diff --git a/gridscale/resource_gridscale_k8s.go b/gridscale/resource_gridscale_k8s.go index b49785c4..957bbad3 100644 --- a/gridscale/resource_gridscale_k8s.go +++ b/gridscale/resource_gridscale_k8s.go @@ -204,6 +204,12 @@ func resourceGridscaleK8s() *schema.Resource { Optional: true, Computed: true, }, + "cluster_traffic_encryption": { + Type: schema.TypeBool, + Description: "Enables cluster encryption via wireguard if true. Only available for GSK version 1.29 and above. Default is false.", + Optional: true, + Default: false, + }, }, }, }, @@ -340,6 +346,11 @@ func resourceGridscaleK8sRead(d *schema.ResourceData, meta interface{}) error { nodePool["surge_node"] = surgeNodeCount > 0 } + // Cluster traffic encryption feature is enabled if k8s_cluster_traffic_encryption is true + if clusterTrafficEncryption, ok := props.Parameters["k8s_cluster_traffic_encryption"].(bool); ok { + nodePool["cluster_traffic_encryption"] = clusterTrafficEncryption + } + nodePoolList = append(nodePoolList, nodePool) if err = d.Set("node_pool", nodePoolList); err != nil { return fmt.Errorf("%s error setting node_pool: %v", errorPrefix, err) @@ -435,6 +446,10 @@ func resourceGridscaleK8sCreate(d *schema.ResourceData, meta interface{}) error } else { params["k8s_surge_node_count"] = 0 } + // Set cluster traffic encryption if it is set + if clusterTrafficEncryption, isSet := d.GetOk("node_pool.0.cluster_traffic_encryption"); isSet { + params["k8s_cluster_traffic_encryption"] = clusterTrafficEncryption + } requestBody.Parameters = params ctx, cancel := context.WithTimeout(context.Background(), d.Timeout(schema.TimeoutCreate)) @@ -504,6 +519,10 @@ func resourceGridscaleK8sUpdate(d *schema.ResourceData, meta interface{}) error } else { params["k8s_surge_node_count"] = 0 } + // Set cluster traffic encryption if it is set + if clusterTrafficEncryption, isSet := d.GetOk("node_pool.0.cluster_traffic_encryption"); isSet { + params["k8s_cluster_traffic_encryption"] = clusterTrafficEncryption + } requestBody.Parameters = params ctx, cancel := context.WithTimeout(context.Background(), d.Timeout(schema.TimeoutUpdate)) diff --git a/website/docs/r/k8s.html.md b/website/docs/r/k8s.html.md index 391581aa..7a51c205 100644 --- a/website/docs/r/k8s.html.md +++ b/website/docs/r/k8s.html.md @@ -56,6 +56,7 @@ The following arguments are supported: * `rocket_storage` - Rocket storage per worker node (in GiB). * `surge_node` - Enable surge node to avoid resources shortage during the cluster upgrade (Default: true). * `cluster_cidr` - (Immutable) The cluster CIDR that will be used to generate the CIDR of nodes, services, and pods. The allowed CIDR prefix length is /16. If the cluster CIDR is not set, the cluster will use "10.244.0.0/16" as it default (even though the `cluster_cidr` in the k8s resource is empty). + * `cluster_traffic_encryption` - Enables cluster encryption via wireguard if true. Only available for GSK version 1.29 and above. Default is false. ## Timeouts @@ -90,6 +91,7 @@ This resource exports the following attributes: * `rocket_storage` - See Argument Reference above. * `surge_node` - See Argument Reference above. * `cluster_cidr` - See Argument Reference above. + * `cluster_traffic_encryption` - See Argument Reference above. * `usage_in_minutes` - The amount of minutes the IP address has been in use. * `create_time` - The time the object was created. * `change_time` - Defines the date and time of the last object change.