feat(k8s): support for pod_cidr, service_cidr and service_dns_ip

docs/resources/k8s_cluster.md

@@ -303,7 +303,17 @@ you can still set it now. In this case it will not destroy and recreate your clu
 
     - `required_claim` - (Optional) Multiple key=value pairs that describes a required claim in the ID Token
 
-- `default_pool` - (Deprecated) See below.
+- `pod_cidr` - (Optional) The subnet used for the Pod CIDR.
+
+~> **Important:** Changes to this field will recreate a new resource.
+
+- `service_cidr` - (Optional) The subnet used for the Service CIDR.
+
+~> **Important:** Changes to this field will recreate a new resource.
+
+- `service_dns_ip` - (Optional) The IP used for the DNS Service. If unset, defaults to Service CIDR's network + 10.
+
+~> **Important:** Changes to this field will recreate a new resource.
 
 - `region` - (Defaults to [provider](../index.md#arguments-reference) `region`) The [region](../guides/regions_and_zones.md#regions) in which the cluster should be created.
 

go.mod

@@ -29,7 +29,7 @@ require (
 	github.com/nats-io/jwt/v2 v2.8.0
 	github.com/nats-io/nats.go v1.45.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34.0.20250721082157-a9b7a7bd9686
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34.0.20250728144921-0b5c3c564bb6
 	github.com/stretchr/testify v1.11.1
 	golang.org/x/crypto v0.42.0
 	gopkg.in/dnaeon/go-vcr.v3 v3.2.0

go.sum

@@ -456,8 +456,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34.0.20250721082157-a9b7a7bd9686 h1:rSbtkU5fMMXbv0qwIH5dBq+TvAYnbClahwPP1KtN9bs=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34.0.20250721082157-a9b7a7bd9686/go.mod h1:fw6BmcfYRs2BEHYW0c3/rR0JgZHvdx6uMYqpeUJx3Bc=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34.0.20250728144921-0b5c3c564bb6 h1:77MmFGSxomMgJVpOMlmv7pGoAoreELviEHqCZGQwn2w=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34.0.20250728144921-0b5c3c564bb6/go.mod h1:fw6BmcfYRs2BEHYW0c3/rR0JgZHvdx6uMYqpeUJx3Bc=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=

internal/services/k8s/cluster.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net"
 	"strings"
 	"time"
 
@@ -158,6 +159,30 @@ func ResourceCluster() *schema.Resource {
 				ValidateDiagFunc: verify.IsUUIDorUUIDWithLocality(),
 				DiffSuppressFunc: dsf.Locality,
 			},
+			"pod_cidr": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				Computed:     true,
+				Description:  "The subnet used for the Pod CIDR.",
+				ValidateFunc: validation.IsCIDR,
+			},
+			"service_cidr": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				Computed:     true,
+				Description:  "The subnet used for the Service CIDR.",
+				ValidateFunc: validation.IsCIDR,
+			},
+			"service_dns_ip": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				Computed:     true,
+				Description:  "The IP used for the DNS Service.",
+				ValidateFunc: validation.IsIPAddress,
+			},
 			"region":          regional.Schema(),
 			"organization_id": account.OrganizationIDSchema(),
 			"project_id":      account.ProjectIDSchema(),
@@ -497,6 +522,23 @@ func ResourceK8SClusterCreate(ctx context.Context, d *schema.ResourceData, m any
 		req.PrivateNetworkID = scw.StringPtr(regional.ExpandID(pnID.(string)).ID)
 	}
 
+	// Networking configuration
+
+	if podCIDR, ok := d.GetOk("pod_cidr"); ok {
+		podCIDRIPNet, _ := types.ExpandIPNet(podCIDR.(string))
+		req.PodCidr = &podCIDRIPNet
+	}
+
+	if serviceCIDR, ok := d.GetOk("service_cidr"); ok {
+		serviceCIDRIPNet, _ := types.ExpandIPNet(serviceCIDR.(string))
+		req.ServiceCidr = &serviceCIDRIPNet
+	}
+
+	if serviceDNSIP, ok := d.GetOk("service_dns_ip"); ok {
+		serviceDNSIPNetIP := net.ParseIP(serviceDNSIP.(string))
+		req.ServiceDNSIP = &serviceDNSIPNetIP
+	}
+
 	// Cluster creation
 
 	res, err := k8sAPI.CreateCluster(req, scw.WithContext(ctx))
@@ -578,6 +620,11 @@ func ResourceK8SClusterRead(ctx context.Context, d *schema.ResourceData, m any)
 	// private_network
 	_ = d.Set("private_network_id", types.FlattenStringPtr(cluster.PrivateNetworkID))
 
+	// networking
+	_ = d.Set("pod_cidr", cluster.PodCidr.String())
+	_ = d.Set("service_cidr", cluster.ServiceCidr.String())
+	_ = d.Set("service_dns_ip", cluster.ServiceDNSIP.String())
+
 	////
 	// Read kubeconfig
 	////

internal/services/k8s/cluster_test.go

@@ -136,6 +136,9 @@ resource "scaleway_k8s_cluster" "minimal" {
 					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "tags.1", "scaleway_k8s_cluster"),
 					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "tags.2", "minimal"),
 					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "description", "terraform basic test cluster"),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "pod_cidr", ""),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "service_cidr", ""),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "service_dns_ip", ""),
 				),
 			},
 			{
@@ -166,6 +169,9 @@ resource "scaleway_k8s_cluster" "minimal" {
 					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "tags.1", "scaleway_k8s_cluster"),
 					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "tags.2", "minimal"),
 					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "description", ""),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "pod_cidr", ""),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "service_cidr", ""),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.minimal", "service_dns_ip", ""),
 				),
 			},
 		},
@@ -855,3 +861,48 @@ resource "scaleway_k8s_cluster" "type-change" {
 
 	return config
 }
+
+func TestAccCluster_Networking(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	latestK8SVersion := testAccK8SClusterGetLatestK8SVersion(tt)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(t)
+		},
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy: resource.ComposeTestCheckFunc(
+			testAccCheckK8SClusterDestroy(tt),
+			vpcchecks.CheckPrivateNetworkDestroy(tt),
+		),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_vpc_private_network" "networking" {
+					    name       = "test-networking"
+					}
+					resource "scaleway_k8s_cluster" "networking" {
+						cni = "cilium"
+						version = "%s"
+						name = "test-networking"
+						tags = [ "terraform-test", "scaleway_k8s_cluster", "networking" ]
+						delete_additional_resources = true
+						private_network_id = scaleway_vpc_private_network.networking.id
+						pod_cidr = "10.11.0.0/16"
+						service_cidr = "10.12.0.0/16"
+						service_dns_ip = "10.12.0.53"
+					}`, latestK8SVersion),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckK8SClusterExists(tt, "scaleway_k8s_cluster.networking"),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.networking", "version", latestK8SVersion),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.networking", "cni", "cilium"),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.networking", "pod_cidr", "10.11.0.0/16"),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.networking", "service_cidr", "10.12.0.0/16"),
+					resource.TestCheckResourceAttr("scaleway_k8s_cluster.networking", "service_dns_ip", "10.12.0.10"),
+				),
+			},
+		},
+	})
+}