POSITIONAL ARGUMENTS

NAME

The name of the cluster to update.

REQUIRED FLAGS

Exactly one of these must be specified:

--complete-credential-rotation

Complete the IP and credential rotation for this cluster. For example:

$ gcloud container clusters update example-cluster \
    --complete-credential-rotation

This causes the cluster to stop serving its old IP, return to a single IP, and invalidate old credentials.

--complete-ip-rotation

Complete the IP rotation for this cluster. For example:

$ gcloud container clusters update example-cluster \
    --complete-ip-rotation

This causes the cluster to stop serving its old IP, and return to a single IP state.

--enable-autoscaling

Enables autoscaling for a node pool.
Enables autoscaling in the node pool specified by --node-pool or the default node pool if --node-pool is not provided.

--enable-legacy-authorization

Enables the legacy ABAC authentication for the cluster. User rights are granted through the use of policies which combine attributes together. For a detailed look at these properties and related formats, see kubernetes.io/docs/admin/authorization/abac To use RBAC permissions instead, create or update your cluster with the option --no-enable-legacy-authorization.

--enable-master-authorized-networks

Allow only specified set of CIDR blocks (specified by the --master-authorized-networks flag) to connect to Kubernetes master through HTTPS. Besides these blocks, the following have access as well:

1) The private network the cluster connects to if `--enable-private-nodes` is specified. 2) Google Compute Engine Public IPs if `--enable-private-nodes` is not specified.

Use --no-enable-master-authorized-networks to disable. When disabled, public internet (0.0.0.0/0) is allowed to connect to Kubernetes master through HTTPS.

--enable-network-policy

Enable network policy enforcement for this cluster. If you are enabling network policy on an existing cluster the network policy addon must first be enabled on the master by using --update-addons=NetworkPolicy=ENABLED flag.

--generate-password

Ask the server to generate a secure password and use that as the basic auth password, keeping the existing username.

--logging-service=LOGGING_SERVICE

Logging service to use for the cluster. Options are: "logging.googleapis.com" (the Google Cloud Logging service), "none" (logs will not be exported from the cluster)

--maintenance-window=MAINTENANCE_WINDOW

Set a time of day when you prefer maintenance to start on this cluster. For example:

$ gcloud container clusters update example-cluster \
    --maintenance-window=12:43

The time corresponds to the UTC time zone, and must be in HH:MM format. To remove an existing maintenance window from the cluster, use '--maintenance-window=None'

--monitoring-service=MONITORING_SERVICE

Monitoring service to use for the cluster. Options are: "monitoring.googleapis.com" (the Google Cloud Monitoring service), "none" (no metrics will be exported from the cluster)

--node-locations=ZONE,[ZONE,...]

The set of zones in which the specified node footprint should be replicated. All zones must be in the same region as the cluster's master(s), specified by the --zone or --region flag. Additionally, for zonal clusters, --node-locations must contain the cluster's primary zone. If not specified, all nodes will be in the cluster's primary zone (for zonal clusters) or spread across three randomly chosen zones within the cluster's region (for regional clusters).
Note that NUM_NODES nodes will be created in each zone, such that if you specify --num-nodes=4 and choose two locations, 8 nodes will be created.
Multiple locations can be specified, separated by commas. For example:

$ gcloud container clusters update example-cluster \
    --zone us-central1-a \
    --node-locations us-central1-a,us-central1-b

--remove-labels=[KEY,...]

Labels to remove from the Google Cloud resources in use by the Kubernetes Engine cluster. These are unrelated to Kubernetes labels. Example:

$ gcloud container clusters update example-cluster \
    --remove-labels=label_a,label_b

--set-password

Set the basic auth password to the specified value, keeping the existing username.

--start-credential-rotation

Start the rotation of IP and credentials for this cluster. For example:

$ gcloud container clusters update example-cluster \
    --start-credential-rotation

This causes the cluster to serve on two IPs, and will initiate a node upgrade to point to the new IP.

--start-ip-rotation

Start the rotation of this cluster to a new IP. For example:

$ gcloud container clusters update example-cluster \
    --start-ip-rotation

This causes the cluster to serve on two IPs, and will initiate a node upgrade to point to the new IP.

--update-addons=[ADDON=ENABLED|DISABLED,...]

Cluster addons to enable or disable. Options are HorizontalPodAutoscaling=ENABLED|DISABLED HttpLoadBalancing=ENABLED|DISABLED KubernetesDashboard=ENABLED|DISABLED NetworkPolicy=ENABLED|DISABLED

--update-labels=[KEY=VALUE,...]

Labels to apply to the Google Cloud resources in use by the Kubernetes Engine cluster. These are unrelated to Kubernetes labels. Example:

$ gcloud container clusters update example-cluster \
    --update-labels=label_a=value1,label_b=value2

Basic auth

--password=PASSWORD

The password to use for cluster auth. Defaults to a server-specified randomly-generated string.

Options to specify the username. At most one of these may be specified:

--enable-basic-auth

Enable basic (username/password) auth for the cluster. --enable-basic-auth is an alias for --username=admin; --no-enable-basic-auth is an alias for --username="". Use --password to specify a password; if not, the server will randomly generate one. For cluster versions before 1.12, if neither --enable-basic-auth nor --username is specified, --enable-basic-auth will default to true. After 1.12, --enable-basic-auth will default to false.

--username=USERNAME, -u USERNAME

The user name to use for basic auth for the cluster. Use --password to specify a password; if not, the server will randomly generate one.

OPTIONAL FLAGS

--async

Don't wait for the operation to complete.

--master-authorized-networks=NETWORK,[NETWORK,...]

The list of CIDR blocks (up to 20) that are allowed to connect to Kubernetes master through HTTPS. Specified in CIDR notation (e.g. 1.2.3.4/30). Can not be specified unless --enable-master-authorized-networks is also specified.

--node-pool=NODE_POOL

Node pool to be updated.

Cluster autoscaling

--max-nodes=MAX_NODES

Maximum number of nodes in the node pool.
Maximum number of nodes to which the node pool specified by --node-pool (or default node pool if unspecified) can scale. Ignored unless --enable-autoscaling is also specified.

--min-nodes=MIN_NODES

Minimum number of nodes in the node pool.
Minimum number of nodes to which the node pool specified by --node-pool (or default node pool if unspecified) can scale. Ignored unless --enable-autoscaling is also specified.

At most one of these may be specified:

--region=REGION

Compute region (e.g. us-central1) for the cluster.

--zone=ZONE, -z ZONE

Compute zone (e.g. us-central1-a) for the cluster. Overrides the default compute/zone property value for this command invocation.

GCLOUD WIDE FLAGS

NOTES

$ gcloud alpha container clusters update $ gcloud beta container clusters update