Docs Home
tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack
tencentcloud.KubernetesEncryptionProtection
Explore with Pulumi AI
tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack
Provides a resource to create a tke encryption_protection
Example Usage
Enable tke encryption protection
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const config = new pulumi.Config();
const exampleRegion = config.get("exampleRegion") || "ap-guangzhou";
const exampleClusterCidr = config.get("exampleClusterCidr") || "10.32.0.0/16";
const availabilityZone = config.get("availabilityZone") || "ap-guangzhou-3";
const vpc = tencentcloud.getVpcSubnets({
isDefault: true,
availabilityZone: availabilityZone,
});
const exampleKubernetesCluster = new tencentcloud.KubernetesCluster("exampleKubernetesCluster", {
vpcId: vpc.then(vpc => vpc.instanceLists?.[0]?.vpcId),
clusterCidr: exampleClusterCidr,
clusterMaxPodNum: 32,
clusterName: "tf_example_cluster",
clusterDesc: "a tf example cluster for the kms test",
clusterMaxServiceNum: 32,
clusterDeployType: "MANAGED_CLUSTER",
});
const exampleKmsKey = new tencentcloud.KmsKey("exampleKmsKey", {
alias: "tf-example-kms-key",
description: "example of kms key instance",
keyUsage: "ENCRYPT_DECRYPT",
isEnabled: true,
});
const exampleKubernetesEncryptionProtection = new tencentcloud.KubernetesEncryptionProtection("exampleKubernetesEncryptionProtection", {
clusterId: exampleKubernetesCluster.kubernetesClusterId,
kmsConfiguration: {
keyId: exampleKmsKey.kmsKeyId,
kmsRegion: exampleRegion,
},
});
import pulumi
import pulumi_tencentcloud as tencentcloud
config = pulumi.Config()
example_region = config.get("exampleRegion")
if example_region is None:
example_region = "ap-guangzhou"
example_cluster_cidr = config.get("exampleClusterCidr")
if example_cluster_cidr is None:
example_cluster_cidr = "10.32.0.0/16"
availability_zone = config.get("availabilityZone")
if availability_zone is None:
availability_zone = "ap-guangzhou-3"
vpc = tencentcloud.get_vpc_subnets(is_default=True,
availability_zone=availability_zone)
example_kubernetes_cluster = tencentcloud.KubernetesCluster("exampleKubernetesCluster",
vpc_id=vpc.instance_lists[0].vpc_id,
cluster_cidr=example_cluster_cidr,
cluster_max_pod_num=32,
cluster_name="tf_example_cluster",
cluster_desc="a tf example cluster for the kms test",
cluster_max_service_num=32,
cluster_deploy_type="MANAGED_CLUSTER")
example_kms_key = tencentcloud.KmsKey("exampleKmsKey",
alias="tf-example-kms-key",
description="example of kms key instance",
key_usage="ENCRYPT_DECRYPT",
is_enabled=True)
example_kubernetes_encryption_protection = tencentcloud.KubernetesEncryptionProtection("exampleKubernetesEncryptionProtection",
cluster_id=example_kubernetes_cluster.kubernetes_cluster_id,
kms_configuration={
"key_id": example_kms_key.kms_key_id,
"kms_region": example_region,
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
exampleRegion := "ap-guangzhou"
if param := cfg.Get("exampleRegion"); param != "" {
exampleRegion = param
}
exampleClusterCidr := "10.32.0.0/16"
if param := cfg.Get("exampleClusterCidr"); param != "" {
exampleClusterCidr = param
}
availabilityZone := "ap-guangzhou-3"
if param := cfg.Get("availabilityZone"); param != "" {
availabilityZone = param
}
vpc, err := tencentcloud.GetVpcSubnets(ctx, &tencentcloud.GetVpcSubnetsArgs{
IsDefault: pulumi.BoolRef(true),
AvailabilityZone: pulumi.StringRef(availabilityZone),
}, nil)
if err != nil {
return err
}
exampleKubernetesCluster, err := tencentcloud.NewKubernetesCluster(ctx, "exampleKubernetesCluster", &tencentcloud.KubernetesClusterArgs{
VpcId: pulumi.String(vpc.InstanceLists[0].VpcId),
ClusterCidr: pulumi.String(exampleClusterCidr),
ClusterMaxPodNum: pulumi.Float64(32),
ClusterName: pulumi.String("tf_example_cluster"),
ClusterDesc: pulumi.String("a tf example cluster for the kms test"),
ClusterMaxServiceNum: pulumi.Float64(32),
ClusterDeployType: pulumi.String("MANAGED_CLUSTER"),
})
if err != nil {
return err
}
exampleKmsKey, err := tencentcloud.NewKmsKey(ctx, "exampleKmsKey", &tencentcloud.KmsKeyArgs{
Alias: pulumi.String("tf-example-kms-key"),
Description: pulumi.String("example of kms key instance"),
KeyUsage: pulumi.String("ENCRYPT_DECRYPT"),
IsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = tencentcloud.NewKubernetesEncryptionProtection(ctx, "exampleKubernetesEncryptionProtection", &tencentcloud.KubernetesEncryptionProtectionArgs{
ClusterId: exampleKubernetesCluster.KubernetesClusterId,
KmsConfiguration: &tencentcloud.KubernetesEncryptionProtectionKmsConfigurationArgs{
KeyId: exampleKmsKey.KmsKeyId,
KmsRegion: pulumi.String(exampleRegion),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var exampleRegion = config.Get("exampleRegion") ?? "ap-guangzhou";
var exampleClusterCidr = config.Get("exampleClusterCidr") ?? "10.32.0.0/16";
var availabilityZone = config.Get("availabilityZone") ?? "ap-guangzhou-3";
var vpc = Tencentcloud.GetVpcSubnets.Invoke(new()
{
IsDefault = true,
AvailabilityZone = availabilityZone,
});
var exampleKubernetesCluster = new Tencentcloud.KubernetesCluster("exampleKubernetesCluster", new()
{
VpcId = vpc.Apply(getVpcSubnetsResult => getVpcSubnetsResult.InstanceLists[0]?.VpcId),
ClusterCidr = exampleClusterCidr,
ClusterMaxPodNum = 32,
ClusterName = "tf_example_cluster",
ClusterDesc = "a tf example cluster for the kms test",
ClusterMaxServiceNum = 32,
ClusterDeployType = "MANAGED_CLUSTER",
});
var exampleKmsKey = new Tencentcloud.KmsKey("exampleKmsKey", new()
{
Alias = "tf-example-kms-key",
Description = "example of kms key instance",
KeyUsage = "ENCRYPT_DECRYPT",
IsEnabled = true,
});
var exampleKubernetesEncryptionProtection = new Tencentcloud.KubernetesEncryptionProtection("exampleKubernetesEncryptionProtection", new()
{
ClusterId = exampleKubernetesCluster.KubernetesClusterId,
KmsConfiguration = new Tencentcloud.Inputs.KubernetesEncryptionProtectionKmsConfigurationArgs
{
KeyId = exampleKmsKey.KmsKeyId,
KmsRegion = exampleRegion,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.TencentcloudFunctions;
import com.pulumi.tencentcloud.inputs.GetVpcSubnetsArgs;
import com.pulumi.tencentcloud.KubernetesCluster;
import com.pulumi.tencentcloud.KubernetesClusterArgs;
import com.pulumi.tencentcloud.KmsKey;
import com.pulumi.tencentcloud.KmsKeyArgs;
import com.pulumi.tencentcloud.KubernetesEncryptionProtection;
import com.pulumi.tencentcloud.KubernetesEncryptionProtectionArgs;
import com.pulumi.tencentcloud.inputs.KubernetesEncryptionProtectionKmsConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var exampleRegion = config.get("exampleRegion").orElse("ap-guangzhou");
final var exampleClusterCidr = config.get("exampleClusterCidr").orElse("10.32.0.0/16");
final var availabilityZone = config.get("availabilityZone").orElse("ap-guangzhou-3");
final var vpc = TencentcloudFunctions.getVpcSubnets(GetVpcSubnetsArgs.builder()
.isDefault(true)
.availabilityZone(availabilityZone)
.build());
var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()
.vpcId(vpc.applyValue(getVpcSubnetsResult -> getVpcSubnetsResult.instanceLists()[0].vpcId()))
.clusterCidr(exampleClusterCidr)
.clusterMaxPodNum(32)
.clusterName("tf_example_cluster")
.clusterDesc("a tf example cluster for the kms test")
.clusterMaxServiceNum(32)
.clusterDeployType("MANAGED_CLUSTER")
.build());
var exampleKmsKey = new KmsKey("exampleKmsKey", KmsKeyArgs.builder()
.alias("tf-example-kms-key")
.description("example of kms key instance")
.keyUsage("ENCRYPT_DECRYPT")
.isEnabled(true)
.build());
var exampleKubernetesEncryptionProtection = new KubernetesEncryptionProtection("exampleKubernetesEncryptionProtection", KubernetesEncryptionProtectionArgs.builder()
.clusterId(exampleKubernetesCluster.kubernetesClusterId())
.kmsConfiguration(KubernetesEncryptionProtectionKmsConfigurationArgs.builder()
.keyId(exampleKmsKey.kmsKeyId())
.kmsRegion(exampleRegion)
.build())
.build());
}
}
configuration:
exampleRegion:
type: string
default: ap-guangzhou
exampleClusterCidr:
type: string
default: 10.32.0.0/16
availabilityZone:
type: string
default: ap-guangzhou-3
resources:
exampleKubernetesCluster:
type: tencentcloud:KubernetesCluster
properties:
vpcId: ${vpc.instanceLists[0].vpcId}
clusterCidr: ${exampleClusterCidr}
clusterMaxPodNum: 32
clusterName: tf_example_cluster
clusterDesc: a tf example cluster for the kms test
clusterMaxServiceNum: 32
clusterDeployType: MANAGED_CLUSTER
exampleKmsKey:
type: tencentcloud:KmsKey
properties:
alias: tf-example-kms-key
description: example of kms key instance
keyUsage: ENCRYPT_DECRYPT
isEnabled: true
exampleKubernetesEncryptionProtection:
type: tencentcloud:KubernetesEncryptionProtection
properties:
clusterId: ${exampleKubernetesCluster.kubernetesClusterId}
kmsConfiguration:
keyId: ${exampleKmsKey.kmsKeyId}
kmsRegion: ${exampleRegion}
variables:
vpc:
fn::invoke:
function: tencentcloud:getVpcSubnets
arguments:
isDefault: true
availabilityZone: ${availabilityZone}
Create KubernetesEncryptionProtection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KubernetesEncryptionProtection(name: string, args: KubernetesEncryptionProtectionArgs, opts?: CustomResourceOptions);@overload
def KubernetesEncryptionProtection(resource_name: str,
args: KubernetesEncryptionProtectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KubernetesEncryptionProtection(resource_name: str,
opts: Optional[ResourceOptions] = None,
cluster_id: Optional[str] = None,
kms_configuration: Optional[KubernetesEncryptionProtectionKmsConfigurationArgs] = None,
kubernetes_encryption_protection_id: Optional[str] = None)func NewKubernetesEncryptionProtection(ctx *Context, name string, args KubernetesEncryptionProtectionArgs, opts ...ResourceOption) (*KubernetesEncryptionProtection, error)public KubernetesEncryptionProtection(string name, KubernetesEncryptionProtectionArgs args, CustomResourceOptions? opts = null)
public KubernetesEncryptionProtection(String name, KubernetesEncryptionProtectionArgs args)
public KubernetesEncryptionProtection(String name, KubernetesEncryptionProtectionArgs args, CustomResourceOptions options)
type: tencentcloud:KubernetesEncryptionProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KubernetesEncryptionProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KubernetesEncryptionProtectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KubernetesEncryptionProtectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KubernetesEncryptionProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KubernetesEncryptionProtectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
KubernetesEncryptionProtection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KubernetesEncryptionProtection resource accepts the following input properties:
- Cluster
Id string - cluster id.
- Kms
Configuration KubernetesEncryption Protection Kms Configuration - kms encryption configuration.
- Kubernetes
Encryption stringProtection Id - ID of the resource.
- Cluster
Id string - cluster id.
- Kms
Configuration KubernetesEncryption Protection Kms Configuration Args - kms encryption configuration.
- Kubernetes
Encryption stringProtection Id - ID of the resource.
- cluster
Id String - cluster id.
- kms
Configuration KubernetesEncryption Protection Kms Configuration - kms encryption configuration.
- kubernetes
Encryption StringProtection Id - ID of the resource.
- cluster
Id string - cluster id.
- kms
Configuration KubernetesEncryption Protection Kms Configuration - kms encryption configuration.
- kubernetes
Encryption stringProtection Id - ID of the resource.
- cluster_
id str - cluster id.
- kms_
configuration KubernetesEncryption Protection Kms Configuration Args - kms encryption configuration.
- kubernetes_
encryption_ strprotection_ id - ID of the resource.
- cluster
Id String - cluster id.
- kms
Configuration Property Map - kms encryption configuration.
- kubernetes
Encryption StringProtection Id - ID of the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the KubernetesEncryptionProtection resource produces the following output properties:
Look up Existing KubernetesEncryptionProtection Resource
Get an existing KubernetesEncryptionProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubernetesEncryptionProtectionState, opts?: CustomResourceOptions): KubernetesEncryptionProtection@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cluster_id: Optional[str] = None,
kms_configuration: Optional[KubernetesEncryptionProtectionKmsConfigurationArgs] = None,
kubernetes_encryption_protection_id: Optional[str] = None,
status: Optional[str] = None) -> KubernetesEncryptionProtectionfunc GetKubernetesEncryptionProtection(ctx *Context, name string, id IDInput, state *KubernetesEncryptionProtectionState, opts ...ResourceOption) (*KubernetesEncryptionProtection, error)public static KubernetesEncryptionProtection Get(string name, Input<string> id, KubernetesEncryptionProtectionState? state, CustomResourceOptions? opts = null)public static KubernetesEncryptionProtection get(String name, Output<String> id, KubernetesEncryptionProtectionState state, CustomResourceOptions options)resources: _: type: tencentcloud:KubernetesEncryptionProtection get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cluster
Id string - cluster id.
- Kms
Configuration KubernetesEncryption Protection Kms Configuration - kms encryption configuration.
- Kubernetes
Encryption stringProtection Id - ID of the resource.
- Status string
- kms encryption status.
- Cluster
Id string - cluster id.
- Kms
Configuration KubernetesEncryption Protection Kms Configuration Args - kms encryption configuration.
- Kubernetes
Encryption stringProtection Id - ID of the resource.
- Status string
- kms encryption status.
- cluster
Id String - cluster id.
- kms
Configuration KubernetesEncryption Protection Kms Configuration - kms encryption configuration.
- kubernetes
Encryption StringProtection Id - ID of the resource.
- status String
- kms encryption status.
- cluster
Id string - cluster id.
- kms
Configuration KubernetesEncryption Protection Kms Configuration - kms encryption configuration.
- kubernetes
Encryption stringProtection Id - ID of the resource.
- status string
- kms encryption status.
- cluster_
id str - cluster id.
- kms_
configuration KubernetesEncryption Protection Kms Configuration Args - kms encryption configuration.
- kubernetes_
encryption_ strprotection_ id - ID of the resource.
- status str
- kms encryption status.
- cluster
Id String - cluster id.
- kms
Configuration Property Map - kms encryption configuration.
- kubernetes
Encryption StringProtection Id - ID of the resource.
- status String
- kms encryption status.
Supporting Types
KubernetesEncryptionProtectionKmsConfiguration, KubernetesEncryptionProtectionKmsConfigurationArgs
- key_
id str - kms id.
- kms_
region str - kms region.
Package Details
- Repository
- tencentcloud tencentcloudstack/terraform-provider-tencentcloud
- License
- Notes
- This Pulumi package is based on the
tencentcloudTerraform Provider.
tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack