scaleway
diff --git a/‎docs/data-sources/vpc_gateway_network.md
+1-1 b/‎docs/data-sources/vpc_gateway_network.md
+1-1
diff --git a/‎docs/data-sources/vpc_public_gateway_dhcp.md
+4 b/‎docs/data-sources/vpc_public_gateway_dhcp.md
+4
diff --git a/‎docs/data-sources/vpc_public_gateway_dhcp_reservation.md
+4 b/‎docs/data-sources/vpc_public_gateway_dhcp_reservation.md
+4
diff --git a/‎docs/guides/migration_guide_vpcgw_v2.md
+177 b/‎docs/guides/migration_guide_vpcgw_v2.md
+177
diff --git a/‎docs/resources/vpc_gateway_network.md
+12-58 b/‎docs/resources/vpc_gateway_network.md
+12-58
diff --git a/‎docs/resources/vpc_public_gateway.md
+2-1 b/‎docs/resources/vpc_public_gateway.md
+2-1
diff --git a/‎docs/resources/vpc_public_gateway_dhcp.md
+4 b/‎docs/resources/vpc_public_gateway_dhcp.md
+4
diff --git a/‎docs/resources/vpc_public_gateway_dhcp_reservation.md
+4 b/‎docs/resources/vpc_public_gateway_dhcp_reservation.md
+4
diff --git a/‎internal/services/k8s/pool_test.go
+5-5 b/‎internal/services/k8s/pool_test.go
+5-5
@@ -37,7 +37,7 @@ data scaleway_vpc_gateway_network by_gateway_and_pn {
 * `gateway_id` - (Optional) ID of the Public Gateway the GatewayNetwork is linked to
 * `private_network_id` - (Optional) ID of the Private Network the GatewayNetwork is linked to
 * `enable_masquerade` - (Optional) Whether masquerade (dynamic NAT) is enabled on requested GatewayNetwork
-* `dhcp_id` - (Optional) ID of the Public Gateway's DHCP configuration
+* `dhcp_id` - (Deprecated) ID of the Public Gateway's DHCP configuration
 
 ## Attributes Reference
 
 
@@ -5,6 +5,10 @@ page_title: "Scaleway: scaleway_vpc_public_gateway_dhcp"
 
 # scaleway_vpc_public_gateway_dhcp  
 
+~> **Important:**  The data source `scaleway_vpc_public_gateway_dhcp` has been deprecated and will no longer be supported.
+In 2023, DHCP functionality was moved from Public Gateways to Private Networks, DHCP resources are now no longer needed.
+For more information, please refer to the [dedicated guide](../guides/migration_guide_vpcgw_v2.md).
+
 Gets information about a Public Gateway DHCP configuration.
 
 ## Example Usage
 
@@ -5,6 +5,10 @@ page_title: "Scaleway: scaleway_vpc_public_gateway_dhcp_reservation"
 
 # scaleway_vpc_public_gateway_dhcp_reservation
 
+~> **Important:**  The data source `scaleway_vpc_public_gateway_dhcp_reservation` has been deprecated and will no longer be supported.
+In 2023, DHCP functionality was moved from Public Gateways to Private Networks, DHCP resources are now no longer needed.
+You can use IPAM to manage your IPs. For more information, please refer to the [dedicated guide](../guides/migration_guide_vpcgw_v2.md).
+
 Gets information about a DHCP entry. For further information, please see the
 [API documentation](https://www.scaleway.com/en/developers/api/public-gateway/#path-dhcp-entries-list-dhcp-entries).
 
 
@@ -0,0 +1,177 @@
+---
+page_title: "Moving a Public Gateway from Legacy mode to IPAM mode, for v2 compatibility"
+---
+
+# Moving a Public Gateway from Legacy mode to IPAM mode
+
+This guide explains how to move a Public Gateway from [Legacy mode](https://www.scaleway.com/en/docs/public-gateways/concepts/#ipam) to IPAM mode. Only gateways in IPAM mode will be compatible with the new v2 of the Public Gateways API. v1 of the API is deprecated, and will be removed before the end of 2025.
+In the legacy setup, DHCP and DHCP reservations are managed with dedicated resources and referenced in the gateway network.
+In IPAM mode, these functionalities are managed by Scaleway IPAM.
+In 2023, DHCP functionality was moved from Public Gateways to Private Networks, DHCP resources are now no longer needed on the Public Gateway itself.
+
+You can find out more about the deprecation of v1 of the Public Gateways API, and the obligatory move to IPAM mode, in the [main Public Gateways documentation](https://www.scaleway.com/en/docs/public-gateways/).
+
+Note:
+Trigger the move from Legacy mode to IPAM mode by setting the `move_to_ipam` flag on your Public Gateway resource.
+You can do this via the Terraform configuration or by using the Scaleway CLI/Console.
+
+Using the CLI:
+Ensure you have at least version v2.38.0 of the Scaleway CLI installed. Then run:
+
+```bash
+scw vpc-gw gateway move-to-ipam 'id-of-the-public-gateway'
+```
+
+
+## Prerequisites
+
+### Ensure the Latest Provider Version
+
+Ensure your Scaleway Terraform provider is updated to at least version `2.52.0`.
+
+```hcl
+terraform {
+  required_providers {
+    scaleway = {
+      source  = "scaleway/scaleway"
+      version = "~> v2.52.0"
+    }
+  }
+}
+```
+
+## Steps to Move to IPAM Mode
+
+### Legacy Configuration
+
+A typical legacy configuration might look like this:
+
+```hcl
+resource "scaleway_vpc" "main" {
+  name = "foo"
+}
+
+resource "scaleway_vpc_private_network" "main" {
+  name   = "bar"
+  vpc_id = scaleway_vpc.main.id
+}
+
+resource "scaleway_vpc_public_gateway_ip" "main" {
+}
+
+resource "scaleway_vpc_public_gateway" "main" {
+  name  = "foobar"
+  type  = "VPC-GW-S"
+  ip_id = scaleway_vpc_public_gateway_ip.main.id
+}
+
+resource "scaleway_vpc_public_gateway_dhcp" "main" {
+  subnet = "192.168.1.0/24"
+}
+
+resource "scaleway_instance_server" "main" {
+  image = "ubuntu_focal"
+  type  = "DEV1-S"
+}
+
+resource "scaleway_instance_private_nic" "main" {
+  server_id          = scaleway_instance_server.main.id
+  private_network_id = scaleway_vpc_private_network.main.id
+}
+
+resource "scaleway_vpc_gateway_network" "main" {
+  gateway_id         = scaleway_vpc_public_gateway.main.id
+  private_network_id = scaleway_vpc_private_network.main.id
+  dhcp_id            = scaleway_vpc_public_gateway_dhcp.main.id
+  cleanup_dhcp       = true
+  enable_masquerade  = true
+}
+
+resource "scaleway_vpc_public_gateway_dhcp_reservation" "main" {
+  gateway_network_id = scaleway_vpc_gateway_network.main.id
+  mac_address        = scaleway_instance_private_nic.main.mac_address
+  ip_address         = "192.168.1.1"
+}
+```
+
+### Triggering the move to IPAM-mode
+
+Before updating your configuration, you must trigger the move to IPAM-mode on the Public Gateway resource. For example, add the `move_to_ipam` flag:
+
+```hcl
+resource "scaleway_vpc_public_gateway" "main" {
+  name          = "foobar"
+  type          = "VPC-GW-S"
+  ip_id         = scaleway_vpc_public_gateway_ip.main.id
+  move_to_ipam  = true
+}
+```
+
+This call puts the gateway into IPAM mode and means it will now be managed by v2 of the API instead of v1. The DHCP configuration and reservations remain intact, but the underlying resource is now managed using v2.
+
+### Updated Configuration
+
+After triggering the move, update your Terraform configuration as follows:
+
+1. **Remove the DHCP and DHCP Reservation Resources**
+
+    Since DHCP functionality is built directly into Private Networks, you no longer need the DHCP configuration resources. Delete the following from your config:
+
+    `scaleway_vpc_public_gateway_dhcp`
+    `scaleway_vpc_public_gateway_dhcp_reservation`
+
+2. **Update the Gateway Network**
+
+    Replace the DHCP related attributes with an `ipam_config` block. For example
+
+    ```hcl
+    resource "scaleway_vpc_gateway_network" "main" {
+      gateway_id         = scaleway_vpc_public_gateway.main.id
+      private_network_id = scaleway_vpc_private_network.main.id
+      enable_masquerade  = true
+      ipam_config {
+        push_default_route = false
+      }
+    }
+    ```
+
+### Using the IPAM Datasource and Resource for Reservations
+
+After putting your Public Gateway in IPAM mode, you no longer manage DHCP reservations with dedicated resources.
+Instead, you remove the legacy DHCP reservation resource and switch to using IPAM to manage your IPs.
+
+1. **Retrieve an Existing IP with the IPAM Datasource**  
+   If you have already reserved an IP (for example, via your legacy configuration), even after deleting the DHCP reservation resource the IP is still available. You can retrieve it using the `scaleway_ipam_ip` datasource. For instance:
+
+   ```hcl
+   data "scaleway_ipam_ip" "existing" {
+     mac_address = scaleway_instance_private_nic.main.mac_address
+     type        = "ipv4"
+   }
+   ```
+
+   You can now use `data.scaleway_ipam_ip.existing.id` in your configuration to reference the reserved IP.
+
+2. **Book New IPs Using the IPAM IP Resource**
+   If you need to reserve new IPs, use the `scaleway_ipam_ip` resource. This resource allows you to explicitly book an IP from your private network. For example:
+
+   ```hcl
+   resource "scaleway_ipam_ip" "new_ip" {
+     address = "192.168.1.1"
+     source {
+       private_network_id = scaleway_vpc_private_network.main.id
+     }
+   }
+   ```
+
+3. **Attach the Reserved IP to Your Resources**
+
+   Once you have your IP—whether retrieved via the datasource or booked as a new resource—you can attach it to your server’s private NIC:
+
+   ```hcl
+   resource "scaleway_instance_private_nic" "pnic01" {
+     private_network_id = scaleway_vpc_private_network.main.id
+     server_id          = scaleway_instance_server.main.id
+     ipam_ip_ids        = [scaleway_ipam_ip.new_ip.id]
+   }
+   ```
@@ -7,8 +7,8 @@ page_title: "Scaleway: scaleway_vpc_gateway_network"
 
 Creates and manages GatewayNetworks (connections between a Public Gateway and a Private Network).
 
-It allows the attachment of Private Networks to Public Gateways and DHCP configurations.
-For more information, see the [API documentation](https://www.scaleway.com/en/developers/api/public-gateway/#step-3-attach-private-networks-to-the-vpc-public-gateway).
+It allows the attachment of Private Networks to Public Gateways.
+For more information, see [the API documentation](https://www.scaleway.com/en/developers/api/public-gateway/#step-3-attach-private-networks-to-the-vpc-public-gateway).
 
 ## Example Usage
 
@@ -80,73 +80,27 @@ resource scaleway_vpc_gateway_network main {
 }
 ```
 
-### Create a GatewayNetwork with DHCP
-
-```terraform
-resource "scaleway_vpc_private_network" "pn01" {
-  name = "pn_test_network"
-}
-
-resource "scaleway_vpc_public_gateway_ip" "gw01" {
-}
-
-resource "scaleway_vpc_public_gateway_dhcp" "dhcp01" {
-  subnet = "192.168.1.0/24"
-  push_default_route = true
-}
-
-resource "scaleway_vpc_public_gateway" "pg01" {
-  name = "foobar"
-  type = "VPC-GW-S"
-  ip_id = scaleway_vpc_public_gateway_ip.gw01.id
-}
-
-resource "scaleway_vpc_gateway_network" "main" {
-  gateway_id = scaleway_vpc_public_gateway.pg01.id
-  private_network_id = scaleway_vpc_private_network.pn01.id
-  dhcp_id = scaleway_vpc_public_gateway_dhcp.dhcp01.id
-  cleanup_dhcp       = true
-  enable_masquerade  = true
-}
-```
-
-### Create a GatewayNetwork with a static IP address
-
-```terraform
-resource scaleway_vpc_private_network pn01 {
-  name = "pn_test_network"
-}
-
-resource scaleway_vpc_public_gateway pg01 {
-  name = "foobar"
-  type = "VPC-GW-S"
-}
-
-resource scaleway_vpc_gateway_network main {
-  gateway_id = scaleway_vpc_public_gateway.pg01.id
-  private_network_id = scaleway_vpc_private_network.pn01.id
-  enable_dhcp = false
-  enable_masquerade = true
-  static_address = "192.168.1.42/24"
-}
-```
-
 ## Argument Reference
 
 The following arguments are supported:
 
 - `gateway_id` - (Required) The ID of the Public Gateway.
 - `private_network_id` - (Required) The ID of the Private Network.
-- `dhcp_id` - (Required) The ID of the Public Gateway DHCP configuration. Only one of `dhcp_id`, `static_address` and `ipam_config` should be specified.
-- `enable_masquerade` - (Defaults to true) Whether masquerade (dynamic NAT) should be enabled on this GatewayNetwork
-- `enable_dhcp` - (Defaults to true) Whether a DHCP configuration should be enabled on this GatewayNetwork. Requires a DHCP ID.
-- `cleanup_dhcp` - (Defaults to false) Whether to remove DHCP configuration on this GatewayNetwork upon destroy. Requires DHCP ID.
-- `static_address` - Enable DHCP configration on this GatewayNetwork. Only one of `dhcp_id`, `static_address` and `ipam_config` should be specified.
 - `ipam_config` - Auto-configure the GatewayNetwork using Scaleway's IPAM (IP address management service). Only one of `dhcp_id`, `static_address` and `ipam_config` should be specified.
     - `push_default_route` - Defines whether to enable the default route on the GatewayNetwork.
     - `ipam_ip_id` - Use this IPAM-booked IP ID as the Gateway's IP in this Private Network.
+- `enable_masquerade` - (Defaults to true) Whether masquerade (dynamic NAT) should be enabled on this GatewayNetwork.
 - `zone` - (Defaults to [provider](../index.md#zone) `zone`) The [zone](../guides/regions_and_zones.md#zones) in which the gateway network should be created.
 
+~> **Important:**  
+In 2023, DHCP functionality was moved from Public Gateways to Private Networks, DHCP fields are now deprecated.
+For more information, please refer to the [dedicated guide](../guides/migration_guide_vpcgw_v2.md).
+
+- `dhcp_id` - (Deprecated) Please use `ipam_config`. The ID of the Public Gateway DHCP configuration. Only one of `dhcp_id`, `static_address` and `ipam_config` should be specified.
+- `enable_dhcp` - (Deprecated) Please use `ipam_config`. Whether a DHCP configuration should be enabled on this GatewayNetwork. Requires a DHCP ID.
+- `cleanup_dhcp` - (Deprecated) Please use `ipam_config`. Whether to remove DHCP configuration on this GatewayNetwork upon destroy. Requires DHCP ID.
+- `static_address` - (Deprecated) Please use `ipam_config`. Enable DHCP configration on this GatewayNetwork. Only one of `dhcp_id`, `static_address` and `ipam_config` should be specified.
+
 ## Attributes Reference
 
 In addition to all arguments above, the following attributes are exported:
 
@@ -59,10 +59,11 @@ The following arguments are supported:
 - `tags` - (Optional) The tags to associate with the Public Gateway.
 - `zone` - (Defaults to [provider](../index.md#zone) `zone`) The [zone](../guides/regions_and_zones.md#zones) in which the Public Gateway should be created.
 - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the public gateway is associated with.
-- `upstream_dns_servers` - (Optional) Override the gateway's default recursive DNS servers, if DNS features are enabled.
+- `upstream_dns_servers` - (Deprecated) Override the gateway's default recursive DNS servers, if DNS features are enabled.
 - `ip_id` - (Optional) Attach an existing flexible IP to the gateway.
 - `bastion_enabled` - (Optional) Enable SSH bastion on the gateway.
 - `bastion_port` - (Optional) The port on which the SSH bastion will listen.
+- `allowed_ip_ranges` - (Optional) Set a definitive list of IP ranges (in CIDR notation) allowed to connect to the SSH bastion.
 - `enable_smtp` - (Optional) Enable SMTP on the gateway.
 - `refresh_ssh_keys` - (Optional) Trigger a refresh of the SSH keys on the Public Gateway by changing this field's value.
 
 
@@ -5,6 +5,10 @@ page_title: "Scaleway: scaleway_vpc_public_gateway_dhcp"
 
 # Resource: scaleway_vpc_public_gateway_dhcp
 
+~> **Important:**  The resource `scaleway_vpc_public_gateway_dhcp` has been deprecated and will no longer be supported.
+In 2023, DHCP functionality was moved from Public Gateways to Private Networks, DHCP resources are now no longer needed.
+For more information, please refer to the [dedicated guide](../guides/migration_guide_vpcgw_v2.md).
+
 Creates and manages Scaleway VPC Public Gateway DHCP configurations.
 For more information, see the [API documentation](https://www.scaleway.com/en/developers/api/public-gateway/#dhcp-c05544).
 
 
@@ -5,6 +5,10 @@ page_title: "Scaleway: scaleway_vpc_public_gateway_dhcp_reservation"
 
 # Resource: scaleway_vpc_public_gateway_dhcp_reservation
 
+~> **Important:**  The resource `scaleway_vpc_public_gateway_dhcp_reservation` has been deprecated and will no longer be supported.
+In 2023, DHCP functionality was moved from Public Gateways to Private Networks, DHCP resources are now no longer needed.
+You can use IPAM to manage your IPs. For more information, please refer to the [dedicated guide](../guides/migration_guide_vpcgw_v2.md).
+
 Creates and manages [Scaleway DHCP Reservations](https://www.scaleway.com/en/docs/vpc/concepts/#dhcp).
 
 These static associations are used to assign IP addresses based on the MAC addresses of the resource.
 
@@ -476,18 +476,18 @@ func TestAccPool_PublicIPDisabled(t *testing.T) {
 				resource "scaleway_vpc_private_network" "public_ip" {
 				  name       = "test-k8s-public-ip"
 				}
+
 				resource "scaleway_vpc_public_gateway" "public_ip" {
    				  name = "test-k8s-public-ip"
     			  type = "VPC-GW-S"
 				}
-				resource "scaleway_vpc_public_gateway_dhcp" "public_ip" {
-				  subnet = "192.168.0.0/22"
-				  push_default_route = true
-				}
+
 				resource "scaleway_vpc_gateway_network" "public_ip" {
 				  gateway_id = scaleway_vpc_public_gateway.public_ip.id
 				  private_network_id = scaleway_vpc_private_network.public_ip.id
-				  dhcp_id = scaleway_vpc_public_gateway_dhcp.public_ip.id
+				  ipam_config {
+					push_default_route = true
+				  }
 				}
 
 				resource "scaleway_k8s_cluster" "public_ip" {