} + +type GetNotifierSmtpConfigArgs struct { + // SMTP default recipient address + DefaultRecipient pulumi.StringInput `pulumi:"defaultRecipient"` + // SMTP host + Host pulumi.StringInput `pulumi:"host"` + // SMTP password + Password pulumi.StringPtrInput `pulumi:"password"` + // SMTP port + Port pulumi.IntInput `pulumi:"port"` + // SMTP sender + Sender pulumi.StringInput `pulumi:"sender"` + // SMTP TLS + Tls pulumi.BoolPtrInput `pulumi:"tls"` + // SMTP username + Username pulumi.StringPtrInput `pulumi:"username"` +} + +func (GetNotifierSmtpConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetNotifierSmtpConfig)(nil)).Elem() +} + +func (i GetNotifierSmtpConfigArgs) ToGetNotifierSmtpConfigOutput() GetNotifierSmtpConfigOutput { + return i.ToGetNotifierSmtpConfigOutputWithContext(context.Background()) +} + +func (i GetNotifierSmtpConfigArgs) ToGetNotifierSmtpConfigOutputWithContext(ctx context.Context) GetNotifierSmtpConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetNotifierSmtpConfigOutput) +} + +type GetNotifierSmtpConfigOutput struct{ *pulumi.OutputState } + +func (GetNotifierSmtpConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetNotifierSmtpConfig)(nil)).Elem() +} + +func (o GetNotifierSmtpConfigOutput) ToGetNotifierSmtpConfigOutput() GetNotifierSmtpConfigOutput { + return o +} + +func (o GetNotifierSmtpConfigOutput) ToGetNotifierSmtpConfigOutputWithContext(ctx context.Context) GetNotifierSmtpConfigOutput { + return o +} + +// SMTP default recipient address +func (o GetNotifierSmtpConfigOutput) DefaultRecipient() pulumi.StringOutput { + return o.ApplyT(func(v GetNotifierSmtpConfig) string { return v.DefaultRecipient }).(pulumi.StringOutput) +} + +// SMTP host +func (o GetNotifierSmtpConfigOutput) Host() pulumi.StringOutput { + return o.ApplyT(func(v GetNotifierSmtpConfig) string { return v.Host }).(pulumi.StringOutput) +} + +// SMTP password +func (o GetNotifierSmtpConfigOutput) Password() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetNotifierSmtpConfig) *string { return v.Password }).(pulumi.StringPtrOutput) +} + +// SMTP port +func (o GetNotifierSmtpConfigOutput) Port() pulumi.IntOutput { + return o.ApplyT(func(v GetNotifierSmtpConfig) int { return v.Port }).(pulumi.IntOutput) +} + +// SMTP sender +func (o GetNotifierSmtpConfigOutput) Sender() pulumi.StringOutput { + return o.ApplyT(func(v GetNotifierSmtpConfig) string { return v.Sender }).(pulumi.StringOutput) +} + +// SMTP TLS +func (o GetNotifierSmtpConfigOutput) Tls() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetNotifierSmtpConfig) *bool { return v.Tls }).(pulumi.BoolPtrOutput) +} + +// SMTP username +func (o GetNotifierSmtpConfigOutput) Username() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetNotifierSmtpConfig) *string { return v.Username }).(pulumi.StringPtrOutput) +} + +type GetNotifierWebhookConfig struct { + // Webhook proxy URL + ProxyUrl *string `pulumi:"proxyUrl"` + // Webhook URL + Url string `pulumi:"url"` +} + +// GetNotifierWebhookConfigInput is an input type that accepts GetNotifierWebhookConfigArgs and GetNotifierWebhookConfigOutput values. +// You can construct a concrete instance of `GetNotifierWebhookConfigInput` via: +// +// GetNotifierWebhookConfigArgs{...} +type GetNotifierWebhookConfigInput interface { + pulumi.Input + + ToGetNotifierWebhookConfigOutput() GetNotifierWebhookConfigOutput + ToGetNotifierWebhookConfigOutputWithContext(context.Context) GetNotifierWebhookConfigOutput +} + +type GetNotifierWebhookConfigArgs struct { + // Webhook proxy URL + ProxyUrl pulumi.StringPtrInput `pulumi:"proxyUrl"` + // Webhook URL + Url pulumi.StringInput `pulumi:"url"` +} + +func (GetNotifierWebhookConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetNotifierWebhookConfig)(nil)).Elem() +} + +func (i GetNotifierWebhookConfigArgs) ToGetNotifierWebhookConfigOutput() GetNotifierWebhookConfigOutput { + return i.ToGetNotifierWebhookConfigOutputWithContext(context.Background()) +} + +func (i GetNotifierWebhookConfigArgs) ToGetNotifierWebhookConfigOutputWithContext(ctx context.Context) GetNotifierWebhookConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetNotifierWebhookConfigOutput) +} + +type GetNotifierWebhookConfigOutput struct{ *pulumi.OutputState } + +func (GetNotifierWebhookConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetNotifierWebhookConfig)(nil)).Elem() +} + +func (o GetNotifierWebhookConfigOutput) ToGetNotifierWebhookConfigOutput() GetNotifierWebhookConfigOutput { + return o +} + +func (o GetNotifierWebhookConfigOutput) ToGetNotifierWebhookConfigOutputWithContext(ctx context.Context) GetNotifierWebhookConfigOutput { + return o +} + +// Webhook proxy URL +func (o GetNotifierWebhookConfigOutput) ProxyUrl() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetNotifierWebhookConfig) *string { return v.ProxyUrl }).(pulumi.StringPtrOutput) +} + +// Webhook URL +func (o GetNotifierWebhookConfigOutput) Url() pulumi.StringOutput { + return o.ApplyT(func(v GetNotifierWebhookConfig) string { return v.Url }).(pulumi.StringOutput) +} + type GetNotifierWechatConfig struct { // Wechat application agent ID Agent string `pulumi:"agent"` @@ -110,6 +277,173 @@ func (o GetNotifierWechatConfigOutput) Secret() pulumi.StringOutput { return o.ApplyT(func(v GetNotifierWechatConfig) string { return v.Secret }).(pulumi.StringOutput) } +type GetPodSecurityAdmissionConfigurationTemplateDefaults struct { + // Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Audit *string `pulumi:"audit"` + // Pod Security Admission Configuration audit version (default: latest) + AuditVersion *string `pulumi:"auditVersion"` + // Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Enforce *string `pulumi:"enforce"` + // Pod Security Admission Configuration enforce version (default: latest) + EnforceVersion *string `pulumi:"enforceVersion"` + // Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Warn *string `pulumi:"warn"` + // Pod Security Admission Configuration warn version (default: latest) + WarnVersion *string `pulumi:"warnVersion"` +} + +// GetPodSecurityAdmissionConfigurationTemplateDefaultsInput is an input type that accepts GetPodSecurityAdmissionConfigurationTemplateDefaultsArgs and GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput values. +// You can construct a concrete instance of `GetPodSecurityAdmissionConfigurationTemplateDefaultsInput` via: +// +// GetPodSecurityAdmissionConfigurationTemplateDefaultsArgs{...} +type GetPodSecurityAdmissionConfigurationTemplateDefaultsInput interface { + pulumi.Input + + ToGetPodSecurityAdmissionConfigurationTemplateDefaultsOutput() GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput + ToGetPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(context.Context) GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput +} + +type GetPodSecurityAdmissionConfigurationTemplateDefaultsArgs struct { + // Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Audit pulumi.StringPtrInput `pulumi:"audit"` + // Pod Security Admission Configuration audit version (default: latest) + AuditVersion pulumi.StringPtrInput `pulumi:"auditVersion"` + // Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Enforce pulumi.StringPtrInput `pulumi:"enforce"` + // Pod Security Admission Configuration enforce version (default: latest) + EnforceVersion pulumi.StringPtrInput `pulumi:"enforceVersion"` + // Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + Warn pulumi.StringPtrInput `pulumi:"warn"` + // Pod Security Admission Configuration warn version (default: latest) + WarnVersion pulumi.StringPtrInput `pulumi:"warnVersion"` +} + +func (GetPodSecurityAdmissionConfigurationTemplateDefaultsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetPodSecurityAdmissionConfigurationTemplateDefaults)(nil)).Elem() +} + +func (i GetPodSecurityAdmissionConfigurationTemplateDefaultsArgs) ToGetPodSecurityAdmissionConfigurationTemplateDefaultsOutput() GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return i.ToGetPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(context.Background()) +} + +func (i GetPodSecurityAdmissionConfigurationTemplateDefaultsArgs) ToGetPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(ctx context.Context) GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) +} + +type GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput struct{ *pulumi.OutputState } + +func (GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetPodSecurityAdmissionConfigurationTemplateDefaults)(nil)).Elem() +} + +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) ToGetPodSecurityAdmissionConfigurationTemplateDefaultsOutput() GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return o +} + +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) ToGetPodSecurityAdmissionConfigurationTemplateDefaultsOutputWithContext(ctx context.Context) GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput { + return o +} + +// Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) Audit() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.Audit }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration audit version (default: latest) +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) AuditVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.AuditVersion }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) Enforce() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.Enforce }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration enforce version (default: latest) +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) EnforceVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.EnforceVersion }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) Warn() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.Warn }).(pulumi.StringPtrOutput) +} + +// Pod Security Admission Configuration warn version (default: latest) +func (o GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput) WarnVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateDefaults) *string { return v.WarnVersion }).(pulumi.StringPtrOutput) +} + +type GetPodSecurityAdmissionConfigurationTemplateExemptions struct { + // Pod Security Admission Configuration namespace exemptions + Namespaces []string `pulumi:"namespaces"` + // Pod Security Admission Configuration runtime class exemptions + RuntimeClasses []string `pulumi:"runtimeClasses"` + // Pod Security Admission Configuration username exemptions + Usernames []string `pulumi:"usernames"` +} + +// GetPodSecurityAdmissionConfigurationTemplateExemptionsInput is an input type that accepts GetPodSecurityAdmissionConfigurationTemplateExemptionsArgs and GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput values. +// You can construct a concrete instance of `GetPodSecurityAdmissionConfigurationTemplateExemptionsInput` via: +// +// GetPodSecurityAdmissionConfigurationTemplateExemptionsArgs{...} +type GetPodSecurityAdmissionConfigurationTemplateExemptionsInput interface { + pulumi.Input + + ToGetPodSecurityAdmissionConfigurationTemplateExemptionsOutput() GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput + ToGetPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(context.Context) GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput +} + +type GetPodSecurityAdmissionConfigurationTemplateExemptionsArgs struct { + // Pod Security Admission Configuration namespace exemptions + Namespaces pulumi.StringArrayInput `pulumi:"namespaces"` + // Pod Security Admission Configuration runtime class exemptions + RuntimeClasses pulumi.StringArrayInput `pulumi:"runtimeClasses"` + // Pod Security Admission Configuration username exemptions + Usernames pulumi.StringArrayInput `pulumi:"usernames"` +} + +func (GetPodSecurityAdmissionConfigurationTemplateExemptionsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetPodSecurityAdmissionConfigurationTemplateExemptions)(nil)).Elem() +} + +func (i GetPodSecurityAdmissionConfigurationTemplateExemptionsArgs) ToGetPodSecurityAdmissionConfigurationTemplateExemptionsOutput() GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return i.ToGetPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(context.Background()) +} + +func (i GetPodSecurityAdmissionConfigurationTemplateExemptionsArgs) ToGetPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(ctx context.Context) GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) +} + +type GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput struct{ *pulumi.OutputState } + +func (GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetPodSecurityAdmissionConfigurationTemplateExemptions)(nil)).Elem() +} + +func (o GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) ToGetPodSecurityAdmissionConfigurationTemplateExemptionsOutput() GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return o +} + +func (o GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) ToGetPodSecurityAdmissionConfigurationTemplateExemptionsOutputWithContext(ctx context.Context) GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput { + return o +} + +// Pod Security Admission Configuration namespace exemptions +func (o GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) Namespaces() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateExemptions) []string { return v.Namespaces }).(pulumi.StringArrayOutput) +} + +// Pod Security Admission Configuration runtime class exemptions +func (o GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) RuntimeClasses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateExemptions) []string { return v.RuntimeClasses }).(pulumi.StringArrayOutput) +} + +// Pod Security Admission Configuration username exemptions +func (o GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput) Usernames() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetPodSecurityAdmissionConfigurationTemplateExemptions) []string { return v.Usernames }).(pulumi.StringArrayOutput) +} + type GetPodSecurityPolicyTemplateAllowedCsiDriver struct { // The name of the PodSecurityPolicyTemplate (string) Name string `pulumi:"name"` @@ -3047,7 +3381,11 @@ func (o GetRoleTemplateRuleArrayOutput) Index(i pulumi.IntInput) GetRoleTemplate } func init() { + pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierSmtpConfigInput)(nil)).Elem(), GetNotifierSmtpConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierWebhookConfigInput)(nil)).Elem(), GetNotifierWebhookConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetNotifierWechatConfigInput)(nil)).Elem(), GetNotifierWechatConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetPodSecurityAdmissionConfigurationTemplateDefaultsInput)(nil)).Elem(), GetPodSecurityAdmissionConfigurationTemplateDefaultsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetPodSecurityAdmissionConfigurationTemplateExemptionsInput)(nil)).Elem(), GetPodSecurityAdmissionConfigurationTemplateExemptionsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetPodSecurityPolicyTemplateAllowedCsiDriverInput)(nil)).Elem(), GetPodSecurityPolicyTemplateAllowedCsiDriverArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetPodSecurityPolicyTemplateAllowedCsiDriverArrayInput)(nil)).Elem(), GetPodSecurityPolicyTemplateAllowedCsiDriverArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetPodSecurityPolicyTemplateAllowedFlexVolumeInput)(nil)).Elem(), GetPodSecurityPolicyTemplateAllowedFlexVolumeArgs{}) @@ -3091,7 +3429,11 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetRegistryRegistryArrayInput)(nil)).Elem(), GetRegistryRegistryArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetRoleTemplateRuleInput)(nil)).Elem(), GetRoleTemplateRuleArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetRoleTemplateRuleArrayInput)(nil)).Elem(), GetRoleTemplateRuleArray{}) + pulumi.RegisterOutputType(GetNotifierSmtpConfigOutput{}) + pulumi.RegisterOutputType(GetNotifierWebhookConfigOutput{}) pulumi.RegisterOutputType(GetNotifierWechatConfigOutput{}) + pulumi.RegisterOutputType(GetPodSecurityAdmissionConfigurationTemplateDefaultsOutput{}) + pulumi.RegisterOutputType(GetPodSecurityAdmissionConfigurationTemplateExemptionsOutput{}) pulumi.RegisterOutputType(GetPodSecurityPolicyTemplateAllowedCsiDriverOutput{}) pulumi.RegisterOutputType(GetPodSecurityPolicyTemplateAllowedCsiDriverArrayOutput{}) pulumi.RegisterOutputType(GetPodSecurityPolicyTemplateAllowedFlexVolumeOutput{}) diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/Cluster.java b/sdk/java/src/main/java/com/pulumi/rancher2/Cluster.java index b920c1efa..bfd0dcb73 100644 --- a/sdk/java/src/main/java/com/pulumi/rancher2/Cluster.java +++ b/sdk/java/src/main/java/com/pulumi/rancher2/Cluster.java @@ -567,6 +567,70 @@ * ``` * <!--End PulumiCodeChooser --> * + * ### Creating Rancher v2 RKE cluster with Pod Security Admission Configuration Template (PSACT). For Rancher v2.7.2 and above. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.rancher2.PodSecurityAdmissionConfigurationTemplate; + * import com.pulumi.rancher2.PodSecurityAdmissionConfigurationTemplateArgs; + * import com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateDefaultsArgs; + * import com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateExemptionsArgs; + * import com.pulumi.rancher2.Cluster; + * import com.pulumi.rancher2.ClusterArgs; + * import com.pulumi.rancher2.inputs.ClusterRkeConfigArgs; + * import com.pulumi.rancher2.inputs.ClusterRkeConfigNetworkArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var fooPodSecurityAdmissionConfigurationTemplate = new PodSecurityAdmissionConfigurationTemplate("fooPodSecurityAdmissionConfigurationTemplate", PodSecurityAdmissionConfigurationTemplateArgs.builder() + * .defaults(PodSecurityAdmissionConfigurationTemplateDefaultsArgs.builder() + * .audit("restricted") + * .auditVersion("latest") + * .enforce("restricted") + * .enforceVersion("latest") + * .warn("restricted") + * .warnVersion("latest") + * .build()) + * .description("This is my custom Pod Security Admission Configuration Template") + * .exemptions(PodSecurityAdmissionConfigurationTemplateExemptionsArgs.builder() + * .namespaces( + * "ingress-nginx", + * "kube-system") + * .runtimeClasses("testclass") + * .usernames("testuser") + * .build()) + * .build()); + * + * var fooCluster = new Cluster("fooCluster", ClusterArgs.builder() + * .defaultPodSecurityAdmissionConfigurationTemplateName("<name>") + * .description("Terraform cluster with PSACT") + * .rkeConfig(ClusterRkeConfigArgs.builder() + * .network(ClusterRkeConfigNetworkArgs.builder() + * .plugin("canal") + * .build()) + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ### Importing EKS cluster to Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above. * * <!--Start PulumiCodeChooser --> @@ -598,8 +662,8 @@ * var fooCloudCredential = new CloudCredential("fooCloudCredential", CloudCredentialArgs.builder() * .description("foo test") * .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder() - * .accessKey("<AWS_ACCESS_KEY>") - * .secretKey("<AWS_SECRET_KEY>") + * .accessKey("<aws-access-key>") + * .secretKey("<aws-secret-key>") * .build()) * .build()); * @@ -607,8 +671,8 @@ * .description("Terraform EKS cluster") * .eksConfigV2(ClusterEksConfigV2Args.builder() * .cloudCredentialId(fooCloudCredential.id()) - * .name("<CLUSTER_NAME>") - * .region("<EKS_REGION>") + * .name("<cluster-name>") + * .region("<eks-region>") * .imported(true) * .build()) * .build()); @@ -649,8 +713,8 @@ * var fooCloudCredential = new CloudCredential("fooCloudCredential", CloudCredentialArgs.builder() * .description("foo test") * .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder() - * .accessKey("<AWS_ACCESS_KEY>") - * .secretKey("<AWS_SECRET_KEY>") + * .accessKey("<aws-access-key>") + * .secretKey("<aws-secret-key>") * .build()) * .build()); * @@ -689,6 +753,8 @@ * * ### Creating EKS cluster from Rancher v2, using `eks_config_v2` and launch template. For Rancher v2.5.6 and above. * + * Note: To use `launch_template` you must provide the ID (seen as `<EC2_LAUNCH_TEMPLATE_ID>`) to the template either as a static value. Or fetched via AWS data-source using one of: aws_ami first and provide the ID to that. + * * <!--Start PulumiCodeChooser --> * ```java * package generated_program; @@ -718,8 +784,8 @@ * var fooCloudCredential = new CloudCredential("fooCloudCredential", CloudCredentialArgs.builder() * .description("foo test") * .amazonec2CredentialConfig(CloudCredentialAmazonec2CredentialConfigArgs.builder() - * .accessKey("<AWS_ACCESS_KEY>") - * .secretKey("<AWS_SECRET_KEY>") + * .accessKey("<aws-access-key>") + * .secretKey("<aws-secret-key>") * .build()) * .build()); * @@ -737,7 +803,7 @@ * .maxSize(5) * .name("node_group1") * .launchTemplates(ClusterEksConfigV2NodeGroupLaunchTemplateArgs.builder() - * .id("<EC2_LAUNCH_TEMPLATE_ID>") + * .id("<ec2-launch-template-id>") * .version(1) * .build()) * .build()) @@ -781,9 +847,9 @@ * public static void stack(Context ctx) { * var foo_aks = new CloudCredential("foo-aks", CloudCredentialArgs.builder() * .azureCredentialConfig(CloudCredentialAzureCredentialConfigArgs.builder() - * .clientId("<CLIENT_ID>") - * .clientSecret("<CLIENT_SECRET>") - * .subscriptionId("<SUBSCRIPTION_ID>") + * .clientId("<client-id>") + * .clientSecret("<client-secret>") + * .subscriptionId("<subscription-id>") * .build()) * .build()); * @@ -791,18 +857,18 @@ * .description("Terraform AKS cluster") * .aksConfigV2(ClusterAksConfigV2Args.builder() * .cloudCredentialId(foo_aks.id()) - * .resourceGroup("<RESOURCE_GROUP>") - * .resourceLocation("<RESOURCE_LOCATION>") - * .dnsPrefix("<DNS_PREFIX>") + * .resourceGroup("<resource-group>") + * .resourceLocation("<resource-location>") + * .dnsPrefix("<dns-prefix>") * .kubernetesVersion("1.24.6") - * .networkPlugin("<NETWORK_PLUGIN>") + * .networkPlugin("<network-plugin>") * .nodePools( * ClusterAksConfigV2NodePoolArgs.builder() * .availabilityZones( * "1", * "2", * "3") - * .name("<NODEPOOL_NAME_1>") + * .name("<nodepool-name-1>") * .mode("System") * .count(1) * .orchestratorVersion("1.21.2") @@ -814,7 +880,7 @@ * "1", * "2", * "3") - * .name("<NODEPOOL_NAME_2>") + * .name("<nodepool-name-2>") * .count(1) * .mode("User") * .orchestratorVersion("1.21.2") @@ -1029,14 +1095,14 @@ public Output> clusterTemplateRevisionId() { return Codegen.optional(this.clusterTemplateRevisionId); } /** - * Cluster default pod security admission configuration template name (string) + * The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * */ @Export(name="defaultPodSecurityAdmissionConfigurationTemplateName", refs={String.class}, tree="[0]") private Output defaultPodSecurityAdmissionConfigurationTemplateName; /** - * @return Cluster default pod security admission configuration template name (string) + * @return The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * */ public Output defaultPodSecurityAdmissionConfigurationTemplateName() { diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/ClusterArgs.java b/sdk/java/src/main/java/com/pulumi/rancher2/ClusterArgs.java index 6709eb8c8..0b0450681 100644 --- a/sdk/java/src/main/java/com/pulumi/rancher2/ClusterArgs.java +++ b/sdk/java/src/main/java/com/pulumi/rancher2/ClusterArgs.java @@ -202,14 +202,14 @@ public Optional> clusterTemplateRevisionId() { } /** - * Cluster default pod security admission configuration template name (string) + * The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * */ @Import(name="defaultPodSecurityAdmissionConfigurationTemplateName") private @Nullable Output defaultPodSecurityAdmissionConfigurationTemplateName; /** - * @return Cluster default pod security admission configuration template name (string) + * @return The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * */ public Optional> defaultPodSecurityAdmissionConfigurationTemplateName() { @@ -865,7 +865,7 @@ public Builder clusterTemplateRevisionId(String clusterTemplateRevisionId) { } /** - * @param defaultPodSecurityAdmissionConfigurationTemplateName Cluster default pod security admission configuration template name (string) + * @param defaultPodSecurityAdmissionConfigurationTemplateName The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * * @return builder * @@ -876,7 +876,7 @@ public Builder defaultPodSecurityAdmissionConfigurationTemplateName(@Nullable Ou } /** - * @param defaultPodSecurityAdmissionConfigurationTemplateName Cluster default pod security admission configuration template name (string) + * @param defaultPodSecurityAdmissionConfigurationTemplateName The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplate.java b/sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplate.java new file mode 100644 index 000000000..83de33f65 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplate.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.rancher2.PodSecurityAdmissionConfigurationTemplateArgs; +import com.pulumi.rancher2.Utilities; +import com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateState; +import com.pulumi.rancher2.outputs.PodSecurityAdmissionConfigurationTemplateDefaults; +import com.pulumi.rancher2.outputs.PodSecurityAdmissionConfigurationTemplateExemptions; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +@ResourceType(type="rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate") +public class PodSecurityAdmissionConfigurationTemplate extends com.pulumi.resources.CustomResource { + /** + * Annotations of the resource + * + */ + @Export(name="annotations", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") + private Output> annotations; + + /** + * @return Annotations of the resource + * + */ + public Output> annotations() { + return this.annotations; + } + /** + * defaults allows the user to define admission control mode for Pod Security + * + */ + @Export(name="defaults", refs={PodSecurityAdmissionConfigurationTemplateDefaults.class}, tree="[0]") + private Output defaults; + + /** + * @return defaults allows the user to define admission control mode for Pod Security + * + */ + public Output defaults() { + return this.defaults; + } + /** + * Pod Security Admission Configuration template description + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return Pod Security Admission Configuration template description + * + */ + public Output> description() { + return Codegen.optional(this.description); + } + /** + * exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + */ + @Export(name="exemptions", refs={PodSecurityAdmissionConfigurationTemplateExemptions.class}, tree="[0]") + private Output exemptions; + + /** + * @return exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + */ + public Output> exemptions() { + return Codegen.optional(this.exemptions); + } + /** + * Labels of the resource + * + */ + @Export(name="labels", refs={Map.class,String.class,Object.class}, tree="[0,1,2]") + private Output> labels; + + /** + * @return Labels of the resource + * + */ + public Output> labels() { + return this.labels; + } + /** + * Pod Security Admission Configuration template name + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Pod Security Admission Configuration template name + * + */ + public Output name() { + return this.name; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public PodSecurityAdmissionConfigurationTemplate(String name) { + this(name, PodSecurityAdmissionConfigurationTemplateArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public PodSecurityAdmissionConfigurationTemplate(String name, PodSecurityAdmissionConfigurationTemplateArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public PodSecurityAdmissionConfigurationTemplate(String name, PodSecurityAdmissionConfigurationTemplateArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate", name, args == null ? PodSecurityAdmissionConfigurationTemplateArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private PodSecurityAdmissionConfigurationTemplate(String name, Output id, @Nullable PodSecurityAdmissionConfigurationTemplateState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static PodSecurityAdmissionConfigurationTemplate get(String name, Output id, @Nullable PodSecurityAdmissionConfigurationTemplateState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new PodSecurityAdmissionConfigurationTemplate(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplateArgs.java b/sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplateArgs.java new file mode 100644 index 000000000..a2cc7660b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/PodSecurityAdmissionConfigurationTemplateArgs.java @@ -0,0 +1,280 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateDefaultsArgs; +import com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateExemptionsArgs; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PodSecurityAdmissionConfigurationTemplateArgs extends com.pulumi.resources.ResourceArgs { + + public static final PodSecurityAdmissionConfigurationTemplateArgs Empty = new PodSecurityAdmissionConfigurationTemplateArgs(); + + /** + * Annotations of the resource + * + */ + @Import(name="annotations") + private @Nullable Output> annotations; + + /** + * @return Annotations of the resource + * + */ + public Optional>> annotations() { + return Optional.ofNullable(this.annotations); + } + + /** + * defaults allows the user to define admission control mode for Pod Security + * + */ + @Import(name="defaults", required=true) + private Output defaults; + + /** + * @return defaults allows the user to define admission control mode for Pod Security + * + */ + public Output defaults() { + return this.defaults; + } + + /** + * Pod Security Admission Configuration template description + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return Pod Security Admission Configuration template description + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + */ + @Import(name="exemptions") + private @Nullable Output exemptions; + + /** + * @return exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + */ + public Optional> exemptions() { + return Optional.ofNullable(this.exemptions); + } + + /** + * Labels of the resource + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Labels of the resource + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * Pod Security Admission Configuration template name + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Pod Security Admission Configuration template name + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + private PodSecurityAdmissionConfigurationTemplateArgs() {} + + private PodSecurityAdmissionConfigurationTemplateArgs(PodSecurityAdmissionConfigurationTemplateArgs $) { + this.annotations = $.annotations; + this.defaults = $.defaults; + this.description = $.description; + this.exemptions = $.exemptions; + this.labels = $.labels; + this.name = $.name; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PodSecurityAdmissionConfigurationTemplateArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PodSecurityAdmissionConfigurationTemplateArgs $; + + public Builder() { + $ = new PodSecurityAdmissionConfigurationTemplateArgs(); + } + + public Builder(PodSecurityAdmissionConfigurationTemplateArgs defaults) { + $ = new PodSecurityAdmissionConfigurationTemplateArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param annotations Annotations of the resource + * + * @return builder + * + */ + public Builder annotations(@Nullable Output> annotations) { + $.annotations = annotations; + return this; + } + + /** + * @param annotations Annotations of the resource + * + * @return builder + * + */ + public Builder annotations(Map annotations) { + return annotations(Output.of(annotations)); + } + + /** + * @param defaults defaults allows the user to define admission control mode for Pod Security + * + * @return builder + * + */ + public Builder defaults(Output defaults) { + $.defaults = defaults; + return this; + } + + /** + * @param defaults defaults allows the user to define admission control mode for Pod Security + * + * @return builder + * + */ + public Builder defaults(PodSecurityAdmissionConfigurationTemplateDefaultsArgs defaults) { + return defaults(Output.of(defaults)); + } + + /** + * @param description Pod Security Admission Configuration template description + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description Pod Security Admission Configuration template description + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param exemptions exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + * @return builder + * + */ + public Builder exemptions(@Nullable Output exemptions) { + $.exemptions = exemptions; + return this; + } + + /** + * @param exemptions exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + * @return builder + * + */ + public Builder exemptions(PodSecurityAdmissionConfigurationTemplateExemptionsArgs exemptions) { + return exemptions(Output.of(exemptions)); + } + + /** + * @param labels Labels of the resource + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Labels of the resource + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param name Pod Security Admission Configuration template name + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Pod Security Admission Configuration template name + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + public PodSecurityAdmissionConfigurationTemplateArgs build() { + if ($.defaults == null) { + throw new MissingRequiredPropertyException("PodSecurityAdmissionConfigurationTemplateArgs", "defaults"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/Rancher2Functions.java b/sdk/java/src/main/java/com/pulumi/rancher2/Rancher2Functions.java index 336117080..9d715ba65 100644 --- a/sdk/java/src/main/java/com/pulumi/rancher2/Rancher2Functions.java +++ b/sdk/java/src/main/java/com/pulumi/rancher2/Rancher2Functions.java @@ -54,6 +54,8 @@ import com.pulumi.rancher2.inputs.GetNodeTemplatePlainArgs; import com.pulumi.rancher2.inputs.GetNotifierArgs; import com.pulumi.rancher2.inputs.GetNotifierPlainArgs; +import com.pulumi.rancher2.inputs.GetPodSecurityAdmissionConfigurationTemplateArgs; +import com.pulumi.rancher2.inputs.GetPodSecurityAdmissionConfigurationTemplatePlainArgs; import com.pulumi.rancher2.inputs.GetPodSecurityPolicyTemplateArgs; import com.pulumi.rancher2.inputs.GetPodSecurityPolicyTemplatePlainArgs; import com.pulumi.rancher2.inputs.GetPrincipalArgs; @@ -103,6 +105,7 @@ import com.pulumi.rancher2.outputs.GetNodePoolResult; import com.pulumi.rancher2.outputs.GetNodeTemplateResult; import com.pulumi.rancher2.outputs.GetNotifierResult; +import com.pulumi.rancher2.outputs.GetPodSecurityAdmissionConfigurationTemplateResult; import com.pulumi.rancher2.outputs.GetPodSecurityPolicyTemplateResult; import com.pulumi.rancher2.outputs.GetPrincipalResult; import com.pulumi.rancher2.outputs.GetProjectAlertGroupResult; @@ -3739,6 +3742,18 @@ public static Output getNotifier(GetNotifierArgs args, Invoke public static CompletableFuture getNotifierPlain(GetNotifierPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("rancher2:index/getNotifier:getNotifier", TypeShape.of(GetNotifierResult.class), args, Utilities.withVersion(options)); } + public static Output getPodSecurityAdmissionConfigurationTemplate(GetPodSecurityAdmissionConfigurationTemplateArgs args) { + return getPodSecurityAdmissionConfigurationTemplate(args, InvokeOptions.Empty); + } + public static CompletableFuture getPodSecurityAdmissionConfigurationTemplatePlain(GetPodSecurityAdmissionConfigurationTemplatePlainArgs args) { + return getPodSecurityAdmissionConfigurationTemplatePlain(args, InvokeOptions.Empty); + } + public static Output getPodSecurityAdmissionConfigurationTemplate(GetPodSecurityAdmissionConfigurationTemplateArgs args, InvokeOptions options) { + return Deployment.getInstance().invoke("rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate", TypeShape.of(GetPodSecurityAdmissionConfigurationTemplateResult.class), args, Utilities.withVersion(options)); + } + public static CompletableFuture getPodSecurityAdmissionConfigurationTemplatePlain(GetPodSecurityAdmissionConfigurationTemplatePlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate", TypeShape.of(GetPodSecurityAdmissionConfigurationTemplateResult.class), args, Utilities.withVersion(options)); + } /** * Use this data source to retrieve information about a Rancher v2 PodSecurityPolicyTemplate. * diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/inputs/ClusterState.java b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/ClusterState.java index b310de257..26a2aceee 100644 --- a/sdk/java/src/main/java/com/pulumi/rancher2/inputs/ClusterState.java +++ b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/ClusterState.java @@ -233,14 +233,14 @@ public Optional> clusterTemplateRevisionId() { } /** - * Cluster default pod security admission configuration template name (string) + * The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * */ @Import(name="defaultPodSecurityAdmissionConfigurationTemplateName") private @Nullable Output defaultPodSecurityAdmissionConfigurationTemplateName; /** - * @return Cluster default pod security admission configuration template name (string) + * @return The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * */ public Optional> defaultPodSecurityAdmissionConfigurationTemplateName() { @@ -1028,7 +1028,7 @@ public Builder clusterTemplateRevisionId(String clusterTemplateRevisionId) { } /** - * @param defaultPodSecurityAdmissionConfigurationTemplateName Cluster default pod security admission configuration template name (string) + * @param defaultPodSecurityAdmissionConfigurationTemplateName The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * * @return builder * @@ -1039,7 +1039,7 @@ public Builder defaultPodSecurityAdmissionConfigurationTemplateName(@Nullable Ou } /** - * @param defaultPodSecurityAdmissionConfigurationTemplateName Cluster default pod security admission configuration template name (string) + * @param defaultPodSecurityAdmissionConfigurationTemplateName The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplateArgs.java b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplateArgs.java new file mode 100644 index 000000000..a9318ea37 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplateArgs.java @@ -0,0 +1,103 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GetPodSecurityAdmissionConfigurationTemplateArgs extends com.pulumi.resources.InvokeArgs { + + public static final GetPodSecurityAdmissionConfigurationTemplateArgs Empty = new GetPodSecurityAdmissionConfigurationTemplateArgs(); + + @Import(name="annotations") + private @Nullable Output> annotations; + + public Optional>> annotations() { + return Optional.ofNullable(this.annotations); + } + + @Import(name="labels") + private @Nullable Output> labels; + + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + @Import(name="name", required=true) + private Output name; + + public Output name() { + return this.name; + } + + private GetPodSecurityAdmissionConfigurationTemplateArgs() {} + + private GetPodSecurityAdmissionConfigurationTemplateArgs(GetPodSecurityAdmissionConfigurationTemplateArgs $) { + this.annotations = $.annotations; + this.labels = $.labels; + this.name = $.name; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GetPodSecurityAdmissionConfigurationTemplateArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GetPodSecurityAdmissionConfigurationTemplateArgs $; + + public Builder() { + $ = new GetPodSecurityAdmissionConfigurationTemplateArgs(); + } + + public Builder(GetPodSecurityAdmissionConfigurationTemplateArgs defaults) { + $ = new GetPodSecurityAdmissionConfigurationTemplateArgs(Objects.requireNonNull(defaults)); + } + + public Builder annotations(@Nullable Output> annotations) { + $.annotations = annotations; + return this; + } + + public Builder annotations(Map annotations) { + return annotations(Output.of(annotations)); + } + + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + public Builder name(Output name) { + $.name = name; + return this; + } + + public Builder name(String name) { + return name(Output.of(name)); + } + + public GetPodSecurityAdmissionConfigurationTemplateArgs build() { + if ($.name == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateArgs", "name"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplatePlainArgs.java b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplatePlainArgs.java new file mode 100644 index 000000000..76cad1eae --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/GetPodSecurityAdmissionConfigurationTemplatePlainArgs.java @@ -0,0 +1,90 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.inputs; + +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GetPodSecurityAdmissionConfigurationTemplatePlainArgs extends com.pulumi.resources.InvokeArgs { + + public static final GetPodSecurityAdmissionConfigurationTemplatePlainArgs Empty = new GetPodSecurityAdmissionConfigurationTemplatePlainArgs(); + + @Import(name="annotations") + private @Nullable Map annotations; + + public Optional> annotations() { + return Optional.ofNullable(this.annotations); + } + + @Import(name="labels") + private @Nullable Map labels; + + public Optional> labels() { + return Optional.ofNullable(this.labels); + } + + @Import(name="name", required=true) + private String name; + + public String name() { + return this.name; + } + + private GetPodSecurityAdmissionConfigurationTemplatePlainArgs() {} + + private GetPodSecurityAdmissionConfigurationTemplatePlainArgs(GetPodSecurityAdmissionConfigurationTemplatePlainArgs $) { + this.annotations = $.annotations; + this.labels = $.labels; + this.name = $.name; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GetPodSecurityAdmissionConfigurationTemplatePlainArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GetPodSecurityAdmissionConfigurationTemplatePlainArgs $; + + public Builder() { + $ = new GetPodSecurityAdmissionConfigurationTemplatePlainArgs(); + } + + public Builder(GetPodSecurityAdmissionConfigurationTemplatePlainArgs defaults) { + $ = new GetPodSecurityAdmissionConfigurationTemplatePlainArgs(Objects.requireNonNull(defaults)); + } + + public Builder annotations(@Nullable Map annotations) { + $.annotations = annotations; + return this; + } + + public Builder labels(@Nullable Map labels) { + $.labels = labels; + return this; + } + + public Builder name(String name) { + $.name = name; + return this; + } + + public GetPodSecurityAdmissionConfigurationTemplatePlainArgs build() { + if ($.name == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplatePlainArgs", "name"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.java b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.java new file mode 100644 index 000000000..e6f6e165a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateDefaultsArgs.java @@ -0,0 +1,268 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PodSecurityAdmissionConfigurationTemplateDefaultsArgs extends com.pulumi.resources.ResourceArgs { + + public static final PodSecurityAdmissionConfigurationTemplateDefaultsArgs Empty = new PodSecurityAdmissionConfigurationTemplateDefaultsArgs(); + + /** + * Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + @Import(name="audit") + private @Nullable Output audit; + + /** + * @return Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional> audit() { + return Optional.ofNullable(this.audit); + } + + /** + * Pod Security Admission Configuration audit version (default: latest) + * + */ + @Import(name="auditVersion") + private @Nullable Output auditVersion; + + /** + * @return Pod Security Admission Configuration audit version (default: latest) + * + */ + public Optional> auditVersion() { + return Optional.ofNullable(this.auditVersion); + } + + /** + * Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + @Import(name="enforce") + private @Nullable Output enforce; + + /** + * @return Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional> enforce() { + return Optional.ofNullable(this.enforce); + } + + /** + * Pod Security Admission Configuration enforce version (default: latest) + * + */ + @Import(name="enforceVersion") + private @Nullable Output enforceVersion; + + /** + * @return Pod Security Admission Configuration enforce version (default: latest) + * + */ + public Optional> enforceVersion() { + return Optional.ofNullable(this.enforceVersion); + } + + /** + * Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + @Import(name="warn") + private @Nullable Output warn; + + /** + * @return Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional> warn() { + return Optional.ofNullable(this.warn); + } + + /** + * Pod Security Admission Configuration warn version (default: latest) + * + */ + @Import(name="warnVersion") + private @Nullable Output warnVersion; + + /** + * @return Pod Security Admission Configuration warn version (default: latest) + * + */ + public Optional> warnVersion() { + return Optional.ofNullable(this.warnVersion); + } + + private PodSecurityAdmissionConfigurationTemplateDefaultsArgs() {} + + private PodSecurityAdmissionConfigurationTemplateDefaultsArgs(PodSecurityAdmissionConfigurationTemplateDefaultsArgs $) { + this.audit = $.audit; + this.auditVersion = $.auditVersion; + this.enforce = $.enforce; + this.enforceVersion = $.enforceVersion; + this.warn = $.warn; + this.warnVersion = $.warnVersion; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PodSecurityAdmissionConfigurationTemplateDefaultsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PodSecurityAdmissionConfigurationTemplateDefaultsArgs $; + + public Builder() { + $ = new PodSecurityAdmissionConfigurationTemplateDefaultsArgs(); + } + + public Builder(PodSecurityAdmissionConfigurationTemplateDefaultsArgs defaults) { + $ = new PodSecurityAdmissionConfigurationTemplateDefaultsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param audit Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + * @return builder + * + */ + public Builder audit(@Nullable Output audit) { + $.audit = audit; + return this; + } + + /** + * @param audit Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + * @return builder + * + */ + public Builder audit(String audit) { + return audit(Output.of(audit)); + } + + /** + * @param auditVersion Pod Security Admission Configuration audit version (default: latest) + * + * @return builder + * + */ + public Builder auditVersion(@Nullable Output auditVersion) { + $.auditVersion = auditVersion; + return this; + } + + /** + * @param auditVersion Pod Security Admission Configuration audit version (default: latest) + * + * @return builder + * + */ + public Builder auditVersion(String auditVersion) { + return auditVersion(Output.of(auditVersion)); + } + + /** + * @param enforce Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + * @return builder + * + */ + public Builder enforce(@Nullable Output enforce) { + $.enforce = enforce; + return this; + } + + /** + * @param enforce Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + * @return builder + * + */ + public Builder enforce(String enforce) { + return enforce(Output.of(enforce)); + } + + /** + * @param enforceVersion Pod Security Admission Configuration enforce version (default: latest) + * + * @return builder + * + */ + public Builder enforceVersion(@Nullable Output enforceVersion) { + $.enforceVersion = enforceVersion; + return this; + } + + /** + * @param enforceVersion Pod Security Admission Configuration enforce version (default: latest) + * + * @return builder + * + */ + public Builder enforceVersion(String enforceVersion) { + return enforceVersion(Output.of(enforceVersion)); + } + + /** + * @param warn Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + * @return builder + * + */ + public Builder warn(@Nullable Output warn) { + $.warn = warn; + return this; + } + + /** + * @param warn Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + * @return builder + * + */ + public Builder warn(String warn) { + return warn(Output.of(warn)); + } + + /** + * @param warnVersion Pod Security Admission Configuration warn version (default: latest) + * + * @return builder + * + */ + public Builder warnVersion(@Nullable Output warnVersion) { + $.warnVersion = warnVersion; + return this; + } + + /** + * @param warnVersion Pod Security Admission Configuration warn version (default: latest) + * + * @return builder + * + */ + public Builder warnVersion(String warnVersion) { + return warnVersion(Output.of(warnVersion)); + } + + public PodSecurityAdmissionConfigurationTemplateDefaultsArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.java b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.java new file mode 100644 index 000000000..87e1076de --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateExemptionsArgs.java @@ -0,0 +1,188 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PodSecurityAdmissionConfigurationTemplateExemptionsArgs extends com.pulumi.resources.ResourceArgs { + + public static final PodSecurityAdmissionConfigurationTemplateExemptionsArgs Empty = new PodSecurityAdmissionConfigurationTemplateExemptionsArgs(); + + /** + * Pod Security Admission Configuration namespace exemptions + * + */ + @Import(name="namespaces") + private @Nullable Output> namespaces; + + /** + * @return Pod Security Admission Configuration namespace exemptions + * + */ + public Optional>> namespaces() { + return Optional.ofNullable(this.namespaces); + } + + /** + * Pod Security Admission Configuration runtime class exemptions + * + */ + @Import(name="runtimeClasses") + private @Nullable Output> runtimeClasses; + + /** + * @return Pod Security Admission Configuration runtime class exemptions + * + */ + public Optional>> runtimeClasses() { + return Optional.ofNullable(this.runtimeClasses); + } + + /** + * Pod Security Admission Configuration username exemptions + * + */ + @Import(name="usernames") + private @Nullable Output> usernames; + + /** + * @return Pod Security Admission Configuration username exemptions + * + */ + public Optional>> usernames() { + return Optional.ofNullable(this.usernames); + } + + private PodSecurityAdmissionConfigurationTemplateExemptionsArgs() {} + + private PodSecurityAdmissionConfigurationTemplateExemptionsArgs(PodSecurityAdmissionConfigurationTemplateExemptionsArgs $) { + this.namespaces = $.namespaces; + this.runtimeClasses = $.runtimeClasses; + this.usernames = $.usernames; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PodSecurityAdmissionConfigurationTemplateExemptionsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PodSecurityAdmissionConfigurationTemplateExemptionsArgs $; + + public Builder() { + $ = new PodSecurityAdmissionConfigurationTemplateExemptionsArgs(); + } + + public Builder(PodSecurityAdmissionConfigurationTemplateExemptionsArgs defaults) { + $ = new PodSecurityAdmissionConfigurationTemplateExemptionsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param namespaces Pod Security Admission Configuration namespace exemptions + * + * @return builder + * + */ + public Builder namespaces(@Nullable Output> namespaces) { + $.namespaces = namespaces; + return this; + } + + /** + * @param namespaces Pod Security Admission Configuration namespace exemptions + * + * @return builder + * + */ + public Builder namespaces(List namespaces) { + return namespaces(Output.of(namespaces)); + } + + /** + * @param namespaces Pod Security Admission Configuration namespace exemptions + * + * @return builder + * + */ + public Builder namespaces(String... namespaces) { + return namespaces(List.of(namespaces)); + } + + /** + * @param runtimeClasses Pod Security Admission Configuration runtime class exemptions + * + * @return builder + * + */ + public Builder runtimeClasses(@Nullable Output> runtimeClasses) { + $.runtimeClasses = runtimeClasses; + return this; + } + + /** + * @param runtimeClasses Pod Security Admission Configuration runtime class exemptions + * + * @return builder + * + */ + public Builder runtimeClasses(List runtimeClasses) { + return runtimeClasses(Output.of(runtimeClasses)); + } + + /** + * @param runtimeClasses Pod Security Admission Configuration runtime class exemptions + * + * @return builder + * + */ + public Builder runtimeClasses(String... runtimeClasses) { + return runtimeClasses(List.of(runtimeClasses)); + } + + /** + * @param usernames Pod Security Admission Configuration username exemptions + * + * @return builder + * + */ + public Builder usernames(@Nullable Output> usernames) { + $.usernames = usernames; + return this; + } + + /** + * @param usernames Pod Security Admission Configuration username exemptions + * + * @return builder + * + */ + public Builder usernames(List usernames) { + return usernames(Output.of(usernames)); + } + + /** + * @param usernames Pod Security Admission Configuration username exemptions + * + * @return builder + * + */ + public Builder usernames(String... usernames) { + return usernames(List.of(usernames)); + } + + public PodSecurityAdmissionConfigurationTemplateExemptionsArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateState.java b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateState.java new file mode 100644 index 000000000..6229f5c00 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/inputs/PodSecurityAdmissionConfigurationTemplateState.java @@ -0,0 +1,276 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateDefaultsArgs; +import com.pulumi.rancher2.inputs.PodSecurityAdmissionConfigurationTemplateExemptionsArgs; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PodSecurityAdmissionConfigurationTemplateState extends com.pulumi.resources.ResourceArgs { + + public static final PodSecurityAdmissionConfigurationTemplateState Empty = new PodSecurityAdmissionConfigurationTemplateState(); + + /** + * Annotations of the resource + * + */ + @Import(name="annotations") + private @Nullable Output> annotations; + + /** + * @return Annotations of the resource + * + */ + public Optional>> annotations() { + return Optional.ofNullable(this.annotations); + } + + /** + * defaults allows the user to define admission control mode for Pod Security + * + */ + @Import(name="defaults") + private @Nullable Output defaults; + + /** + * @return defaults allows the user to define admission control mode for Pod Security + * + */ + public Optional> defaults() { + return Optional.ofNullable(this.defaults); + } + + /** + * Pod Security Admission Configuration template description + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return Pod Security Admission Configuration template description + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + */ + @Import(name="exemptions") + private @Nullable Output exemptions; + + /** + * @return exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + */ + public Optional> exemptions() { + return Optional.ofNullable(this.exemptions); + } + + /** + * Labels of the resource + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Labels of the resource + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * Pod Security Admission Configuration template name + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Pod Security Admission Configuration template name + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + private PodSecurityAdmissionConfigurationTemplateState() {} + + private PodSecurityAdmissionConfigurationTemplateState(PodSecurityAdmissionConfigurationTemplateState $) { + this.annotations = $.annotations; + this.defaults = $.defaults; + this.description = $.description; + this.exemptions = $.exemptions; + this.labels = $.labels; + this.name = $.name; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PodSecurityAdmissionConfigurationTemplateState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PodSecurityAdmissionConfigurationTemplateState $; + + public Builder() { + $ = new PodSecurityAdmissionConfigurationTemplateState(); + } + + public Builder(PodSecurityAdmissionConfigurationTemplateState defaults) { + $ = new PodSecurityAdmissionConfigurationTemplateState(Objects.requireNonNull(defaults)); + } + + /** + * @param annotations Annotations of the resource + * + * @return builder + * + */ + public Builder annotations(@Nullable Output> annotations) { + $.annotations = annotations; + return this; + } + + /** + * @param annotations Annotations of the resource + * + * @return builder + * + */ + public Builder annotations(Map annotations) { + return annotations(Output.of(annotations)); + } + + /** + * @param defaults defaults allows the user to define admission control mode for Pod Security + * + * @return builder + * + */ + public Builder defaults(@Nullable Output defaults) { + $.defaults = defaults; + return this; + } + + /** + * @param defaults defaults allows the user to define admission control mode for Pod Security + * + * @return builder + * + */ + public Builder defaults(PodSecurityAdmissionConfigurationTemplateDefaultsArgs defaults) { + return defaults(Output.of(defaults)); + } + + /** + * @param description Pod Security Admission Configuration template description + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description Pod Security Admission Configuration template description + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param exemptions exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + * @return builder + * + */ + public Builder exemptions(@Nullable Output exemptions) { + $.exemptions = exemptions; + return this; + } + + /** + * @param exemptions exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + * + * @return builder + * + */ + public Builder exemptions(PodSecurityAdmissionConfigurationTemplateExemptionsArgs exemptions) { + return exemptions(Output.of(exemptions)); + } + + /** + * @param labels Labels of the resource + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Labels of the resource + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param name Pod Security Admission Configuration template name + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Pod Security Admission Configuration template name + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + public PodSecurityAdmissionConfigurationTemplateState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateDefaults.java b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateDefaults.java new file mode 100644 index 000000000..14803f186 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateDefaults.java @@ -0,0 +1,162 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GetPodSecurityAdmissionConfigurationTemplateDefaults { + /** + * @return Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + private @Nullable String audit; + /** + * @return Pod Security Admission Configuration audit version (default: latest) + * + */ + private @Nullable String auditVersion; + /** + * @return Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + private @Nullable String enforce; + /** + * @return Pod Security Admission Configuration enforce version (default: latest) + * + */ + private @Nullable String enforceVersion; + /** + * @return Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + private @Nullable String warn; + /** + * @return Pod Security Admission Configuration warn version (default: latest) + * + */ + private @Nullable String warnVersion; + + private GetPodSecurityAdmissionConfigurationTemplateDefaults() {} + /** + * @return Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional audit() { + return Optional.ofNullable(this.audit); + } + /** + * @return Pod Security Admission Configuration audit version (default: latest) + * + */ + public Optional auditVersion() { + return Optional.ofNullable(this.auditVersion); + } + /** + * @return Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional enforce() { + return Optional.ofNullable(this.enforce); + } + /** + * @return Pod Security Admission Configuration enforce version (default: latest) + * + */ + public Optional enforceVersion() { + return Optional.ofNullable(this.enforceVersion); + } + /** + * @return Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional warn() { + return Optional.ofNullable(this.warn); + } + /** + * @return Pod Security Admission Configuration warn version (default: latest) + * + */ + public Optional warnVersion() { + return Optional.ofNullable(this.warnVersion); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GetPodSecurityAdmissionConfigurationTemplateDefaults defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String audit; + private @Nullable String auditVersion; + private @Nullable String enforce; + private @Nullable String enforceVersion; + private @Nullable String warn; + private @Nullable String warnVersion; + public Builder() {} + public Builder(GetPodSecurityAdmissionConfigurationTemplateDefaults defaults) { + Objects.requireNonNull(defaults); + this.audit = defaults.audit; + this.auditVersion = defaults.auditVersion; + this.enforce = defaults.enforce; + this.enforceVersion = defaults.enforceVersion; + this.warn = defaults.warn; + this.warnVersion = defaults.warnVersion; + } + + @CustomType.Setter + public Builder audit(@Nullable String audit) { + + this.audit = audit; + return this; + } + @CustomType.Setter + public Builder auditVersion(@Nullable String auditVersion) { + + this.auditVersion = auditVersion; + return this; + } + @CustomType.Setter + public Builder enforce(@Nullable String enforce) { + + this.enforce = enforce; + return this; + } + @CustomType.Setter + public Builder enforceVersion(@Nullable String enforceVersion) { + + this.enforceVersion = enforceVersion; + return this; + } + @CustomType.Setter + public Builder warn(@Nullable String warn) { + + this.warn = warn; + return this; + } + @CustomType.Setter + public Builder warnVersion(@Nullable String warnVersion) { + + this.warnVersion = warnVersion; + return this; + } + public GetPodSecurityAdmissionConfigurationTemplateDefaults build() { + final var _resultValue = new GetPodSecurityAdmissionConfigurationTemplateDefaults(); + _resultValue.audit = audit; + _resultValue.auditVersion = auditVersion; + _resultValue.enforce = enforce; + _resultValue.enforceVersion = enforceVersion; + _resultValue.warn = warn; + _resultValue.warnVersion = warnVersion; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateExemptions.java b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateExemptions.java new file mode 100644 index 000000000..3c0b50d8d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateExemptions.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GetPodSecurityAdmissionConfigurationTemplateExemptions { + /** + * @return Pod Security Admission Configuration namespace exemptions + * + */ + private @Nullable List namespaces; + /** + * @return Pod Security Admission Configuration runtime class exemptions + * + */ + private @Nullable List runtimeClasses; + /** + * @return Pod Security Admission Configuration username exemptions + * + */ + private @Nullable List usernames; + + private GetPodSecurityAdmissionConfigurationTemplateExemptions() {} + /** + * @return Pod Security Admission Configuration namespace exemptions + * + */ + public List namespaces() { + return this.namespaces == null ? List.of() : this.namespaces; + } + /** + * @return Pod Security Admission Configuration runtime class exemptions + * + */ + public List runtimeClasses() { + return this.runtimeClasses == null ? List.of() : this.runtimeClasses; + } + /** + * @return Pod Security Admission Configuration username exemptions + * + */ + public List usernames() { + return this.usernames == null ? List.of() : this.usernames; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GetPodSecurityAdmissionConfigurationTemplateExemptions defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List namespaces; + private @Nullable List runtimeClasses; + private @Nullable List usernames; + public Builder() {} + public Builder(GetPodSecurityAdmissionConfigurationTemplateExemptions defaults) { + Objects.requireNonNull(defaults); + this.namespaces = defaults.namespaces; + this.runtimeClasses = defaults.runtimeClasses; + this.usernames = defaults.usernames; + } + + @CustomType.Setter + public Builder namespaces(@Nullable List namespaces) { + + this.namespaces = namespaces; + return this; + } + public Builder namespaces(String... namespaces) { + return namespaces(List.of(namespaces)); + } + @CustomType.Setter + public Builder runtimeClasses(@Nullable List runtimeClasses) { + + this.runtimeClasses = runtimeClasses; + return this; + } + public Builder runtimeClasses(String... runtimeClasses) { + return runtimeClasses(List.of(runtimeClasses)); + } + @CustomType.Setter + public Builder usernames(@Nullable List usernames) { + + this.usernames = usernames; + return this; + } + public Builder usernames(String... usernames) { + return usernames(List.of(usernames)); + } + public GetPodSecurityAdmissionConfigurationTemplateExemptions build() { + final var _resultValue = new GetPodSecurityAdmissionConfigurationTemplateExemptions(); + _resultValue.namespaces = namespaces; + _resultValue.runtimeClasses = runtimeClasses; + _resultValue.usernames = usernames; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateResult.java b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateResult.java new file mode 100644 index 000000000..96f887726 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/GetPodSecurityAdmissionConfigurationTemplateResult.java @@ -0,0 +1,152 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.rancher2.outputs.GetPodSecurityAdmissionConfigurationTemplateDefaults; +import com.pulumi.rancher2.outputs.GetPodSecurityAdmissionConfigurationTemplateExemptions; +import java.lang.Object; +import java.lang.String; +import java.util.Map; +import java.util.Objects; + +@CustomType +public final class GetPodSecurityAdmissionConfigurationTemplateResult { + private Map annotations; + private GetPodSecurityAdmissionConfigurationTemplateDefaults defaults; + private String description; + private GetPodSecurityAdmissionConfigurationTemplateExemptions exemptions; + /** + * @return The provider-assigned unique ID for this managed resource. + * + */ + private String id; + private Map labels; + private String name; + + private GetPodSecurityAdmissionConfigurationTemplateResult() {} + public Map annotations() { + return this.annotations; + } + public GetPodSecurityAdmissionConfigurationTemplateDefaults defaults() { + return this.defaults; + } + public String description() { + return this.description; + } + public GetPodSecurityAdmissionConfigurationTemplateExemptions exemptions() { + return this.exemptions; + } + /** + * @return The provider-assigned unique ID for this managed resource. + * + */ + public String id() { + return this.id; + } + public Map labels() { + return this.labels; + } + public String name() { + return this.name; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GetPodSecurityAdmissionConfigurationTemplateResult defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private Map annotations; + private GetPodSecurityAdmissionConfigurationTemplateDefaults defaults; + private String description; + private GetPodSecurityAdmissionConfigurationTemplateExemptions exemptions; + private String id; + private Map labels; + private String name; + public Builder() {} + public Builder(GetPodSecurityAdmissionConfigurationTemplateResult defaults) { + Objects.requireNonNull(defaults); + this.annotations = defaults.annotations; + this.defaults = defaults.defaults; + this.description = defaults.description; + this.exemptions = defaults.exemptions; + this.id = defaults.id; + this.labels = defaults.labels; + this.name = defaults.name; + } + + @CustomType.Setter + public Builder annotations(Map annotations) { + if (annotations == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateResult", "annotations"); + } + this.annotations = annotations; + return this; + } + @CustomType.Setter + public Builder defaults(GetPodSecurityAdmissionConfigurationTemplateDefaults defaults) { + if (defaults == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateResult", "defaults"); + } + this.defaults = defaults; + return this; + } + @CustomType.Setter + public Builder description(String description) { + if (description == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateResult", "description"); + } + this.description = description; + return this; + } + @CustomType.Setter + public Builder exemptions(GetPodSecurityAdmissionConfigurationTemplateExemptions exemptions) { + if (exemptions == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateResult", "exemptions"); + } + this.exemptions = exemptions; + return this; + } + @CustomType.Setter + public Builder id(String id) { + if (id == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateResult", "id"); + } + this.id = id; + return this; + } + @CustomType.Setter + public Builder labels(Map labels) { + if (labels == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateResult", "labels"); + } + this.labels = labels; + return this; + } + @CustomType.Setter + public Builder name(String name) { + if (name == null) { + throw new MissingRequiredPropertyException("GetPodSecurityAdmissionConfigurationTemplateResult", "name"); + } + this.name = name; + return this; + } + public GetPodSecurityAdmissionConfigurationTemplateResult build() { + final var _resultValue = new GetPodSecurityAdmissionConfigurationTemplateResult(); + _resultValue.annotations = annotations; + _resultValue.defaults = defaults; + _resultValue.description = description; + _resultValue.exemptions = exemptions; + _resultValue.id = id; + _resultValue.labels = labels; + _resultValue.name = name; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateDefaults.java b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateDefaults.java new file mode 100644 index 000000000..1fba1fd16 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateDefaults.java @@ -0,0 +1,162 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class PodSecurityAdmissionConfigurationTemplateDefaults { + /** + * @return Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + private @Nullable String audit; + /** + * @return Pod Security Admission Configuration audit version (default: latest) + * + */ + private @Nullable String auditVersion; + /** + * @return Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + private @Nullable String enforce; + /** + * @return Pod Security Admission Configuration enforce version (default: latest) + * + */ + private @Nullable String enforceVersion; + /** + * @return Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + private @Nullable String warn; + /** + * @return Pod Security Admission Configuration warn version (default: latest) + * + */ + private @Nullable String warnVersion; + + private PodSecurityAdmissionConfigurationTemplateDefaults() {} + /** + * @return Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional audit() { + return Optional.ofNullable(this.audit); + } + /** + * @return Pod Security Admission Configuration audit version (default: latest) + * + */ + public Optional auditVersion() { + return Optional.ofNullable(this.auditVersion); + } + /** + * @return Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional enforce() { + return Optional.ofNullable(this.enforce); + } + /** + * @return Pod Security Admission Configuration enforce version (default: latest) + * + */ + public Optional enforceVersion() { + return Optional.ofNullable(this.enforceVersion); + } + /** + * @return Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + * + */ + public Optional warn() { + return Optional.ofNullable(this.warn); + } + /** + * @return Pod Security Admission Configuration warn version (default: latest) + * + */ + public Optional warnVersion() { + return Optional.ofNullable(this.warnVersion); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(PodSecurityAdmissionConfigurationTemplateDefaults defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String audit; + private @Nullable String auditVersion; + private @Nullable String enforce; + private @Nullable String enforceVersion; + private @Nullable String warn; + private @Nullable String warnVersion; + public Builder() {} + public Builder(PodSecurityAdmissionConfigurationTemplateDefaults defaults) { + Objects.requireNonNull(defaults); + this.audit = defaults.audit; + this.auditVersion = defaults.auditVersion; + this.enforce = defaults.enforce; + this.enforceVersion = defaults.enforceVersion; + this.warn = defaults.warn; + this.warnVersion = defaults.warnVersion; + } + + @CustomType.Setter + public Builder audit(@Nullable String audit) { + + this.audit = audit; + return this; + } + @CustomType.Setter + public Builder auditVersion(@Nullable String auditVersion) { + + this.auditVersion = auditVersion; + return this; + } + @CustomType.Setter + public Builder enforce(@Nullable String enforce) { + + this.enforce = enforce; + return this; + } + @CustomType.Setter + public Builder enforceVersion(@Nullable String enforceVersion) { + + this.enforceVersion = enforceVersion; + return this; + } + @CustomType.Setter + public Builder warn(@Nullable String warn) { + + this.warn = warn; + return this; + } + @CustomType.Setter + public Builder warnVersion(@Nullable String warnVersion) { + + this.warnVersion = warnVersion; + return this; + } + public PodSecurityAdmissionConfigurationTemplateDefaults build() { + final var _resultValue = new PodSecurityAdmissionConfigurationTemplateDefaults(); + _resultValue.audit = audit; + _resultValue.auditVersion = auditVersion; + _resultValue.enforce = enforce; + _resultValue.enforceVersion = enforceVersion; + _resultValue.warn = warn; + _resultValue.warnVersion = warnVersion; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateExemptions.java b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateExemptions.java new file mode 100644 index 000000000..1cdf352b5 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/rancher2/outputs/PodSecurityAdmissionConfigurationTemplateExemptions.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.rancher2.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class PodSecurityAdmissionConfigurationTemplateExemptions { + /** + * @return Pod Security Admission Configuration namespace exemptions + * + */ + private @Nullable List namespaces; + /** + * @return Pod Security Admission Configuration runtime class exemptions + * + */ + private @Nullable List runtimeClasses; + /** + * @return Pod Security Admission Configuration username exemptions + * + */ + private @Nullable List usernames; + + private PodSecurityAdmissionConfigurationTemplateExemptions() {} + /** + * @return Pod Security Admission Configuration namespace exemptions + * + */ + public List namespaces() { + return this.namespaces == null ? List.of() : this.namespaces; + } + /** + * @return Pod Security Admission Configuration runtime class exemptions + * + */ + public List runtimeClasses() { + return this.runtimeClasses == null ? List.of() : this.runtimeClasses; + } + /** + * @return Pod Security Admission Configuration username exemptions + * + */ + public List usernames() { + return this.usernames == null ? List.of() : this.usernames; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(PodSecurityAdmissionConfigurationTemplateExemptions defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List namespaces; + private @Nullable List runtimeClasses; + private @Nullable List usernames; + public Builder() {} + public Builder(PodSecurityAdmissionConfigurationTemplateExemptions defaults) { + Objects.requireNonNull(defaults); + this.namespaces = defaults.namespaces; + this.runtimeClasses = defaults.runtimeClasses; + this.usernames = defaults.usernames; + } + + @CustomType.Setter + public Builder namespaces(@Nullable List namespaces) { + + this.namespaces = namespaces; + return this; + } + public Builder namespaces(String... namespaces) { + return namespaces(List.of(namespaces)); + } + @CustomType.Setter + public Builder runtimeClasses(@Nullable List runtimeClasses) { + + this.runtimeClasses = runtimeClasses; + return this; + } + public Builder runtimeClasses(String... runtimeClasses) { + return runtimeClasses(List.of(runtimeClasses)); + } + @CustomType.Setter + public Builder usernames(@Nullable List usernames) { + + this.usernames = usernames; + return this; + } + public Builder usernames(String... usernames) { + return usernames(List.of(usernames)); + } + public PodSecurityAdmissionConfigurationTemplateExemptions build() { + final var _resultValue = new PodSecurityAdmissionConfigurationTemplateExemptions(); + _resultValue.namespaces = namespaces; + _resultValue.runtimeClasses = runtimeClasses; + _resultValue.usernames = usernames; + return _resultValue; + } + } +} diff --git a/sdk/nodejs/cluster.ts b/sdk/nodejs/cluster.ts index a75949bf4..e4ef9e772 100644 --- a/sdk/nodejs/cluster.ts +++ b/sdk/nodejs/cluster.ts @@ -359,6 +359,45 @@ import * as utilities from "./utilities"; * ``` * * + * ### Creating Rancher v2 RKE cluster with Pod Security Admission Configuration Template (PSACT). For Rancher v2.7.2 and above. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as rancher2 from "@pulumi/rancher2"; + * + * // Custom PSACT (if you wish to use your own) + * const fooPodSecurityAdmissionConfigurationTemplate = new rancher2.PodSecurityAdmissionConfigurationTemplate("fooPodSecurityAdmissionConfigurationTemplate", { + * defaults: { + * audit: "restricted", + * auditVersion: "latest", + * enforce: "restricted", + * enforceVersion: "latest", + * warn: "restricted", + * warnVersion: "latest", + * }, + * description: "This is my custom Pod Security Admission Configuration Template", + * exemptions: { + * namespaces: [ + * "ingress-nginx", + * "kube-system", + * ], + * runtimeClasses: ["testclass"], + * usernames: ["testuser"], + * }, + * }); + * const fooCluster = new rancher2.Cluster("fooCluster", { + * defaultPodSecurityAdmissionConfigurationTemplateName: "", + * description: "Terraform cluster with PSACT", + * rkeConfig: { + * network: { + * plugin: "canal", + * }, + * }, + * }); + * ``` + * + * * ### Importing EKS cluster to Rancher v2, using `eksConfigV2`. For Rancher v2.5.x and above. * * @@ -369,16 +408,16 @@ import * as utilities from "./utilities"; * const fooCloudCredential = new rancher2.CloudCredential("fooCloudCredential", { * description: "foo test", * amazonec2CredentialConfig: { - * accessKey: "", - * secretKey: "", + * accessKey: "", + * secretKey: "", * }, * }); * const fooCluster = new rancher2.Cluster("fooCluster", { * description: "Terraform EKS cluster", * eksConfigV2: { * cloudCredentialId: fooCloudCredential.id, - * name: "", - * region: "", + * name: "", + * region: "", * imported: true, * }, * }); @@ -395,8 +434,8 @@ import * as utilities from "./utilities"; * const fooCloudCredential = new rancher2.CloudCredential("fooCloudCredential", { * description: "foo test", * amazonec2CredentialConfig: { - * accessKey: "", - * secretKey: "", + * accessKey: "", + * secretKey: "", * }, * }); * const fooCluster = new rancher2.Cluster("fooCluster", { @@ -433,6 +472,8 @@ import * as utilities from "./utilities"; * * ### Creating EKS cluster from Rancher v2, using `eksConfigV2` and launch template. For Rancher v2.5.6 and above. * + * Note: To use `launchTemplate` you must provide the ID (seen as ``) to the template either as a static value. Or fetched via AWS data-source using one of: awsAmi first and provide the ID to that. + * * * ```typescript * import * as pulumi from "@pulumi/pulumi"; @@ -441,8 +482,8 @@ import * as utilities from "./utilities"; * const fooCloudCredential = new rancher2.CloudCredential("fooCloudCredential", { * description: "foo test", * amazonec2CredentialConfig: { - * accessKey: "", - * secretKey: "", + * accessKey: "", + * secretKey: "", * }, * }); * const fooCluster = new rancher2.Cluster("fooCluster", { @@ -460,7 +501,7 @@ import * as utilities from "./utilities"; * maxSize: 5, * name: "node_group1", * launchTemplates: [{ - * id: "", + * id: "", * version: 1, * }], * }], @@ -479,19 +520,19 @@ import * as utilities from "./utilities"; * import * as rancher2 from "@pulumi/rancher2"; * * const foo_aks = new rancher2.CloudCredential("foo-aks", {azureCredentialConfig: { - * clientId: "", - * clientSecret: "", - * subscriptionId: "", + * clientId: "", + * clientSecret: "", + * subscriptionId: "", * }}); * const foo = new rancher2.Cluster("foo", { * description: "Terraform AKS cluster", * aksConfigV2: { * cloudCredentialId: foo_aks.id, - * resourceGroup: "", - * resourceLocation: "", - * dnsPrefix: "", + * resourceGroup: "", + * resourceLocation: "", + * dnsPrefix: "", * kubernetesVersion: "1.24.6", - * networkPlugin: "", + * networkPlugin: "", * nodePools: [ * { * availabilityZones: [ @@ -499,7 +540,7 @@ import * as utilities from "./utilities"; * "2", * "3", * ], - * name: "", + * name: "", * mode: "System", * count: 1, * orchestratorVersion: "1.21.2", @@ -512,7 +553,7 @@ import * as utilities from "./utilities"; * "2", * "3", * ], - * name: "", + * name: "", * count: 1, * mode: "User", * orchestratorVersion: "1.21.2", @@ -620,7 +661,7 @@ export class Cluster extends pulumi.CustomResource { */ public readonly clusterTemplateRevisionId!: pulumi.Output; /** - * Cluster default pod security admission configuration template name (string) + * The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) */ public readonly defaultPodSecurityAdmissionConfigurationTemplateName!: pulumi.Output; /** @@ -896,7 +937,7 @@ export interface ClusterState { */ clusterTemplateRevisionId?: pulumi.Input; /** - * Cluster default pod security admission configuration template name (string) + * The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) */ defaultPodSecurityAdmissionConfigurationTemplateName?: pulumi.Input; /** @@ -1060,7 +1101,7 @@ export interface ClusterArgs { */ clusterTemplateRevisionId?: pulumi.Input; /** - * Cluster default pod security admission configuration template name (string) + * The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) */ defaultPodSecurityAdmissionConfigurationTemplateName?: pulumi.Input; /** diff --git a/sdk/nodejs/getPodSecurityAdmissionConfigurationTemplate.ts b/sdk/nodejs/getPodSecurityAdmissionConfigurationTemplate.ts new file mode 100644 index 000000000..ad3159403 --- /dev/null +++ b/sdk/nodejs/getPodSecurityAdmissionConfigurationTemplate.ts @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "./types/input"; +import * as outputs from "./types/output"; +import * as utilities from "./utilities"; + +export function getPodSecurityAdmissionConfigurationTemplate(args: GetPodSecurityAdmissionConfigurationTemplateArgs, opts?: pulumi.InvokeOptions): Promise { + + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate", { + "annotations": args.annotations, + "labels": args.labels, + "name": args.name, + }, opts); +} + +/** + * A collection of arguments for invoking getPodSecurityAdmissionConfigurationTemplate. + */ +export interface GetPodSecurityAdmissionConfigurationTemplateArgs { + annotations?: {[key: string]: any}; + labels?: {[key: string]: any}; + name: string; +} + +/** + * A collection of values returned by getPodSecurityAdmissionConfigurationTemplate. + */ +export interface GetPodSecurityAdmissionConfigurationTemplateResult { + readonly annotations: {[key: string]: any}; + readonly defaults: outputs.GetPodSecurityAdmissionConfigurationTemplateDefaults; + readonly description: string; + readonly exemptions: outputs.GetPodSecurityAdmissionConfigurationTemplateExemptions; + /** + * The provider-assigned unique ID for this managed resource. + */ + readonly id: string; + readonly labels: {[key: string]: any}; + readonly name: string; +} +export function getPodSecurityAdmissionConfigurationTemplateOutput(args: GetPodSecurityAdmissionConfigurationTemplateOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + return pulumi.output(args).apply((a: any) => getPodSecurityAdmissionConfigurationTemplate(a, opts)) +} + +/** + * A collection of arguments for invoking getPodSecurityAdmissionConfigurationTemplate. + */ +export interface GetPodSecurityAdmissionConfigurationTemplateOutputArgs { + annotations?: pulumi.Input<{[key: string]: any}>; + labels?: pulumi.Input<{[key: string]: any}>; + name: pulumi.Input; +} diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index 370f86a3c..787fa75ec 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -260,6 +260,11 @@ export const getNotifier: typeof import("./getNotifier").getNotifier = null as a export const getNotifierOutput: typeof import("./getNotifier").getNotifierOutput = null as any; utilities.lazyLoad(exports, ["getNotifier","getNotifierOutput"], () => require("./getNotifier")); +export { GetPodSecurityAdmissionConfigurationTemplateArgs, GetPodSecurityAdmissionConfigurationTemplateResult, GetPodSecurityAdmissionConfigurationTemplateOutputArgs } from "./getPodSecurityAdmissionConfigurationTemplate"; +export const getPodSecurityAdmissionConfigurationTemplate: typeof import("./getPodSecurityAdmissionConfigurationTemplate").getPodSecurityAdmissionConfigurationTemplate = null as any; +export const getPodSecurityAdmissionConfigurationTemplateOutput: typeof import("./getPodSecurityAdmissionConfigurationTemplate").getPodSecurityAdmissionConfigurationTemplateOutput = null as any; +utilities.lazyLoad(exports, ["getPodSecurityAdmissionConfigurationTemplate","getPodSecurityAdmissionConfigurationTemplateOutput"], () => require("./getPodSecurityAdmissionConfigurationTemplate")); + export { GetPodSecurityPolicyTemplateArgs, GetPodSecurityPolicyTemplateResult, GetPodSecurityPolicyTemplateOutputArgs } from "./getPodSecurityPolicyTemplate"; export const getPodSecurityPolicyTemplate: typeof import("./getPodSecurityPolicyTemplate").getPodSecurityPolicyTemplate = null as any; export const getPodSecurityPolicyTemplateOutput: typeof import("./getPodSecurityPolicyTemplate").getPodSecurityPolicyTemplateOutput = null as any; @@ -380,6 +385,11 @@ export type Notifier = import("./notifier").Notifier; export const Notifier: typeof import("./notifier").Notifier = null as any; utilities.lazyLoad(exports, ["Notifier"], () => require("./notifier")); +export { PodSecurityAdmissionConfigurationTemplateArgs, PodSecurityAdmissionConfigurationTemplateState } from "./podSecurityAdmissionConfigurationTemplate"; +export type PodSecurityAdmissionConfigurationTemplate = import("./podSecurityAdmissionConfigurationTemplate").PodSecurityAdmissionConfigurationTemplate; +export const PodSecurityAdmissionConfigurationTemplate: typeof import("./podSecurityAdmissionConfigurationTemplate").PodSecurityAdmissionConfigurationTemplate = null as any; +utilities.lazyLoad(exports, ["PodSecurityAdmissionConfigurationTemplate"], () => require("./podSecurityAdmissionConfigurationTemplate")); + export { PodSecurityPolicyTemplateArgs, PodSecurityPolicyTemplateState } from "./podSecurityPolicyTemplate"; export type PodSecurityPolicyTemplate = import("./podSecurityPolicyTemplate").PodSecurityPolicyTemplate; export const PodSecurityPolicyTemplate: typeof import("./podSecurityPolicyTemplate").PodSecurityPolicyTemplate = null as any; @@ -542,6 +552,8 @@ const _module = { return new NodeTemplate(name, undefined, { urn }) case "rancher2:index/notifier:Notifier": return new Notifier(name, undefined, { urn }) + case "rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate": + return new PodSecurityAdmissionConfigurationTemplate(name, undefined, { urn }) case "rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate": return new PodSecurityPolicyTemplate(name, undefined, { urn }) case "rancher2:index/project:Project": @@ -612,6 +624,7 @@ pulumi.runtime.registerResourceModule("rancher2", "index/nodeDriver", _module) pulumi.runtime.registerResourceModule("rancher2", "index/nodePool", _module) pulumi.runtime.registerResourceModule("rancher2", "index/nodeTemplate", _module) pulumi.runtime.registerResourceModule("rancher2", "index/notifier", _module) +pulumi.runtime.registerResourceModule("rancher2", "index/podSecurityAdmissionConfigurationTemplate", _module) pulumi.runtime.registerResourceModule("rancher2", "index/podSecurityPolicyTemplate", _module) pulumi.runtime.registerResourceModule("rancher2", "index/project", _module) pulumi.runtime.registerResourceModule("rancher2", "index/projectAlertGroup", _module) diff --git a/sdk/nodejs/podSecurityAdmissionConfigurationTemplate.ts b/sdk/nodejs/podSecurityAdmissionConfigurationTemplate.ts new file mode 100644 index 000000000..5a03a0af4 --- /dev/null +++ b/sdk/nodejs/podSecurityAdmissionConfigurationTemplate.ts @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "./types/input"; +import * as outputs from "./types/output"; +import * as utilities from "./utilities"; + +export class PodSecurityAdmissionConfigurationTemplate extends pulumi.CustomResource { + /** + * Get an existing PodSecurityAdmissionConfigurationTemplate resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: PodSecurityAdmissionConfigurationTemplateState, opts?: pulumi.CustomResourceOptions): PodSecurityAdmissionConfigurationTemplate { + return new PodSecurityAdmissionConfigurationTemplate(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate'; + + /** + * Returns true if the given object is an instance of PodSecurityAdmissionConfigurationTemplate. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is PodSecurityAdmissionConfigurationTemplate { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === PodSecurityAdmissionConfigurationTemplate.__pulumiType; + } + + /** + * Annotations of the resource + */ + public readonly annotations!: pulumi.Output<{[key: string]: any}>; + /** + * defaults allows the user to define admission control mode for Pod Security + */ + public readonly defaults!: pulumi.Output; + /** + * Pod Security Admission Configuration template description + */ + public readonly description!: pulumi.Output; + /** + * exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + */ + public readonly exemptions!: pulumi.Output; + /** + * Labels of the resource + */ + public readonly labels!: pulumi.Output<{[key: string]: any}>; + /** + * Pod Security Admission Configuration template name + */ + public readonly name!: pulumi.Output; + + /** + * Create a PodSecurityAdmissionConfigurationTemplate resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: PodSecurityAdmissionConfigurationTemplateArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: PodSecurityAdmissionConfigurationTemplateArgs | PodSecurityAdmissionConfigurationTemplateState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as PodSecurityAdmissionConfigurationTemplateState | undefined; + resourceInputs["annotations"] = state ? state.annotations : undefined; + resourceInputs["defaults"] = state ? state.defaults : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["exemptions"] = state ? state.exemptions : undefined; + resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["name"] = state ? state.name : undefined; + } else { + const args = argsOrState as PodSecurityAdmissionConfigurationTemplateArgs | undefined; + if ((!args || args.defaults === undefined) && !opts.urn) { + throw new Error("Missing required property 'defaults'"); + } + resourceInputs["annotations"] = args ? args.annotations : undefined; + resourceInputs["defaults"] = args ? args.defaults : undefined; + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["exemptions"] = args ? args.exemptions : undefined; + resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["name"] = args ? args.name : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(PodSecurityAdmissionConfigurationTemplate.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering PodSecurityAdmissionConfigurationTemplate resources. + */ +export interface PodSecurityAdmissionConfigurationTemplateState { + /** + * Annotations of the resource + */ + annotations?: pulumi.Input<{[key: string]: any}>; + /** + * defaults allows the user to define admission control mode for Pod Security + */ + defaults?: pulumi.Input; + /** + * Pod Security Admission Configuration template description + */ + description?: pulumi.Input; + /** + * exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + */ + exemptions?: pulumi.Input; + /** + * Labels of the resource + */ + labels?: pulumi.Input<{[key: string]: any}>; + /** + * Pod Security Admission Configuration template name + */ + name?: pulumi.Input; +} + +/** + * The set of arguments for constructing a PodSecurityAdmissionConfigurationTemplate resource. + */ +export interface PodSecurityAdmissionConfigurationTemplateArgs { + /** + * Annotations of the resource + */ + annotations?: pulumi.Input<{[key: string]: any}>; + /** + * defaults allows the user to define admission control mode for Pod Security + */ + defaults: pulumi.Input; + /** + * Pod Security Admission Configuration template description + */ + description?: pulumi.Input; + /** + * exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + * prohibited + */ + exemptions?: pulumi.Input; + /** + * Labels of the resource + */ + labels?: pulumi.Input<{[key: string]: any}>; + /** + * Pod Security Admission Configuration template name + */ + name?: pulumi.Input; +} diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 33b93e826..cbaa5274e 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -66,6 +66,7 @@ "getNodePool.ts", "getNodeTemplate.ts", "getNotifier.ts", + "getPodSecurityAdmissionConfigurationTemplate.ts", "getPodSecurityPolicyTemplate.ts", "getPrincipal.ts", "getProject.ts", @@ -91,6 +92,7 @@ "nodePool.ts", "nodeTemplate.ts", "notifier.ts", + "podSecurityAdmissionConfigurationTemplate.ts", "podSecurityPolicyTemplate.ts", "project.ts", "projectAlertGroup.ts", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index 629623b27..db8c3634d 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -7896,6 +7896,48 @@ export interface NotifierWechatConfig { secret: pulumi.Input; } +export interface PodSecurityAdmissionConfigurationTemplateDefaults { + /** + * Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + audit?: pulumi.Input; + /** + * Pod Security Admission Configuration audit version (default: latest) + */ + auditVersion?: pulumi.Input; + /** + * Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + enforce?: pulumi.Input; + /** + * Pod Security Admission Configuration enforce version (default: latest) + */ + enforceVersion?: pulumi.Input; + /** + * Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + warn?: pulumi.Input; + /** + * Pod Security Admission Configuration warn version (default: latest) + */ + warnVersion?: pulumi.Input; +} + +export interface PodSecurityAdmissionConfigurationTemplateExemptions { + /** + * Pod Security Admission Configuration namespace exemptions + */ + namespaces?: pulumi.Input[]>; + /** + * Pod Security Admission Configuration runtime class exemptions + */ + runtimeClasses?: pulumi.Input[]>; + /** + * Pod Security Admission Configuration username exemptions + */ + usernames?: pulumi.Input[]>; +} + export interface PodSecurityPolicyTemplateAllowedCsiDriver { /** * The name of the PodSecurityPolicyTemplate (string) diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 982986cb8..22049a214 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -9418,6 +9418,48 @@ export interface GetNotifierWechatConfig { secret: string; } +export interface GetPodSecurityAdmissionConfigurationTemplateDefaults { + /** + * Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + audit?: string; + /** + * Pod Security Admission Configuration audit version (default: latest) + */ + auditVersion?: string; + /** + * Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + enforce?: string; + /** + * Pod Security Admission Configuration enforce version (default: latest) + */ + enforceVersion?: string; + /** + * Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + warn?: string; + /** + * Pod Security Admission Configuration warn version (default: latest) + */ + warnVersion?: string; +} + +export interface GetPodSecurityAdmissionConfigurationTemplateExemptions { + /** + * Pod Security Admission Configuration namespace exemptions + */ + namespaces?: string[]; + /** + * Pod Security Admission Configuration runtime class exemptions + */ + runtimeClasses?: string[]; + /** + * Pod Security Admission Configuration username exemptions + */ + usernames?: string[]; +} + export interface GetPodSecurityPolicyTemplateAllowedCsiDriver { /** * The name of the PodSecurityPolicyTemplate (string) @@ -11826,6 +11868,48 @@ export interface NotifierWechatConfig { secret: string; } +export interface PodSecurityAdmissionConfigurationTemplateDefaults { + /** + * Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + audit?: string; + /** + * Pod Security Admission Configuration audit version (default: latest) + */ + auditVersion?: string; + /** + * Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + enforce?: string; + /** + * Pod Security Admission Configuration enforce version (default: latest) + */ + enforceVersion?: string; + /** + * Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + */ + warn?: string; + /** + * Pod Security Admission Configuration warn version (default: latest) + */ + warnVersion?: string; +} + +export interface PodSecurityAdmissionConfigurationTemplateExemptions { + /** + * Pod Security Admission Configuration namespace exemptions + */ + namespaces?: string[]; + /** + * Pod Security Admission Configuration runtime class exemptions + */ + runtimeClasses?: string[]; + /** + * Pod Security Admission Configuration username exemptions + */ + usernames?: string[]; +} + export interface PodSecurityPolicyTemplateAllowedCsiDriver { /** * The name of the PodSecurityPolicyTemplate (string) diff --git a/sdk/python/pulumi_rancher2/__init__.py b/sdk/python/pulumi_rancher2/__init__.py index 8f2af4b46..7c17acb5a 100644 --- a/sdk/python/pulumi_rancher2/__init__.py +++ b/sdk/python/pulumi_rancher2/__init__.py @@ -56,6 +56,7 @@ from .get_node_pool import * from .get_node_template import * from .get_notifier import * +from .get_pod_security_admission_configuration_template import * from .get_pod_security_policy_template import * from .get_principal import * from .get_project import * @@ -80,6 +81,7 @@ from .node_pool import * from .node_template import * from .notifier import * +from .pod_security_admission_configuration_template import * from .pod_security_policy_template import * from .project import * from .project_alert_group import * @@ -419,6 +421,14 @@ "rancher2:index/notifier:Notifier": "Notifier" } }, + { + "pkg": "rancher2", + "mod": "index/podSecurityAdmissionConfigurationTemplate", + "fqn": "pulumi_rancher2", + "classes": { + "rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate": "PodSecurityAdmissionConfigurationTemplate" + } + }, { "pkg": "rancher2", "mod": "index/podSecurityPolicyTemplate", diff --git a/sdk/python/pulumi_rancher2/_inputs.py b/sdk/python/pulumi_rancher2/_inputs.py index d8f0f3683..24613b403 100644 --- a/sdk/python/pulumi_rancher2/_inputs.py +++ b/sdk/python/pulumi_rancher2/_inputs.py @@ -268,6 +268,8 @@ 'NotifierSmtpConfigArgs', 'NotifierWebhookConfigArgs', 'NotifierWechatConfigArgs', + 'PodSecurityAdmissionConfigurationTemplateDefaultsArgs', + 'PodSecurityAdmissionConfigurationTemplateExemptionsArgs', 'PodSecurityPolicyTemplateAllowedCsiDriverArgs', 'PodSecurityPolicyTemplateAllowedFlexVolumeArgs', 'PodSecurityPolicyTemplateAllowedHostPathArgs', @@ -31446,6 +31448,164 @@ def recipient_type(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "recipient_type", value) +@pulumi.input_type +class PodSecurityAdmissionConfigurationTemplateDefaultsArgs: + def __init__(__self__, *, + audit: Optional[pulumi.Input[str]] = None, + audit_version: Optional[pulumi.Input[str]] = None, + enforce: Optional[pulumi.Input[str]] = None, + enforce_version: Optional[pulumi.Input[str]] = None, + warn: Optional[pulumi.Input[str]] = None, + warn_version: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] audit: Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param pulumi.Input[str] audit_version: Pod Security Admission Configuration audit version (default: latest) + :param pulumi.Input[str] enforce: Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param pulumi.Input[str] enforce_version: Pod Security Admission Configuration enforce version (default: latest) + :param pulumi.Input[str] warn: Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param pulumi.Input[str] warn_version: Pod Security Admission Configuration warn version (default: latest) + """ + if audit is not None: + pulumi.set(__self__, "audit", audit) + if audit_version is not None: + pulumi.set(__self__, "audit_version", audit_version) + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if enforce_version is not None: + pulumi.set(__self__, "enforce_version", enforce_version) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warn_version is not None: + pulumi.set(__self__, "warn_version", warn_version) + + @property + @pulumi.getter + def audit(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "audit") + + @audit.setter + def audit(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "audit", value) + + @property + @pulumi.getter(name="auditVersion") + def audit_version(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration audit version (default: latest) + """ + return pulumi.get(self, "audit_version") + + @audit_version.setter + def audit_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "audit_version", value) + + @property + @pulumi.getter + def enforce(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "enforce") + + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "enforce", value) + + @property + @pulumi.getter(name="enforceVersion") + def enforce_version(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration enforce version (default: latest) + """ + return pulumi.get(self, "enforce_version") + + @enforce_version.setter + def enforce_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "enforce_version", value) + + @property + @pulumi.getter + def warn(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "warn") + + @warn.setter + def warn(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "warn", value) + + @property + @pulumi.getter(name="warnVersion") + def warn_version(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration warn version (default: latest) + """ + return pulumi.get(self, "warn_version") + + @warn_version.setter + def warn_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "warn_version", value) + + +@pulumi.input_type +class PodSecurityAdmissionConfigurationTemplateExemptionsArgs: + def __init__(__self__, *, + namespaces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + runtime_classes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + usernames: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] namespaces: Pod Security Admission Configuration namespace exemptions + :param pulumi.Input[Sequence[pulumi.Input[str]]] runtime_classes: Pod Security Admission Configuration runtime class exemptions + :param pulumi.Input[Sequence[pulumi.Input[str]]] usernames: Pod Security Admission Configuration username exemptions + """ + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + if runtime_classes is not None: + pulumi.set(__self__, "runtime_classes", runtime_classes) + if usernames is not None: + pulumi.set(__self__, "usernames", usernames) + + @property + @pulumi.getter + def namespaces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Pod Security Admission Configuration namespace exemptions + """ + return pulumi.get(self, "namespaces") + + @namespaces.setter + def namespaces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "namespaces", value) + + @property + @pulumi.getter(name="runtimeClasses") + def runtime_classes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Pod Security Admission Configuration runtime class exemptions + """ + return pulumi.get(self, "runtime_classes") + + @runtime_classes.setter + def runtime_classes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "runtime_classes", value) + + @property + @pulumi.getter + def usernames(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Pod Security Admission Configuration username exemptions + """ + return pulumi.get(self, "usernames") + + @usernames.setter + def usernames(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "usernames", value) + + @pulumi.input_type class PodSecurityPolicyTemplateAllowedCsiDriverArgs: def __init__(__self__, *, diff --git a/sdk/python/pulumi_rancher2/cluster.py b/sdk/python/pulumi_rancher2/cluster.py index af914cf9e..87d443620 100644 --- a/sdk/python/pulumi_rancher2/cluster.py +++ b/sdk/python/pulumi_rancher2/cluster.py @@ -63,7 +63,7 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster_template_id: Cluster template ID. For Rancher v2.3.x and above (string) :param pulumi.Input[Sequence[pulumi.Input['ClusterClusterTemplateQuestionArgs']]] cluster_template_questions: Cluster template questions. For Rancher v2.3.x and above (list) :param pulumi.Input[str] cluster_template_revision_id: Cluster template revision ID. For Rancher v2.3.x and above (string) - :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: Cluster default pod security admission configuration template name (string) + :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) :param pulumi.Input[str] default_pod_security_policy_template_id: [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) :param pulumi.Input[str] description: The description for Cluster (string) :param pulumi.Input[str] desired_agent_image: Desired agent image. For Rancher v2.3.x and above (string) @@ -292,7 +292,7 @@ def cluster_template_revision_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="defaultPodSecurityAdmissionConfigurationTemplateName") def default_pod_security_admission_configuration_template_name(self) -> Optional[pulumi.Input[str]]: """ - Cluster default pod security admission configuration template name (string) + The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) """ return pulumi.get(self, "default_pod_security_admission_configuration_template_name") @@ -624,7 +624,7 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster_template_id: Cluster template ID. For Rancher v2.3.x and above (string) :param pulumi.Input[Sequence[pulumi.Input['ClusterClusterTemplateQuestionArgs']]] cluster_template_questions: Cluster template questions. For Rancher v2.3.x and above (list) :param pulumi.Input[str] cluster_template_revision_id: Cluster template revision ID. For Rancher v2.3.x and above (string) - :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: Cluster default pod security admission configuration template name (string) + :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) :param pulumi.Input[str] default_pod_security_policy_template_id: [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) :param pulumi.Input[str] default_project_id: (Computed) Default project ID for the cluster (string) :param pulumi.Input[str] description: The description for Cluster (string) @@ -899,7 +899,7 @@ def cluster_template_revision_id(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="defaultPodSecurityAdmissionConfigurationTemplateName") def default_pod_security_admission_configuration_template_name(self) -> Optional[pulumi.Input[str]]: """ - Cluster default pod security admission configuration template name (string) + The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) """ return pulumi.get(self, "default_pod_security_admission_configuration_template_name") @@ -1616,6 +1616,43 @@ def __init__(__self__, ``` + ### Creating Rancher v2 RKE cluster with Pod Security Admission Configuration Template (PSACT). For Rancher v2.7.2 and above. + + + ```python + import pulumi + import pulumi_rancher2 as rancher2 + + # Custom PSACT (if you wish to use your own) + foo_pod_security_admission_configuration_template = rancher2.PodSecurityAdmissionConfigurationTemplate("fooPodSecurityAdmissionConfigurationTemplate", + defaults=rancher2.PodSecurityAdmissionConfigurationTemplateDefaultsArgs( + audit="restricted", + audit_version="latest", + enforce="restricted", + enforce_version="latest", + warn="restricted", + warn_version="latest", + ), + description="This is my custom Pod Security Admission Configuration Template", + exemptions=rancher2.PodSecurityAdmissionConfigurationTemplateExemptionsArgs( + namespaces=[ + "ingress-nginx", + "kube-system", + ], + runtime_classes=["testclass"], + usernames=["testuser"], + )) + foo_cluster = rancher2.Cluster("fooCluster", + default_pod_security_admission_configuration_template_name="", + description="Terraform cluster with PSACT", + rke_config=rancher2.ClusterRkeConfigArgs( + network=rancher2.ClusterRkeConfigNetworkArgs( + plugin="canal", + ), + )) + ``` + + ### Importing EKS cluster to Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above. @@ -1626,15 +1663,15 @@ def __init__(__self__, foo_cloud_credential = rancher2.CloudCredential("fooCloudCredential", description="foo test", amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs( - access_key="", - secret_key="", + access_key="", + secret_key="", )) foo_cluster = rancher2.Cluster("fooCluster", description="Terraform EKS cluster", eks_config_v2=rancher2.ClusterEksConfigV2Args( cloud_credential_id=foo_cloud_credential.id, - name="", - region="", + name="", + region="", imported=True, )) ``` @@ -1650,8 +1687,8 @@ def __init__(__self__, foo_cloud_credential = rancher2.CloudCredential("fooCloudCredential", description="foo test", amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs( - access_key="", - secret_key="", + access_key="", + secret_key="", )) foo_cluster = rancher2.Cluster("fooCluster", description="Terraform EKS cluster", @@ -1686,6 +1723,8 @@ def __init__(__self__, ### Creating EKS cluster from Rancher v2, using `eks_config_v2` and launch template. For Rancher v2.5.6 and above. + Note: To use `launch_template` you must provide the ID (seen as ``) to the template either as a static value. Or fetched via AWS data-source using one of: aws_ami first and provide the ID to that. + ```python import pulumi @@ -1694,8 +1733,8 @@ def __init__(__self__, foo_cloud_credential = rancher2.CloudCredential("fooCloudCredential", description="foo test", amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs( - access_key="", - secret_key="", + access_key="", + secret_key="", )) foo_cluster = rancher2.Cluster("fooCluster", description="Terraform EKS cluster", @@ -1712,7 +1751,7 @@ def __init__(__self__, max_size=5, name="node_group1", launch_templates=[rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArgs( - id="", + id="", version=1, )], )], @@ -1730,19 +1769,19 @@ def __init__(__self__, import pulumi_rancher2 as rancher2 foo_aks = rancher2.CloudCredential("foo-aks", azure_credential_config=rancher2.CloudCredentialAzureCredentialConfigArgs( - client_id="", - client_secret="", - subscription_id="", + client_id="", + client_secret="", + subscription_id="", )) foo = rancher2.Cluster("foo", description="Terraform AKS cluster", aks_config_v2=rancher2.ClusterAksConfigV2Args( cloud_credential_id=foo_aks.id, - resource_group="", - resource_location="", - dns_prefix="", + resource_group="", + resource_location="", + dns_prefix="", kubernetes_version="1.24.6", - network_plugin="", + network_plugin="", node_pools=[ rancher2.ClusterAksConfigV2NodePoolArgs( availability_zones=[ @@ -1750,7 +1789,7 @@ def __init__(__self__, "2", "3", ], - name="", + name="", mode="System", count=1, orchestrator_version="1.21.2", @@ -1763,7 +1802,7 @@ def __init__(__self__, "2", "3", ], - name="", + name="", count=1, mode="User", orchestrator_version="1.21.2", @@ -1802,7 +1841,7 @@ def __init__(__self__, :param pulumi.Input[str] cluster_template_id: Cluster template ID. For Rancher v2.3.x and above (string) :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ClusterClusterTemplateQuestionArgs']]]] cluster_template_questions: Cluster template questions. For Rancher v2.3.x and above (list) :param pulumi.Input[str] cluster_template_revision_id: Cluster template revision ID. For Rancher v2.3.x and above (string) - :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: Cluster default pod security admission configuration template name (string) + :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) :param pulumi.Input[str] default_pod_security_policy_template_id: [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) :param pulumi.Input[str] description: The description for Cluster (string) :param pulumi.Input[str] desired_agent_image: Desired agent image. For Rancher v2.3.x and above (string) @@ -2173,6 +2212,43 @@ def __init__(__self__, ``` + ### Creating Rancher v2 RKE cluster with Pod Security Admission Configuration Template (PSACT). For Rancher v2.7.2 and above. + + + ```python + import pulumi + import pulumi_rancher2 as rancher2 + + # Custom PSACT (if you wish to use your own) + foo_pod_security_admission_configuration_template = rancher2.PodSecurityAdmissionConfigurationTemplate("fooPodSecurityAdmissionConfigurationTemplate", + defaults=rancher2.PodSecurityAdmissionConfigurationTemplateDefaultsArgs( + audit="restricted", + audit_version="latest", + enforce="restricted", + enforce_version="latest", + warn="restricted", + warn_version="latest", + ), + description="This is my custom Pod Security Admission Configuration Template", + exemptions=rancher2.PodSecurityAdmissionConfigurationTemplateExemptionsArgs( + namespaces=[ + "ingress-nginx", + "kube-system", + ], + runtime_classes=["testclass"], + usernames=["testuser"], + )) + foo_cluster = rancher2.Cluster("fooCluster", + default_pod_security_admission_configuration_template_name="", + description="Terraform cluster with PSACT", + rke_config=rancher2.ClusterRkeConfigArgs( + network=rancher2.ClusterRkeConfigNetworkArgs( + plugin="canal", + ), + )) + ``` + + ### Importing EKS cluster to Rancher v2, using `eks_config_v2`. For Rancher v2.5.x and above. @@ -2183,15 +2259,15 @@ def __init__(__self__, foo_cloud_credential = rancher2.CloudCredential("fooCloudCredential", description="foo test", amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs( - access_key="", - secret_key="", + access_key="", + secret_key="", )) foo_cluster = rancher2.Cluster("fooCluster", description="Terraform EKS cluster", eks_config_v2=rancher2.ClusterEksConfigV2Args( cloud_credential_id=foo_cloud_credential.id, - name="", - region="", + name="", + region="", imported=True, )) ``` @@ -2207,8 +2283,8 @@ def __init__(__self__, foo_cloud_credential = rancher2.CloudCredential("fooCloudCredential", description="foo test", amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs( - access_key="", - secret_key="", + access_key="", + secret_key="", )) foo_cluster = rancher2.Cluster("fooCluster", description="Terraform EKS cluster", @@ -2243,6 +2319,8 @@ def __init__(__self__, ### Creating EKS cluster from Rancher v2, using `eks_config_v2` and launch template. For Rancher v2.5.6 and above. + Note: To use `launch_template` you must provide the ID (seen as ``) to the template either as a static value. Or fetched via AWS data-source using one of: aws_ami first and provide the ID to that. + ```python import pulumi @@ -2251,8 +2329,8 @@ def __init__(__self__, foo_cloud_credential = rancher2.CloudCredential("fooCloudCredential", description="foo test", amazonec2_credential_config=rancher2.CloudCredentialAmazonec2CredentialConfigArgs( - access_key="", - secret_key="", + access_key="", + secret_key="", )) foo_cluster = rancher2.Cluster("fooCluster", description="Terraform EKS cluster", @@ -2269,7 +2347,7 @@ def __init__(__self__, max_size=5, name="node_group1", launch_templates=[rancher2.ClusterEksConfigV2NodeGroupLaunchTemplateArgs( - id="", + id="", version=1, )], )], @@ -2287,19 +2365,19 @@ def __init__(__self__, import pulumi_rancher2 as rancher2 foo_aks = rancher2.CloudCredential("foo-aks", azure_credential_config=rancher2.CloudCredentialAzureCredentialConfigArgs( - client_id="", - client_secret="", - subscription_id="", + client_id="", + client_secret="", + subscription_id="", )) foo = rancher2.Cluster("foo", description="Terraform AKS cluster", aks_config_v2=rancher2.ClusterAksConfigV2Args( cloud_credential_id=foo_aks.id, - resource_group="", - resource_location="", - dns_prefix="", + resource_group="", + resource_location="", + dns_prefix="", kubernetes_version="1.24.6", - network_plugin="", + network_plugin="", node_pools=[ rancher2.ClusterAksConfigV2NodePoolArgs( availability_zones=[ @@ -2307,7 +2385,7 @@ def __init__(__self__, "2", "3", ], - name="", + name="", mode="System", count=1, orchestrator_version="1.21.2", @@ -2320,7 +2398,7 @@ def __init__(__self__, "2", "3", ], - name="", + name="", count=1, mode="User", orchestrator_version="1.21.2", @@ -2518,7 +2596,7 @@ def get(resource_name: str, :param pulumi.Input[str] cluster_template_id: Cluster template ID. For Rancher v2.3.x and above (string) :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ClusterClusterTemplateQuestionArgs']]]] cluster_template_questions: Cluster template questions. For Rancher v2.3.x and above (list) :param pulumi.Input[str] cluster_template_revision_id: Cluster template revision ID. For Rancher v2.3.x and above (string) - :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: Cluster default pod security admission configuration template name (string) + :param pulumi.Input[str] default_pod_security_admission_configuration_template_name: The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) :param pulumi.Input[str] default_pod_security_policy_template_id: [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) :param pulumi.Input[str] default_project_id: (Computed) Default project ID for the cluster (string) :param pulumi.Input[str] description: The description for Cluster (string) @@ -2702,7 +2780,7 @@ def cluster_template_revision_id(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="defaultPodSecurityAdmissionConfigurationTemplateName") def default_pod_security_admission_configuration_template_name(self) -> pulumi.Output[str]: """ - Cluster default pod security admission configuration template name (string) + The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) """ return pulumi.get(self, "default_pod_security_admission_configuration_template_name") diff --git a/sdk/python/pulumi_rancher2/get_pod_security_admission_configuration_template.py b/sdk/python/pulumi_rancher2/get_pod_security_admission_configuration_template.py new file mode 100644 index 000000000..e6bb0ec30 --- /dev/null +++ b/sdk/python/pulumi_rancher2/get_pod_security_admission_configuration_template.py @@ -0,0 +1,134 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs + +__all__ = [ + 'GetPodSecurityAdmissionConfigurationTemplateResult', + 'AwaitableGetPodSecurityAdmissionConfigurationTemplateResult', + 'get_pod_security_admission_configuration_template', + 'get_pod_security_admission_configuration_template_output', +] + +@pulumi.output_type +class GetPodSecurityAdmissionConfigurationTemplateResult: + """ + A collection of values returned by getPodSecurityAdmissionConfigurationTemplate. + """ + def __init__(__self__, annotations=None, defaults=None, description=None, exemptions=None, id=None, labels=None, name=None): + if annotations and not isinstance(annotations, dict): + raise TypeError("Expected argument 'annotations' to be a dict") + pulumi.set(__self__, "annotations", annotations) + if defaults and not isinstance(defaults, dict): + raise TypeError("Expected argument 'defaults' to be a dict") + pulumi.set(__self__, "defaults", defaults) + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if exemptions and not isinstance(exemptions, dict): + raise TypeError("Expected argument 'exemptions' to be a dict") + pulumi.set(__self__, "exemptions", exemptions) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if labels and not isinstance(labels, dict): + raise TypeError("Expected argument 'labels' to be a dict") + pulumi.set(__self__, "labels", labels) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def annotations(self) -> Mapping[str, Any]: + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def defaults(self) -> 'outputs.GetPodSecurityAdmissionConfigurationTemplateDefaultsResult': + return pulumi.get(self, "defaults") + + @property + @pulumi.getter + def description(self) -> str: + return pulumi.get(self, "description") + + @property + @pulumi.getter + def exemptions(self) -> 'outputs.GetPodSecurityAdmissionConfigurationTemplateExemptionsResult': + return pulumi.get(self, "exemptions") + + @property + @pulumi.getter + def id(self) -> str: + """ + The provider-assigned unique ID for this managed resource. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def labels(self) -> Mapping[str, Any]: + return pulumi.get(self, "labels") + + @property + @pulumi.getter + def name(self) -> str: + return pulumi.get(self, "name") + + +class AwaitableGetPodSecurityAdmissionConfigurationTemplateResult(GetPodSecurityAdmissionConfigurationTemplateResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetPodSecurityAdmissionConfigurationTemplateResult( + annotations=self.annotations, + defaults=self.defaults, + description=self.description, + exemptions=self.exemptions, + id=self.id, + labels=self.labels, + name=self.name) + + +def get_pod_security_admission_configuration_template(annotations: Optional[Mapping[str, Any]] = None, + labels: Optional[Mapping[str, Any]] = None, + name: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetPodSecurityAdmissionConfigurationTemplateResult: + """ + Use this data source to access information about an existing resource. + """ + __args__ = dict() + __args__['annotations'] = annotations + __args__['labels'] = labels + __args__['name'] = name + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('rancher2:index/getPodSecurityAdmissionConfigurationTemplate:getPodSecurityAdmissionConfigurationTemplate', __args__, opts=opts, typ=GetPodSecurityAdmissionConfigurationTemplateResult).value + + return AwaitableGetPodSecurityAdmissionConfigurationTemplateResult( + annotations=pulumi.get(__ret__, 'annotations'), + defaults=pulumi.get(__ret__, 'defaults'), + description=pulumi.get(__ret__, 'description'), + exemptions=pulumi.get(__ret__, 'exemptions'), + id=pulumi.get(__ret__, 'id'), + labels=pulumi.get(__ret__, 'labels'), + name=pulumi.get(__ret__, 'name')) + + +@_utilities.lift_output_func(get_pod_security_admission_configuration_template) +def get_pod_security_admission_configuration_template_output(annotations: Optional[pulumi.Input[Optional[Mapping[str, Any]]]] = None, + labels: Optional[pulumi.Input[Optional[Mapping[str, Any]]]] = None, + name: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetPodSecurityAdmissionConfigurationTemplateResult]: + """ + Use this data source to access information about an existing resource. + """ + ... diff --git a/sdk/python/pulumi_rancher2/outputs.py b/sdk/python/pulumi_rancher2/outputs.py index 322d72118..7bc6a576a 100644 --- a/sdk/python/pulumi_rancher2/outputs.py +++ b/sdk/python/pulumi_rancher2/outputs.py @@ -269,6 +269,8 @@ 'NotifierSmtpConfig', 'NotifierWebhookConfig', 'NotifierWechatConfig', + 'PodSecurityAdmissionConfigurationTemplateDefaults', + 'PodSecurityAdmissionConfigurationTemplateExemptions', 'PodSecurityPolicyTemplateAllowedCsiDriver', 'PodSecurityPolicyTemplateAllowedFlexVolume', 'PodSecurityPolicyTemplateAllowedHostPath', @@ -512,6 +514,8 @@ 'GetNotifierSmtpConfigResult', 'GetNotifierWebhookConfigResult', 'GetNotifierWechatConfigResult', + 'GetPodSecurityAdmissionConfigurationTemplateDefaultsResult', + 'GetPodSecurityAdmissionConfigurationTemplateExemptionsResult', 'GetPodSecurityPolicyTemplateAllowedCsiDriverResult', 'GetPodSecurityPolicyTemplateAllowedFlexVolumeResult', 'GetPodSecurityPolicyTemplateAllowedHostPathResult', @@ -29637,6 +29641,166 @@ def recipient_type(self) -> Optional[str]: return pulumi.get(self, "recipient_type") +@pulumi.output_type +class PodSecurityAdmissionConfigurationTemplateDefaults(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "auditVersion": + suggest = "audit_version" + elif key == "enforceVersion": + suggest = "enforce_version" + elif key == "warnVersion": + suggest = "warn_version" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PodSecurityAdmissionConfigurationTemplateDefaults. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PodSecurityAdmissionConfigurationTemplateDefaults.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PodSecurityAdmissionConfigurationTemplateDefaults.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + audit: Optional[str] = None, + audit_version: Optional[str] = None, + enforce: Optional[str] = None, + enforce_version: Optional[str] = None, + warn: Optional[str] = None, + warn_version: Optional[str] = None): + """ + :param str audit: Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param str audit_version: Pod Security Admission Configuration audit version (default: latest) + :param str enforce: Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param str enforce_version: Pod Security Admission Configuration enforce version (default: latest) + :param str warn: Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param str warn_version: Pod Security Admission Configuration warn version (default: latest) + """ + if audit is not None: + pulumi.set(__self__, "audit", audit) + if audit_version is not None: + pulumi.set(__self__, "audit_version", audit_version) + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if enforce_version is not None: + pulumi.set(__self__, "enforce_version", enforce_version) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warn_version is not None: + pulumi.set(__self__, "warn_version", warn_version) + + @property + @pulumi.getter + def audit(self) -> Optional[str]: + """ + Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "audit") + + @property + @pulumi.getter(name="auditVersion") + def audit_version(self) -> Optional[str]: + """ + Pod Security Admission Configuration audit version (default: latest) + """ + return pulumi.get(self, "audit_version") + + @property + @pulumi.getter + def enforce(self) -> Optional[str]: + """ + Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "enforce") + + @property + @pulumi.getter(name="enforceVersion") + def enforce_version(self) -> Optional[str]: + """ + Pod Security Admission Configuration enforce version (default: latest) + """ + return pulumi.get(self, "enforce_version") + + @property + @pulumi.getter + def warn(self) -> Optional[str]: + """ + Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "warn") + + @property + @pulumi.getter(name="warnVersion") + def warn_version(self) -> Optional[str]: + """ + Pod Security Admission Configuration warn version (default: latest) + """ + return pulumi.get(self, "warn_version") + + +@pulumi.output_type +class PodSecurityAdmissionConfigurationTemplateExemptions(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "runtimeClasses": + suggest = "runtime_classes" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PodSecurityAdmissionConfigurationTemplateExemptions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PodSecurityAdmissionConfigurationTemplateExemptions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PodSecurityAdmissionConfigurationTemplateExemptions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + namespaces: Optional[Sequence[str]] = None, + runtime_classes: Optional[Sequence[str]] = None, + usernames: Optional[Sequence[str]] = None): + """ + :param Sequence[str] namespaces: Pod Security Admission Configuration namespace exemptions + :param Sequence[str] runtime_classes: Pod Security Admission Configuration runtime class exemptions + :param Sequence[str] usernames: Pod Security Admission Configuration username exemptions + """ + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + if runtime_classes is not None: + pulumi.set(__self__, "runtime_classes", runtime_classes) + if usernames is not None: + pulumi.set(__self__, "usernames", usernames) + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + Pod Security Admission Configuration namespace exemptions + """ + return pulumi.get(self, "namespaces") + + @property + @pulumi.getter(name="runtimeClasses") + def runtime_classes(self) -> Optional[Sequence[str]]: + """ + Pod Security Admission Configuration runtime class exemptions + """ + return pulumi.get(self, "runtime_classes") + + @property + @pulumi.getter + def usernames(self) -> Optional[Sequence[str]]: + """ + Pod Security Admission Configuration username exemptions + """ + return pulumi.get(self, "usernames") + + @pulumi.output_type class PodSecurityPolicyTemplateAllowedCsiDriver(dict): def __init__(__self__, *, @@ -45732,6 +45896,128 @@ def recipient_type(self) -> Optional[str]: return pulumi.get(self, "recipient_type") +@pulumi.output_type +class GetPodSecurityAdmissionConfigurationTemplateDefaultsResult(dict): + def __init__(__self__, *, + audit: Optional[str] = None, + audit_version: Optional[str] = None, + enforce: Optional[str] = None, + enforce_version: Optional[str] = None, + warn: Optional[str] = None, + warn_version: Optional[str] = None): + """ + :param str audit: Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param str audit_version: Pod Security Admission Configuration audit version (default: latest) + :param str enforce: Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param str enforce_version: Pod Security Admission Configuration enforce version (default: latest) + :param str warn: Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + :param str warn_version: Pod Security Admission Configuration warn version (default: latest) + """ + if audit is not None: + pulumi.set(__self__, "audit", audit) + if audit_version is not None: + pulumi.set(__self__, "audit_version", audit_version) + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if enforce_version is not None: + pulumi.set(__self__, "enforce_version", enforce_version) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warn_version is not None: + pulumi.set(__self__, "warn_version", warn_version) + + @property + @pulumi.getter + def audit(self) -> Optional[str]: + """ + Pod Security Admission Configuration audit. This audits a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "audit") + + @property + @pulumi.getter(name="auditVersion") + def audit_version(self) -> Optional[str]: + """ + Pod Security Admission Configuration audit version (default: latest) + """ + return pulumi.get(self, "audit_version") + + @property + @pulumi.getter + def enforce(self) -> Optional[str]: + """ + Pod Security Admission Configuration enforce. This rejects a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "enforce") + + @property + @pulumi.getter(name="enforceVersion") + def enforce_version(self) -> Optional[str]: + """ + Pod Security Admission Configuration enforce version (default: latest) + """ + return pulumi.get(self, "enforce_version") + + @property + @pulumi.getter + def warn(self) -> Optional[str]: + """ + Pod Security Admission Configuration warn. This warns the user about a pod in violation of privileged, baseline, or restricted policy (default: privileged) + """ + return pulumi.get(self, "warn") + + @property + @pulumi.getter(name="warnVersion") + def warn_version(self) -> Optional[str]: + """ + Pod Security Admission Configuration warn version (default: latest) + """ + return pulumi.get(self, "warn_version") + + +@pulumi.output_type +class GetPodSecurityAdmissionConfigurationTemplateExemptionsResult(dict): + def __init__(__self__, *, + namespaces: Optional[Sequence[str]] = None, + runtime_classes: Optional[Sequence[str]] = None, + usernames: Optional[Sequence[str]] = None): + """ + :param Sequence[str] namespaces: Pod Security Admission Configuration namespace exemptions + :param Sequence[str] runtime_classes: Pod Security Admission Configuration runtime class exemptions + :param Sequence[str] usernames: Pod Security Admission Configuration username exemptions + """ + if namespaces is not None: + pulumi.set(__self__, "namespaces", namespaces) + if runtime_classes is not None: + pulumi.set(__self__, "runtime_classes", runtime_classes) + if usernames is not None: + pulumi.set(__self__, "usernames", usernames) + + @property + @pulumi.getter + def namespaces(self) -> Optional[Sequence[str]]: + """ + Pod Security Admission Configuration namespace exemptions + """ + return pulumi.get(self, "namespaces") + + @property + @pulumi.getter(name="runtimeClasses") + def runtime_classes(self) -> Optional[Sequence[str]]: + """ + Pod Security Admission Configuration runtime class exemptions + """ + return pulumi.get(self, "runtime_classes") + + @property + @pulumi.getter + def usernames(self) -> Optional[Sequence[str]]: + """ + Pod Security Admission Configuration username exemptions + """ + return pulumi.get(self, "usernames") + + @pulumi.output_type class GetPodSecurityPolicyTemplateAllowedCsiDriverResult(dict): def __init__(__self__, *, diff --git a/sdk/python/pulumi_rancher2/pod_security_admission_configuration_template.py b/sdk/python/pulumi_rancher2/pod_security_admission_configuration_template.py new file mode 100644 index 000000000..4290dd5ea --- /dev/null +++ b/sdk/python/pulumi_rancher2/pod_security_admission_configuration_template.py @@ -0,0 +1,388 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['PodSecurityAdmissionConfigurationTemplateArgs', 'PodSecurityAdmissionConfigurationTemplate'] + +@pulumi.input_type +class PodSecurityAdmissionConfigurationTemplateArgs: + def __init__(__self__, *, + defaults: pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs'], + annotations: Optional[pulumi.Input[Mapping[str, Any]]] = None, + description: Optional[pulumi.Input[str]] = None, + exemptions: Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']] = None, + labels: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a PodSecurityAdmissionConfigurationTemplate resource. + :param pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs'] defaults: defaults allows the user to define admission control mode for Pod Security + :param pulumi.Input[Mapping[str, Any]] annotations: Annotations of the resource + :param pulumi.Input[str] description: Pod Security Admission Configuration template description + :param pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs'] exemptions: exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + prohibited + :param pulumi.Input[Mapping[str, Any]] labels: Labels of the resource + :param pulumi.Input[str] name: Pod Security Admission Configuration template name + """ + pulumi.set(__self__, "defaults", defaults) + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if description is not None: + pulumi.set(__self__, "description", description) + if exemptions is not None: + pulumi.set(__self__, "exemptions", exemptions) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def defaults(self) -> pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']: + """ + defaults allows the user to define admission control mode for Pod Security + """ + return pulumi.get(self, "defaults") + + @defaults.setter + def defaults(self, value: pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']): + pulumi.set(self, "defaults", value) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Annotations of the resource + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration template description + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def exemptions(self) -> Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']]: + """ + exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + prohibited + """ + return pulumi.get(self, "exemptions") + + @exemptions.setter + def exemptions(self, value: Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']]): + pulumi.set(self, "exemptions", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Labels of the resource + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration template name + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class _PodSecurityAdmissionConfigurationTemplateState: + def __init__(__self__, *, + annotations: Optional[pulumi.Input[Mapping[str, Any]]] = None, + defaults: Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']] = None, + description: Optional[pulumi.Input[str]] = None, + exemptions: Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']] = None, + labels: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering PodSecurityAdmissionConfigurationTemplate resources. + :param pulumi.Input[Mapping[str, Any]] annotations: Annotations of the resource + :param pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs'] defaults: defaults allows the user to define admission control mode for Pod Security + :param pulumi.Input[str] description: Pod Security Admission Configuration template description + :param pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs'] exemptions: exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + prohibited + :param pulumi.Input[Mapping[str, Any]] labels: Labels of the resource + :param pulumi.Input[str] name: Pod Security Admission Configuration template name + """ + if annotations is not None: + pulumi.set(__self__, "annotations", annotations) + if defaults is not None: + pulumi.set(__self__, "defaults", defaults) + if description is not None: + pulumi.set(__self__, "description", description) + if exemptions is not None: + pulumi.set(__self__, "exemptions", exemptions) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def annotations(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Annotations of the resource + """ + return pulumi.get(self, "annotations") + + @annotations.setter + def annotations(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "annotations", value) + + @property + @pulumi.getter + def defaults(self) -> Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']]: + """ + defaults allows the user to define admission control mode for Pod Security + """ + return pulumi.get(self, "defaults") + + @defaults.setter + def defaults(self, value: Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']]): + pulumi.set(self, "defaults", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration template description + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def exemptions(self) -> Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']]: + """ + exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + prohibited + """ + return pulumi.get(self, "exemptions") + + @exemptions.setter + def exemptions(self, value: Optional[pulumi.Input['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']]): + pulumi.set(self, "exemptions", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, Any]]]: + """ + Labels of the resource + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, Any]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Pod Security Admission Configuration template name + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +class PodSecurityAdmissionConfigurationTemplate(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + annotations: Optional[pulumi.Input[Mapping[str, Any]]] = None, + defaults: Optional[pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']]] = None, + description: Optional[pulumi.Input[str]] = None, + exemptions: Optional[pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']]] = None, + labels: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Create a PodSecurityAdmissionConfigurationTemplate resource with the given unique name, props, and options. + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, Any]] annotations: Annotations of the resource + :param pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']] defaults: defaults allows the user to define admission control mode for Pod Security + :param pulumi.Input[str] description: Pod Security Admission Configuration template description + :param pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']] exemptions: exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + prohibited + :param pulumi.Input[Mapping[str, Any]] labels: Labels of the resource + :param pulumi.Input[str] name: Pod Security Admission Configuration template name + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: PodSecurityAdmissionConfigurationTemplateArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Create a PodSecurityAdmissionConfigurationTemplate resource with the given unique name, props, and options. + :param str resource_name: The name of the resource. + :param PodSecurityAdmissionConfigurationTemplateArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(PodSecurityAdmissionConfigurationTemplateArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + annotations: Optional[pulumi.Input[Mapping[str, Any]]] = None, + defaults: Optional[pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']]] = None, + description: Optional[pulumi.Input[str]] = None, + exemptions: Optional[pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']]] = None, + labels: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = PodSecurityAdmissionConfigurationTemplateArgs.__new__(PodSecurityAdmissionConfigurationTemplateArgs) + + __props__.__dict__["annotations"] = annotations + if defaults is None and not opts.urn: + raise TypeError("Missing required property 'defaults'") + __props__.__dict__["defaults"] = defaults + __props__.__dict__["description"] = description + __props__.__dict__["exemptions"] = exemptions + __props__.__dict__["labels"] = labels + __props__.__dict__["name"] = name + super(PodSecurityAdmissionConfigurationTemplate, __self__).__init__( + 'rancher2:index/podSecurityAdmissionConfigurationTemplate:PodSecurityAdmissionConfigurationTemplate', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + annotations: Optional[pulumi.Input[Mapping[str, Any]]] = None, + defaults: Optional[pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']]] = None, + description: Optional[pulumi.Input[str]] = None, + exemptions: Optional[pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']]] = None, + labels: Optional[pulumi.Input[Mapping[str, Any]]] = None, + name: Optional[pulumi.Input[str]] = None) -> 'PodSecurityAdmissionConfigurationTemplate': + """ + Get an existing PodSecurityAdmissionConfigurationTemplate resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, Any]] annotations: Annotations of the resource + :param pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateDefaultsArgs']] defaults: defaults allows the user to define admission control mode for Pod Security + :param pulumi.Input[str] description: Pod Security Admission Configuration template description + :param pulumi.Input[pulumi.InputType['PodSecurityAdmissionConfigurationTemplateExemptionsArgs']] exemptions: exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + prohibited + :param pulumi.Input[Mapping[str, Any]] labels: Labels of the resource + :param pulumi.Input[str] name: Pod Security Admission Configuration template name + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _PodSecurityAdmissionConfigurationTemplateState.__new__(_PodSecurityAdmissionConfigurationTemplateState) + + __props__.__dict__["annotations"] = annotations + __props__.__dict__["defaults"] = defaults + __props__.__dict__["description"] = description + __props__.__dict__["exemptions"] = exemptions + __props__.__dict__["labels"] = labels + __props__.__dict__["name"] = name + return PodSecurityAdmissionConfigurationTemplate(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def annotations(self) -> pulumi.Output[Mapping[str, Any]]: + """ + Annotations of the resource + """ + return pulumi.get(self, "annotations") + + @property + @pulumi.getter + def defaults(self) -> pulumi.Output['outputs.PodSecurityAdmissionConfigurationTemplateDefaults']: + """ + defaults allows the user to define admission control mode for Pod Security + """ + return pulumi.get(self, "defaults") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + Pod Security Admission Configuration template description + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter + def exemptions(self) -> pulumi.Output[Optional['outputs.PodSecurityAdmissionConfigurationTemplateExemptions']]: + """ + exemptions allows the creation of pods for specific Usernames, RuntimeClassNames, and Namespaces that would otherwise be + prohibited + """ + return pulumi.get(self, "exemptions") + + @property + @pulumi.getter + def labels(self) -> pulumi.Output[Mapping[str, Any]]: + """ + Labels of the resource + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Pod Security Admission Configuration template name + """ + return pulumi.get(self, "name") +