mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 18:45:13 +00:00
250 lines
8.7 KiB
Text
250 lines
8.7 KiB
Text
NAME
|
|
gcloud container aws clusters update - update an Anthos cluster on AWS
|
|
|
|
SYNOPSIS
|
|
gcloud container aws clusters update (CLUSTER : --location=LOCATION)
|
|
[--admin-groups=[GROUP,...]] [--admin-users=USER,[USER,...]] [--async]
|
|
[--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE]
|
|
[--cluster-version=CLUSTER_VERSION]
|
|
[--config-encryption-kms-key-arn=CONFIG_ENCRYPTION_KMS_KEY_ARN]
|
|
[--iam-instance-profile=IAM_INSTANCE_PROFILE]
|
|
[--instance-type=INSTANCE_TYPE] [--logging=COMPONENT,[COMPONENT,...]]
|
|
[--role-arn=ROLE_ARN] [--role-session-name=ROLE_SESSION_NAME]
|
|
[--root-volume-iops=ROOT_VOLUME_IOPS]
|
|
[--root-volume-kms-key-arn=ROOT_VOLUME_KMS_KEY_ARN]
|
|
[--root-volume-size=ROOT_VOLUME_SIZE]
|
|
[--root-volume-throughput=ROOT_VOLUME_THROUGHPUT]
|
|
[--root-volume-type=ROOT_VOLUME_TYPE] [--validate-only]
|
|
[--annotations=ANNOTATION,[ANNOTATION,...] | --clear-annotations]
|
|
[--clear-description | --description=DESCRIPTION]
|
|
[--clear-proxy-config | --proxy-secret-arn=PROXY_SECRET_ARN
|
|
--proxy-secret-version-id=PROXY_SECRET_VERSION_ID]
|
|
[--clear-security-group-ids
|
|
| --security-group-ids=[SECURITY_GROUP_ID,...]]
|
|
[--clear-ssh-ec2-key-pair | --ssh-ec2-key-pair=SSH_EC2_KEY_PAIR]
|
|
[--clear-tags | --tags=TAG,[TAG,...]]
|
|
[--disable-managed-prometheus | --enable-managed-prometheus]
|
|
[--disable-per-node-pool-sg-rules | --enable-per-node-pool-sg-rules]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
Update an Anthos cluster on AWS.
|
|
|
|
EXAMPLES
|
|
To update a cluster named my-cluster managed in location us-west1, run:
|
|
|
|
$ gcloud container aws clusters update my-cluster \
|
|
--location=us-west1 --cluster-version=CLUSTER_VERSION
|
|
|
|
POSITIONAL ARGUMENTS
|
|
Cluster resource - cluster to update. The arguments in this group can be
|
|
used to specify the attributes of this resource. (NOTE) Some attributes
|
|
are not given arguments in this group but can be set in other ways.
|
|
|
|
To set the project attribute:
|
|
◆ provide the argument cluster on the command line with a fully
|
|
specified name;
|
|
◆ provide the argument --project on the command line;
|
|
◆ set the property core/project.
|
|
|
|
This must be specified.
|
|
|
|
CLUSTER
|
|
ID of the cluster or fully qualified identifier for the cluster.
|
|
|
|
To set the cluster attribute:
|
|
▸ provide the argument cluster on the command line.
|
|
|
|
This positional argument must be specified if any of the other
|
|
arguments in this group are specified.
|
|
|
|
--location=LOCATION
|
|
Google Cloud location for the cluster.
|
|
|
|
To set the location attribute:
|
|
▸ provide the argument cluster on the command line with a fully
|
|
specified name;
|
|
▸ provide the argument --location on the command line;
|
|
▸ set the property container_aws/location.
|
|
|
|
FLAGS
|
|
--admin-groups=[GROUP,...]
|
|
Groups of users that can perform operations as a cluster administrator.
|
|
|
|
--admin-users=USER,[USER,...]
|
|
Users that can perform operations as a cluster administrator.
|
|
|
|
--async
|
|
Return immediately, without waiting for the operation in progress to
|
|
complete.
|
|
|
|
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
|
|
Set Binary Authorization evaluation mode for this cluster.
|
|
BINAUTHZ_EVALUATION_MODE must be one of: DISABLED,
|
|
PROJECT_SINGLETON_POLICY_ENFORCE.
|
|
|
|
--cluster-version=CLUSTER_VERSION
|
|
Kubernetes version to use for the cluster.
|
|
|
|
--config-encryption-kms-key-arn=CONFIG_ENCRYPTION_KMS_KEY_ARN
|
|
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data.
|
|
|
|
--iam-instance-profile=IAM_INSTANCE_PROFILE
|
|
Name or ARN of the IAM instance profile associated with the cluster.
|
|
|
|
--instance-type=INSTANCE_TYPE
|
|
AWS EC2 instance type for the control plane's nodes.
|
|
|
|
--logging=COMPONENT,[COMPONENT,...]
|
|
Set the components that have logging enabled.
|
|
|
|
Examples:
|
|
|
|
$ gcloud container aws clusters update --logging=SYSTEM
|
|
$ gcloud container aws clusters update --logging=SYSTEM,WORKLOAD
|
|
|
|
COMPONENT must be one of: SYSTEM, WORKLOAD.
|
|
|
|
--role-arn=ROLE_ARN
|
|
Amazon Resource Name (ARN) of the IAM role to assume when managing AWS
|
|
resources.
|
|
|
|
--role-session-name=ROLE_SESSION_NAME
|
|
Identifier for the assumed role session.
|
|
|
|
--root-volume-iops=ROOT_VOLUME_IOPS
|
|
Number of I/O operations per second (IOPS) to provision for the root
|
|
volume.
|
|
|
|
--root-volume-kms-key-arn=ROOT_VOLUME_KMS_KEY_ARN
|
|
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the root
|
|
volume.
|
|
|
|
--root-volume-size=ROOT_VOLUME_SIZE
|
|
Size of the root volume. The value must be a whole number followed by a
|
|
size unit of GB for gigabyte, or TB for terabyte. If no size unit is
|
|
specified, GB is assumed.
|
|
|
|
--root-volume-throughput=ROOT_VOLUME_THROUGHPUT
|
|
Throughput to provision for the root volume, in MiB/s. Only valid if
|
|
the volume type is GP3. If volume type is GP3 and throughput is not
|
|
provided, it defaults to 125.
|
|
|
|
--root-volume-type=ROOT_VOLUME_TYPE
|
|
Type of the root volume. ROOT_VOLUME_TYPE must be one of: gp2, gp3.
|
|
|
|
--validate-only
|
|
Validate the update of the cluster, but don't actually perform it.
|
|
|
|
Annotations
|
|
|
|
At most one of these can be specified:
|
|
|
|
--annotations=ANNOTATION,[ANNOTATION,...]
|
|
Annotations for the cluster.
|
|
|
|
--clear-annotations
|
|
Clear the annotations for the cluster.
|
|
|
|
Description
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-description
|
|
Clear the description for the cluster.
|
|
|
|
--description=DESCRIPTION
|
|
Description for the cluster.
|
|
|
|
Proxy config
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-proxy-config
|
|
Clear the proxy configuration associated with the control plane.
|
|
|
|
Update existing proxy config parameters
|
|
|
|
--proxy-secret-arn=PROXY_SECRET_ARN
|
|
ARN of the AWS Secrets Manager secret that contains a proxy
|
|
configuration.
|
|
|
|
--proxy-secret-version-id=PROXY_SECRET_VERSION_ID
|
|
Version ID string of the AWS Secrets Manager secret that contains a
|
|
proxy configuration.
|
|
|
|
Security groups
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-security-group-ids
|
|
Clear any additional security groups associated with the control
|
|
plane's nodes. This does not remove the default security groups.
|
|
|
|
--security-group-ids=[SECURITY_GROUP_ID,...]
|
|
IDs of additional security groups to add to the control plane's
|
|
nodes.
|
|
|
|
SSH config
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-ssh-ec2-key-pair
|
|
Clear the EC2 key pair authorized to login to the control plane's
|
|
nodes.
|
|
|
|
--ssh-ec2-key-pair=SSH_EC2_KEY_PAIR
|
|
Name of the EC2 key pair authorized to login to the control plane's
|
|
nodes.
|
|
|
|
Tags
|
|
|
|
At most one of these can be specified:
|
|
|
|
--clear-tags
|
|
Clear any tags associated with the control plane's nodes.
|
|
|
|
--tags=TAG,[TAG,...]
|
|
Applies the given tags (comma separated) on the control plane.
|
|
Example:
|
|
|
|
$ gcloud container aws clusters update EXAMPLE_CONTROL_PLANE \
|
|
--tags=tag1=one,tag2=two
|
|
|
|
Monitoring Config
|
|
|
|
At most one of these can be specified:
|
|
|
|
--disable-managed-prometheus
|
|
Disable managed collection for Managed Service for Prometheus.
|
|
|
|
--enable-managed-prometheus
|
|
Enable managed collection for Managed Service for Prometheus.
|
|
|
|
Default per node pool security group rules
|
|
|
|
At most one of these can be specified:
|
|
|
|
--disable-per-node-pool-sg-rules
|
|
Disable the default per node pool subnet security group rules on the
|
|
control plane security group. When disabled, at least one security
|
|
group that allows node pools to send traffic to the control plane on
|
|
ports TCP/443 and TCP/8132 must be provided.
|
|
|
|
--enable-per-node-pool-sg-rules
|
|
Enable the default per node pool subnet security group rules on the
|
|
control plane security group.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This variant is also available:
|
|
|
|
$ gcloud alpha container aws clusters update
|
|
|