diff --git a/go.mod b/go.mod
index 1f5b853718..123080c5c6 100644
--- a/go.mod
+++ b/go.mod
@@ -210,12 +210,10 @@ require (
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.21.0 // indirect
golang.org/x/oauth2 v0.7.0 // indirect
- golang.org/x/sync v0.5.0 // indirect
golang.org/x/sys v0.17.0 // indirect
golang.org/x/term v0.17.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
- golang.org/x/tools v0.16.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
@@ -244,3 +242,5 @@ exclude (
k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
k8s.io/client-go v12.0.0+incompatible
)
+
+replace github.com/IBM-Cloud/bluemix-go v0.0.0-20240110132033-6ead1f81a985 => github.com/golibali/bluemix-go v0.0.0-20240325103114-9225a5e9854e
diff --git a/go.sum b/go.sum
index e003aa7974..68fb491616 100644
--- a/go.sum
+++ b/go.sum
@@ -101,8 +101,6 @@ github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3
github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/DataDog/zstd v1.4.4/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
-github.com/IBM-Cloud/bluemix-go v0.0.0-20240110132033-6ead1f81a985 h1:Rsi0y9dJZNkF9zIa0Yjf9rdYHb5UqMMGbZvOcsESq90=
-github.com/IBM-Cloud/bluemix-go v0.0.0-20240110132033-6ead1f81a985/go.mod h1:jIGLnIfj+uBv2ALz3rVHzNbNwt0V/bEWNeJKECa8Q+k=
github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240216115622-a311507b4b5b h1:Wnq0BuprazpP41+nQlRpxpmAs8+8jyOqU50KrvFdJQ4=
github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240216115622-a311507b4b5b/go.mod h1:xUQL9SGAjoZFd4GNjrjjtEpjpkgU7RFXRyHesbKTjiY=
github.com/IBM-Cloud/ibm-cloud-cli-sdk v0.5.3/go.mod h1:RiUvKuHKTBmBApDMUQzBL14pQUGKcx/IioKQPIcRQjs=
@@ -675,6 +673,8 @@ github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8l
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golibali/bluemix-go v0.0.0-20240325103114-9225a5e9854e h1:aZz/5+XPZ9lUC9QcY0qR4Iz+/AENZFicp3ugf4bz1zM=
+github.com/golibali/bluemix-go v0.0.0-20240325103114-9225a5e9854e/go.mod h1:/7hMjdZA6fEpd/dQAOEABxKEwN0t72P3PlpEDu0Y7bE=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
@@ -1246,8 +1246,9 @@ github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxe
github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0=
github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
-github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -1278,8 +1279,9 @@ github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+q
github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
-github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
@@ -1631,7 +1633,9 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1755,7 +1759,9 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1901,6 +1907,7 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -1916,7 +1923,9 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2030,8 +2039,9 @@ golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
-golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
-golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
+golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go
index b1221f5572..d2df519ecd 100644
--- a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go
+++ b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go
@@ -340,6 +340,14 @@ func ResourceIBMContainerVpcCluster() *schema.Resource {
DiffSuppressFunc: flex.ApplyOnce,
},
+ "disable_outbound_traffic_protection": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ Description: "Allow outbound connections to public destinations",
+ DiffSuppressFunc: flex.ApplyOnce,
+ },
+
//Get Cluster info Request
"state": {
Type: schema.TypeString,
@@ -590,14 +598,17 @@ func resourceIBMContainerVpcClusterCreate(d *schema.ResourceData, meta interface
workerpool.Labels = labels
}
+ disableOutboundTrafficProtection := d.Get("disable_outbound_traffic_protection").(bool)
+
params := v2.ClusterCreateRequest{
- DisablePublicServiceEndpoint: disablePublicServiceEndpoint,
- Name: name,
- KubeVersion: kubeVersion,
- PodSubnet: podSubnet,
- ServiceSubnet: serviceSubnet,
- WorkerPools: workerpool,
- Provider: vpcProvider,
+ DisablePublicServiceEndpoint: disablePublicServiceEndpoint,
+ Name: name,
+ KubeVersion: kubeVersion,
+ PodSubnet: podSubnet,
+ ServiceSubnet: serviceSubnet,
+ WorkerPools: workerpool,
+ Provider: vpcProvider,
+ DisableOutboundTrafficProtection: disableOutboundTrafficProtection,
}
// Update params with Entitlement option if provided
diff --git a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go
index da70f4e1b3..8bbaed8db2 100644
--- a/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go
+++ b/ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go
@@ -179,6 +179,29 @@ func TestAccIBMContainerVpcClusterSecurityGroups(t *testing.T) {
})
}
+func TestAccIBMContainerVPCClusterDisableOutboundTrafficProtection(t *testing.T) {
+ name := fmt.Sprintf("tf-vpc-cluster-%d", acctest.RandIntRange(10, 100))
+ var conf *v2.ClusterInfo
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { acc.TestAccPreCheck(t) },
+ Providers: acc.TestAccProviders,
+ CheckDestroy: testAccCheckIBMContainerVpcClusterDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccCheckIBMContainerVpcClusterDisableOutboundTrafficProtection(name),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckIBMContainerVpcExists("ibm_container_vpc_cluster.cluster", conf),
+ resource.TestCheckResourceAttr(
+ "ibm_container_vpc_cluster.cluster", "name", name),
+ resource.TestCheckResourceAttr(
+ "ibm_container_vpc_cluster.cluster", "disable_outbound_traffic_protection", "true"),
+ ),
+ },
+ },
+ })
+}
+
func testAccCheckIBMContainerVpcClusterDestroy(s *terraform.State) error {
csClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).VpcContainerAPI()
if err != nil {
@@ -250,7 +273,7 @@ func testAccCheckIBMContainerVpcClusterBasic(name string) string {
return fmt.Sprintf(`
provider "ibm" {
region ="eu-de"
-}
+}
data "ibm_resource_group" "resource_group" {
is_default = "true"
//name = "Default"
@@ -270,7 +293,7 @@ resource "ibm_resource_instance" "kms_instance" {
plan = "tiered-pricing"
location = "eu-de"
}
-
+
resource "ibm_kms_key" "test" {
instance_id = ibm_resource_instance.kms_instance.guid
key_name = "%[1]s"
@@ -298,13 +321,67 @@ resource "ibm_container_vpc_cluster" "cluster" {
"test1" = "test-default-pool1"
"test2" = "test-default-pool2"
}
-
+
}`, name)
}
+func testAccCheckIBMContainerVpcClusterDisableOutboundTrafficProtection(name string) string {
+ return fmt.Sprintf(`
+data "ibm_resource_group" "resource_group" {
+ is_default = "true"
+ //name = "Default"
+}
+resource "ibm_is_vpc" "vpc" {
+ name = "%[1]s"
+}
+resource "ibm_is_subnet" "subnet" {
+ name = "%[1]s"
+ vpc = ibm_is_vpc.vpc.id
+ zone = "us-south-1"
+ total_ipv4_address_count = 256
+}
+resource "ibm_resource_instance" "kms_instance" {
+ name = "%[1]s"
+ service = "kms"
+ plan = "tiered-pricing"
+ location = "us-south"
+}
+
+resource "ibm_kms_key" "test" {
+ instance_id = ibm_resource_instance.kms_instance.guid
+ key_name = "%[1]s"
+ standard_key = false
+ force_delete = true
+}
+resource "ibm_container_vpc_cluster" "cluster" {
+ name = "%[1]s"
+ vpc_id = ibm_is_vpc.vpc.id
+ flavor = "cx2.2x4"
+ worker_count = 1
+ wait_till = "OneWorkerNodeReady"
+ resource_group_id = data.ibm_resource_group.resource_group.id
+ zones {
+ subnet_id = ibm_is_subnet.subnet.id
+ name = "us-south-1"
+ }
+ kms_config {
+ instance_id = ibm_resource_instance.kms_instance.guid
+ crk_id = ibm_kms_key.test.key_id
+ private_endpoint = false
+ }
+ worker_labels = {
+ "test" = "test-default-pool"
+ "test1" = "test-default-pool1"
+ "test2" = "test-default-pool2"
+ }
+ disable_outbound_traffic_protection = true
+
+}`, name)
+}
+
// preveously you have to create securitygroups and use them instead
func testAccCheckIBMContainerVpcClusterSecurityGroups(name string) string {
- return fmt.Sprintf(`
+ return fmt.Sprintf(`
data "ibm_resource_group" "resource_group" {
is_default = "true"
//name = "Default"
@@ -328,7 +405,7 @@ func testAccCheckIBMContainerVpcClusterSecurityGroups(name string) string {
plan = "tiered-pricing"
location = "eu-de"
}
-
+
resource "ibm_kms_key" "test" {
instance_id = ibm_resource_instance.kms_instance.guid
key_name = "%[1]s"
@@ -356,8 +433,8 @@ func testAccCheckIBMContainerVpcClusterSecurityGroups(name string) string {
"test1" = "test-default-pool1"
"test2" = "test-default-pool2"
}
-
- security_groups = [
+
+ security_groups = [
ibm_is_security_group.security_group.id,
"cluster",
]
@@ -368,7 +445,7 @@ func testAccCheckIBMContainerVpcClusterUpdate(name string) string {
return fmt.Sprintf(`
provider "ibm" {
region ="eu-de"
-}
+}
data "ibm_resource_group" "resource_group" {
is_default = "true"
}
@@ -380,7 +457,7 @@ resource "ibm_is_subnet" "subnet" {
vpc = ibm_is_vpc.vpc.id
zone = "eu-de-1"
total_ipv4_address_count = 256
-}
+}
resource "ibm_is_subnet" "subnet2" {
name = "%[1]s-2"
vpc = ibm_is_vpc.vpc.id
@@ -393,7 +470,7 @@ resource "ibm_resource_instance" "kms_instance" {
plan = "tiered-pricing"
location = "eu-de"
}
-
+
resource "ibm_kms_key" "test" {
instance_id = ibm_resource_instance.kms_instance.guid
key_name = "%[1]s"
@@ -424,7 +501,7 @@ resource "ibm_container_vpc_cluster" "cluster" {
"test" = "test-default-pool"
"test1" = "test-default-pool1"
}
-
+
}`, name)
}
diff --git a/metadata/provider_metadata.json b/metadata/provider_metadata.json
index 41d4aec350..07dbe4f77f 100644
--- a/metadata/provider_metadata.json
+++ b/metadata/provider_metadata.json
@@ -107407,6 +107407,14 @@
"required": true
}
}
+ },
+ {
+ "name": "disable_outbound_traffic_protection",
+ "type": "TypeBool",
+ "description": "Allow outbound connections to public destinations",
+ "default_value": false,
+ "immutable": true,
+ "optional": true
}
],
"ibm_container_vpc_worker": [
@@ -152906,4 +152914,4 @@
]
},
"Version": "1.59.0"
-}
\ No newline at end of file
+}
diff --git a/website/docs/r/container_vpc_cluster.html.markdown b/website/docs/r/container_vpc_cluster.html.markdown
index ec7c814b9c..45159d2f3d 100644
--- a/website/docs/r/container_vpc_cluster.html.markdown
+++ b/website/docs/r/container_vpc_cluster.html.markdown
@@ -168,10 +168,10 @@ ibm_container_vpc_cluster provides the following [Timeouts](https://www.terrafor
* `update` - (Default 60 minutes) Used for updating Cluster.
## Argument reference
-Review the argument references that you can specify for your resource.
+Review the argument references that you can specify for your resource.
- `cos_instance_crn` - (Optional, String) Required for OpenShift clusters only. The standard IBM Cloud Object Storage instance CRN to back up the internal registry in your OpenShift on VPC Generation 2 cluster.
-- `disable_public_service_endpoint` - (Optional, Bool) Disable the public service endpoint to prevent public access to the Kubernetes master. Default value is `false`.
+- `disable_public_service_endpoint` - (Optional, Bool) Disable the public service endpoint to prevent public access to the Kubernetes master. Default value is `false`.
- `entitlement` - (Optional, String) Entitlement reduces additional OCP Licence cost in OpenShift clusters. Use Cloud Pak with OCP Licence entitlement to create the OpenShift cluster. **Note** - It is set only when the first time creation of the cluster, further modifications are not impacted.
- Set this argument to `cloud_pak` only if you use the cluster with a Cloud Pak that has an OpenShift entitlement.
.
- `force_delete_storage` - (Optional, Bool) If set to **true**,force the removal of persistent storage associated with the cluster during cluster deletion. Default value is **false**. **Note** If `force_delete_storage` parameter is used after provisioning the cluster, then, you need to execute `terraform apply` before `terraform destroy` for `force_delete_storage` parameter to take effect.
- `flavor` - (Required, String) The flavor of the VPC worker nodes in the default worker pool. This field only affects cluster creation, to manage the default worker pool, create a dedicated worker pool resource.
@@ -199,7 +199,7 @@ Review the argument references that you can specify for your resource.
- `key` - (Required, String) Key for taint.
- `value` - (Required, String) Value for taint.
- `effect` - (Required, String) Effect for taint. Accepted values are `NoSchedule`, `PreferNoSchedule`, and `NoExecute`.
-
+
- `wait_for_worker_update` - (Optional, Bool) Set to **true** to wait and update the Kubernetes version of worker nodes. **NOTE** Setting wait_for_worker_update to **false** is not recommended. Setting **false** results in upgrading all the worker nodes in the cluster at the same time causing the cluster downtime.
- `wait_till` - (Optional, String) The creation of a cluster can take a few minutes (for virtual servers) or even hours (for Bare Metal servers) to complete. To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported stages are: - `Normal`: Terraform marks the creation of your cluster complete when the cluster is in a [Normal](https://cloud.ibm.com/docs/containers?topic=containers-cluster-states-reference#cluster-state-normal) state. If you plan to do reading on the cluster from a datasource, use `Normal`. At the moment wait_till `Normal` also ignores the critical and warning states that occasionally happen during cluster creation, but cannot distinguish it from actual critical or warning states.
- `MasterNodeReady`: Terraform marks the creation of your cluster complete when the cluster master is in a
ready state. - `OneWorkerNodeReady`: Terraform marks the creation of your cluster complete when the master and at least one worker node are in a
ready state. - `IngressReady`: Terraform marks the creation of your cluster complete when the cluster master and all worker nodes are in a
ready state, and the Ingress subdomain is fully set up.
If you do not specify this option, `IngressReady` is used by default. You can set this option only when the cluster is created. If this option is set during a cluster update or deletion, the parameter is ignored by the Terraform provider.
- `worker_count` - (Optional, Integer) The number of worker nodes per zone in the default worker pool. Default value `1`. **Note** If the requested number of worker nodes is fewer than the minimum 2 worker nodes that are required for an OpenShift cluster, cluster creation will be rejected. This field only affects cluster creation, to manage the default worker pool, create a dedicated worker pool resource.
@@ -218,6 +218,7 @@ Review the argument references that you can specify for your resource.
- `kms_instance_id` - (Optional, String) Instance ID for boot volume encryption.
- `kms_account_id` - (Optional, String) Account ID for boot volume encryption, if other account is providing the kms.
- `security_groups` - (Optional, List) Enables users to define specific security groups for their workers.
+- `disable_outbound_traffic_protection` - (Optional, Bool) Include this option to allow public outbound access from the cluster workers. By default, public outbound access is blocked in OpenShift versions 4.15 and later and Kubernetes versions 1.30 and later.
**Note**
@@ -227,9 +228,9 @@ Review the argument references that you can specify for your resource.
## Attribute reference
In addition to all argument reference list, you can access the following attribute reference after your resource is created.
-- `albs` - (List of Objects) A list of Application Load Balancers (ALBs) that are attached to the cluster.
-
- Nested scheme for `albs`:
+- `albs` - (List of Objects) A list of Application Load Balancers (ALBs) that are attached to the cluster.
+
+ Nested scheme for `albs`:
- `alb_type` - (String) The ALB type. Valid values are `public` or `private`.
- `disable_deployment`- (Bool) Indicate whether to disable the deployment of the ALB.
- `enable`- (Bool) Enable (true) or disable (false) the ALB.
@@ -251,7 +252,7 @@ In addition to all argument reference list, you can access the following attribu
## Import
-The `ibm_container_vpc_cluster` can be imported by using the cluster ID.
+The `ibm_container_vpc_cluster` can be imported by using the cluster ID.
**Example**