gcloud_alpha_container_clusters_update (1)
NAME
- gcloud alpha container clusters update - update cluster settings for an existing container cluster
SYNOPSIS
-
gcloud alpha container clusters update NAME (--complete-credential-rotation | --complete-ip-rotation | --enable-autoscaling | --enable-binauthz | --enable-legacy-authorization | --enable-master-authorized-networks | --enable-network-policy | --enable-pod-security-policy | --enable-vertical-pod-autoscaling | --generate-password | --maintenance-window=MAINTENANCE_WINDOW | --remove-labels=[KEY,...] | --security-profile=SECURITY_PROFILE | --set-password | --start-credential-rotation | --start-ip-rotation | --update-addons=[ADDON=ENABLED|DISABLED,...] | --update-labels=[KEY=VALUE,...] | --additional-zones=[ZONE,...] | --node-locations=ZONE,[ZONE,...] | --clear-resource-usage-bigquery-dataset | --enable-network-egress-metering --resource-usage-bigquery-dataset=RESOURCE_USAGE_BIGQUERY_DATASET | [--enable-autoprovisioning : --autoprovisioning-config-file=AUTOPROVISIONING_CONFIG_FILE | [--max-cpu=MAX_CPU --max-memory=MAX_MEMORY : --min-cpu=MIN_CPU --min-memory=MIN_MEMORY [--max-accelerator=[type=TYPE,count=COUNT,...] : --min-accelerator=[type=TYPE,count=COUNT,...]]]] | --logging-service=LOGGING_SERVICE --monitoring-service=MONITORING_SERVICE | --password=PASSWORD --enable-basic-auth | --username=USERNAME, -u USERNAME) [--async] [--istio-config=[auth=MTLS_PERMISSIVE,...]] [--master-authorized-networks=NETWORK,[NETWORK,...]] [--node-pool=NODE_POOL] [--max-nodes=MAX_NODES --min-nodes=MIN_NODES] [--region=REGION | --zone=ZONE, -z ZONE] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(ALPHA) Update cluster settings for an existing container cluster.
POSITIONAL ARGUMENTS
-
- NAME
-
- The name of the cluster to update.
- The name of the cluster to update.
REQUIRED FLAGS
-
-
Exactly one of these must be specified:
-
- --complete-credential-rotation
-
Complete the IP and credential rotation for this cluster. For example:
-
$ gcloud alpha container clusters update example-cluster \
--complete-credential-rotation
This causes the cluster to stop serving its old IP, return to a single IP, and invalidate old credentials.
-
$ gcloud alpha container clusters update example-cluster \
- --complete-ip-rotation
-
Complete the IP rotation for this cluster. For example:
-
$ gcloud alpha container clusters update example-cluster \
--complete-ip-rotation
This causes the cluster to stop serving its old IP, and return to a single IP state.
-
$ gcloud alpha container clusters update example-cluster \
- --enable-autoscaling
-
Enables autoscaling for a node pool.
Enables autoscaling in the node pool specified by --node-pool or the default node pool if --node-pool is not provided.
- --enable-binauthz
-
Enable Binary Authorization for this cluster.
- --enable-legacy-authorization
-
Enables the legacy ABAC authentication for the cluster. User rights are granted
through the use of policies which combine attributes together. For a detailed
look at these properties and related formats, see
kubernetes.io/docs/admin/authorization/abac To use RBAC permissions
instead, create or update your cluster with the option
--no-enable-legacy-authorization.
- --enable-master-authorized-networks
-
Allow only specified set of CIDR blocks (specified by the
--master-authorized-networks flag) to connect to Kubernetes master
through HTTPS. Besides these blocks, the following have access as well:
- 1) The private network the cluster connects to if `--enable-private-nodes` is specified. 2) Google Compute Engine Public IPs if `--enable-private-nodes` is not specified.
Use --no-enable-master-authorized-networks to disable. When disabled, public internet (0.0.0.0/0) is allowed to connect to Kubernetes master through HTTPS.
- --enable-network-policy
-
Enable network policy enforcement for this cluster. If you are enabling network
policy on an existing cluster the network policy addon must first be enabled on
the master by using --update-addons=NetworkPolicy=ENABLED flag.
- --enable-pod-security-policy
-
Enables the pod security policy admission controller for the cluster. The pod
security policy admission controller adds fine-grained pod create and update
authorization controls through the PodSecurityPolicy API objects. For more
information, see
cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies
- --enable-vertical-pod-autoscaling
-
Enables vertical pod autoscaling for a cluster.
- --generate-password
-
Ask the server to generate a secure password and use that as the basic auth
password, keeping the existing username.
- --maintenance-window=MAINTENANCE_WINDOW
-
Set a time of day when you prefer maintenance to start on this cluster. For
example:
-
$ gcloud alpha container clusters update example-cluster \
--maintenance-window=12:43
The time corresponds to the UTC time zone, and must be in HH:MM format. To remove an existing maintenance window from the cluster, use '--maintenance-window=None'
-
$ gcloud alpha container clusters update example-cluster \
- --remove-labels=[KEY,...]
-
Labels to remove from the Google Cloud resources in use by the Kubernetes Engine
cluster. These are unrelated to Kubernetes labels. Example:
-
$ gcloud alpha container clusters update example-cluster \
--remove-labels=label_a,label_b
-
$ gcloud alpha container clusters update example-cluster \
- --security-profile=SECURITY_PROFILE
-
Name and version of the security profile to be applied to the cluster. If not
specified, the current setting of security profile will be preserved.
Example:
-
$ gcloud alpha container clusters update example-cluster \
--security-profile=default-1.0-gke.1
-
$ gcloud alpha container clusters update example-cluster \
- --set-password
-
Set the basic auth password to the specified value, keeping the existing
username.
- --start-credential-rotation
-
Start the rotation of IP and credentials for this cluster. For example:
-
$ gcloud alpha container clusters update example-cluster \
--start-credential-rotation
This causes the cluster to serve on two IPs, and will initiate a node upgrade to point to the new IP.
-
$ gcloud alpha container clusters update example-cluster \
- --start-ip-rotation
-
Start the rotation of this cluster to a new IP. For example:
-
$ gcloud alpha container clusters update example-cluster \
--start-ip-rotation
This causes the cluster to serve on two IPs, and will initiate a node upgrade to point to the new IP.
-
$ gcloud alpha container clusters update example-cluster \
- --update-addons=[ADDON=ENABLED|DISABLED,...]
-
Cluster addons to enable or disable. Options are
HorizontalPodAutoscaling=ENABLED|DISABLED HttpLoadBalancing=ENABLED|DISABLED
KubernetesDashboard=ENABLED|DISABLED Istio=ENABLED|DISABLED
NetworkPolicy=ENABLED|DISABLED
- --update-labels=[KEY=VALUE,...]
-
Labels to apply to the Google Cloud resources in use by the Kubernetes Engine
cluster. These are unrelated to Kubernetes labels. Example:
-
$ gcloud alpha container clusters update example-cluster \
--update-labels=label_a=value1,label_b=value2
-
$ gcloud alpha container clusters update example-cluster \
-
At most one of these may be specified:
-
- --additional-zones=[ZONE,...]
-
(DEPRECATED) The set of additional zones in which the cluster's node footprint
should be replicated. All zones must be in the same region as the cluster's
primary zone.
Note that the exact same footprint will be replicated in all zones, such that if you created a cluster with 4 nodes in a single zone and then use this option to spread across 2 more zones, 8 additional nodes will be created.
Multiple locations can be specified, separated by commas. For example:
-
$ gcloud alpha container clusters update example-cluster \
--zone us-central1-a \
--additional-zones us-central1-b,us-central1-c
To remove all zones other than the cluster's primary zone, pass the empty string to the flag. For example:
-
$ gcloud alpha container clusters update example-cluster \
--zone us-central1-a --additional-zones ""
This flag is deprecated. Use --node-locations=PRIMARY_ZONE,[ZONE,...] instead.
-
$ gcloud alpha container clusters update example-cluster \
- --node-locations=ZONE,[ZONE,...]
-
The set of zones in which the specified node footprint should be replicated. All
zones must be in the same region as the cluster's master(s), specified by the
--zone or --region flag. Additionally, for zonal clusters,
--node-locations must contain the cluster's primary zone. If not
specified, all nodes will be in the cluster's primary zone (for zonal clusters)
or spread across three randomly chosen zones within the cluster's region (for
regional clusters).
Note that NUM_NODES nodes will be created in each zone, such that if you specify --num-nodes=4 and choose two locations, 8 nodes will be created.
Multiple locations can be specified, separated by commas. For example:
-
$ gcloud alpha container clusters update example-cluster \
--zone us-central1-a \
--node-locations us-central1-a,us-central1-b
-
$ gcloud alpha container clusters update example-cluster \
-
-
Exports cluster's usage of cloud resources At most one of these may be
specified:
-
- --clear-resource-usage-bigquery-dataset
-
Disables exporting cluster resource usage to BigQuery.
- --enable-network-egress-metering
-
Enable network egress metering on this cluster.
When enabled, a DaemonSet is deployed into the cluster. Each DaemonSet pod meters network egress traffic by collecting data from the conntrack table, and exports the metered metrics to the specified destination.
Network egress metering is disabled if this flag is omitted, or when --no-enable-network-egress-metering is set.
- --resource-usage-bigquery-dataset=RESOURCE_USAGE_BIGQUERY_DATASET
-
The name of the BigQuery dataset to which the cluster's usage of cloud resources
is exported. A table will be created in the specified dataset to store cluster
resource usage. The resulting table can be joined with BigQuery Billing Export
to produce a fine-grained cost breakdown.
Example:
-
$ gcloud alpha container clusters update example-cluster \
--resource-usage-bigquery-dataset=example_bigquery_dataset_name
-
$ gcloud alpha container clusters update example-cluster \
-
-
Node autoprovisioning
-
- --enable-autoprovisioning
-
Enables node autoprovisioning for a cluster.
Cluster Autoscaler will be able to create new node pools. Requires maximum CPU and memory limits to be specified. This flag must be specified if any of the other arguments in this group are specified.
-
At most one of these may be specified:
-
- --autoprovisioning-config-file=AUTOPROVISIONING_CONFIG_FILE
-
Path of the JSON/YAML file which contains information about the cluster's
autoscaling configuration. Currently it only contains a list of resource limits
of the cluster.
Each resource limits definition contains three fields: resourceType, maximum and minimum. Resource type can be "cpu", "memory" or an accelerator (e.g. "nvidia-tesla-k80" for nVidia Tesla K80). Use gcloud compute accelerator-types list to learn about available accelerator types. Maximum is the maximum allowed amount with the unit of the resource. Minimum is the minimum allowed amount with the unit of the resource.
-
Flags to configure resource limits:
-
- --max-cpu=MAX_CPU
-
Maximum number of cores in the cluster.
Maximum number of cores to which the cluster can scale. This flag must be specified if any of the other arguments in this group are specified.
- --max-memory=MAX_MEMORY
-
Maximum memory in the cluster.
Maximum number of gigabytes of memory to which the cluster can scale. This flag must be specified if any of the other arguments in this group are specified.
- --min-cpu=MIN_CPU
-
Minimum number of cores in the cluster.
Minimum number of cores to which the cluster can scale.
- --min-memory=MIN_MEMORY
-
Minimum memory in the cluster.
Minimum number of gigabytes of memory to which the cluster can scale.
-
Arguments to set limits on accelerators:
-
- --max-accelerator=[type=TYPE,count=COUNT,...]
-
Sets maximum limit for a single type of accelerators (e.g. GPUs) in cluster.
-
-
-
-
- type
-
(Required) The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) of
accelerator for which the limit is set. Use gcloud compute accelerator-types
list to learn about all available accelerator types.
- count
-
(Required) The maximum number of accelerators to which the cluster can be
scaled. This flag must be specified if any of the other arguments in this group
are specified.
-
- --min-accelerator=[type=TYPE,count=COUNT,...]
-
Sets minimum limit for a single type of accelerators (e.g. GPUs) in cluster.
Defaults to 0 for all accelerator types if it isn't set.
-
- type
-
(Required) The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) of
accelerator for which the limit is set. Use gcloud compute accelerator-types
list to learn about all available accelerator types.
- count
-
(Required) The minimum number of accelerators to which the cluster can be
scaled.
- --logging-service=LOGGING_SERVICE
-
Logging service to use for the cluster. Options are:
"logging.googleapis.com/kubernetes" (the Google Cloud Logging service with
Kubernetes-native resource model enabled), "logging.googleapis.com" (the Google
Cloud Logging service), "none" (logs will not be exported from the cluster)
- --monitoring-service=MONITORING_SERVICE
-
Monitoring service to use for the cluster. Options are:
"monitoring.googleapis.com/kubernetes" (the Google Cloud Monitoring service with
Kubernetes-native resource model enabled), "monitoring.googleapis.com" (the
Google Cloud Monitoring service), "none" (no metrics will be exported from the
cluster)
-
Basic auth
-
- --password=PASSWORD
-
The password to use for cluster auth. Defaults to a server-specified
randomly-generated string.
-
Options to specify the username. At most one of these may be specified:
-
- --enable-basic-auth
-
Enable basic (username/password) auth for the cluster.
--enable-basic-auth is an alias for --username=admin;
--no-enable-basic-auth is an alias for --username="". Use
--password to specify a password; if not, the server will randomly
generate one. For cluster versions before 1.12, if neither
--enable-basic-auth nor --username is specified,
--enable-basic-auth will default to true. After 1.12,
--enable-basic-auth will default to false.
- --username=USERNAME, -u USERNAME
-
The user name to use for basic auth for the cluster. Use --password to
specify a password; if not, the server will randomly generate one.
-
-
-
-
Exactly one of these must be specified:
OPTIONAL FLAGS
-
- --async
-
Don't wait for the operation to complete.
- --istio-config=[auth=MTLS_PERMISSIVE,...]
-
Configurations for Istio addon, requires --addons contains Istio for create,
or --update-addons Istio=ENABLED for update.
-
- auth
-
Optional Type of auth MTLS_PERMISSIVE or MTLS_STRICT Example:
-
$ gcloud alpha container clusters update example-cluster \
--istio-config=auth=MTLS_PERMISSIVE
-
$ gcloud alpha container clusters update example-cluster \
-
- --master-authorized-networks=NETWORK,[NETWORK,...]
-
The list of CIDR blocks (up to 20) that are allowed to connect to Kubernetes
master through HTTPS. Specified in CIDR notation (e.g. 1.2.3.4/30). Can not be
specified unless --enable-master-authorized-networks is also
specified.
- --node-pool=NODE_POOL
-
Node pool to be updated.
-
Cluster autoscaling
-
- --max-nodes=MAX_NODES
-
Maximum number of nodes in the node pool.
Maximum number of nodes to which the node pool specified by --node-pool (or default node pool if unspecified) can scale. Ignored unless --enable-autoscaling is also specified.
- --min-nodes=MIN_NODES
-
Minimum number of nodes in the node pool.
Minimum number of nodes to which the node pool specified by --node-pool (or default node pool if unspecified) can scale. Ignored unless --enable-autoscaling is also specified.
-
-
At most one of these may be specified:
-
- --region=REGION
-
Compute region (e.g. us-central1) for the cluster.
- --zone=ZONE, -z ZONE
-
Compute zone (e.g. us-central1-a) for the cluster. Overrides the default
compute/zone property value for this command invocation.
-
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
NOTES
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:
- $ gcloud container clusters update $ gcloud beta container clusters update