HEX

File: //snap/google-cloud-cli/394/help/man/man1/gcloud_container_aws_clusters_update.1
.TH "GCLOUD_CONTAINER_AWS_CLUSTERS_UPDATE" 1



.SH "NAME"
.HP
gcloud container aws clusters update \- update an Anthos cluster on AWS



.SH "SYNOPSIS"
.HP
\f5gcloud container aws clusters update\fR (\fICLUSTER\fR\ :\ \fB\-\-location\fR=\fILOCATION\fR) [\fB\-\-admin\-groups\fR=[\fIGROUP\fR,...]] [\fB\-\-admin\-users\fR=\fIUSER\fR,[\fIUSER\fR,...]] [\fB\-\-async\fR] [\fB\-\-binauthz\-evaluation\-mode\fR=\fIBINAUTHZ_EVALUATION_MODE\fR] [\fB\-\-cluster\-version\fR=\fICLUSTER_VERSION\fR] [\fB\-\-config\-encryption\-kms\-key\-arn\fR=\fICONFIG_ENCRYPTION_KMS_KEY_ARN\fR] [\fB\-\-iam\-instance\-profile\fR=\fIIAM_INSTANCE_PROFILE\fR] [\fB\-\-instance\-type\fR=\fIINSTANCE_TYPE\fR] [\fB\-\-logging\fR=\fICOMPONENT\fR,[\fICOMPONENT\fR,...]] [\fB\-\-role\-arn\fR=\fIROLE_ARN\fR] [\fB\-\-role\-session\-name\fR=\fIROLE_SESSION_NAME\fR] [\fB\-\-root\-volume\-iops\fR=\fIROOT_VOLUME_IOPS\fR] [\fB\-\-root\-volume\-kms\-key\-arn\fR=\fIROOT_VOLUME_KMS_KEY_ARN\fR] [\fB\-\-root\-volume\-size\fR=\fIROOT_VOLUME_SIZE\fR] [\fB\-\-root\-volume\-throughput\fR=\fIROOT_VOLUME_THROUGHPUT\fR] [\fB\-\-root\-volume\-type\fR=\fIROOT_VOLUME_TYPE\fR] [\fB\-\-validate\-only\fR] [\fB\-\-annotations\fR=\fIANNOTATION\fR,[\fIANNOTATION\fR,...]\ |\ \fB\-\-clear\-annotations\fR] [\fB\-\-clear\-description\fR\ |\ \fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-clear\-proxy\-config\fR\ |\ \fB\-\-proxy\-secret\-arn\fR=\fIPROXY_SECRET_ARN\fR\ \fB\-\-proxy\-secret\-version\-id\fR=\fIPROXY_SECRET_VERSION_ID\fR] [\fB\-\-clear\-security\-group\-ids\fR\ |\ \fB\-\-security\-group\-ids\fR=[\fISECURITY_GROUP_ID\fR,...]] [\fB\-\-clear\-ssh\-ec2\-key\-pair\fR\ |\ \fB\-\-ssh\-ec2\-key\-pair\fR=\fISSH_EC2_KEY_PAIR\fR] [\fB\-\-clear\-tags\fR\ |\ \fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]] [\fB\-\-disable\-managed\-prometheus\fR\ |\ \fB\-\-enable\-managed\-prometheus\fR] [\fB\-\-disable\-per\-node\-pool\-sg\-rules\fR\ |\ \fB\-\-enable\-per\-node\-pool\-sg\-rules\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(DEPRECATED)\fR Update an Anthos cluster on AWS.

This command is deprecated. See
https://cloud.google.com/kubernetes\-engine/multi\-cloud/docs/aws/deprecations/deprecation\-announcement
for more details.



.SH "EXAMPLES"

To update a cluster named \f5\fImy\-cluster\fR\fR managed in location
\f5\fIus\-west1\fR\fR, run:

.RS 2m
$ gcloud container aws clusters update my\-cluster \e
    \-\-location=us\-west1 \-\-cluster\-version=CLUSTER_VERSION
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Cluster resource \- cluster to update. The arguments in this group can be used
to specify the attributes of this resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5cluster\fR on the command line with a fully specified
name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

This must be specified.


.RS 2m
.TP 2m
\fICLUSTER\fR

ID of the cluster or fully qualified identifier for the cluster.

To set the \f5cluster\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5cluster\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

Google Cloud location for the cluster.

To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5cluster\fR on the command line with a fully specified
name;
.IP "\(bu" 2m
provide the argument \f5\-\-location\fR on the command line;
.IP "\(bu" 2m
set the property \f5container_aws/location\fR.
.RE
.sp


.RE
.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-admin\-groups\fR=[\fIGROUP\fR,...]

Groups of users that can perform operations as a cluster administrator.

.TP 2m
\fB\-\-admin\-users\fR=\fIUSER\fR,[\fIUSER\fR,...]

Users that can perform operations as a cluster administrator.

.TP 2m
\fB\-\-async\fR

Return immediately, without waiting for the operation in progress to complete.

.TP 2m
\fB\-\-binauthz\-evaluation\-mode\fR=\fIBINAUTHZ_EVALUATION_MODE\fR

Set Binary Authorization evaluation mode for this cluster.
\fIBINAUTHZ_EVALUATION_MODE\fR must be one of: \fBDISABLED\fR,
\fBPROJECT_SINGLETON_POLICY_ENFORCE\fR.

.TP 2m
\fB\-\-cluster\-version\fR=\fICLUSTER_VERSION\fR

Kubernetes version to use for the cluster.

.TP 2m
\fB\-\-config\-encryption\-kms\-key\-arn\fR=\fICONFIG_ENCRYPTION_KMS_KEY_ARN\fR

Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data.

.TP 2m
\fB\-\-iam\-instance\-profile\fR=\fIIAM_INSTANCE_PROFILE\fR

Name or ARN of the IAM instance profile associated with the cluster.

.TP 2m
\fB\-\-instance\-type\fR=\fIINSTANCE_TYPE\fR

AWS EC2 instance type for the control plane's nodes.

.TP 2m
\fB\-\-logging\fR=\fICOMPONENT\fR,[\fICOMPONENT\fR,...]

Set the components that have logging enabled.

Examples:

.RS 2m
$ gcloud container aws clusters update \-\-logging=SYSTEM
$ gcloud container aws clusters update \-\-logging=SYSTEM,WORKLOAD
.RE

\fICOMPONENT\fR must be one of: \fBSYSTEM\fR, \fBWORKLOAD\fR.

.TP 2m
\fB\-\-role\-arn\fR=\fIROLE_ARN\fR

Amazon Resource Name (ARN) of the IAM role to assume when managing AWS
resources.

.TP 2m
\fB\-\-role\-session\-name\fR=\fIROLE_SESSION_NAME\fR

Identifier for the assumed role session.

.TP 2m
\fB\-\-root\-volume\-iops\fR=\fIROOT_VOLUME_IOPS\fR

Number of I/O operations per second (IOPS) to provision for the root volume.

.TP 2m
\fB\-\-root\-volume\-kms\-key\-arn\fR=\fIROOT_VOLUME_KMS_KEY_ARN\fR

Amazon Resource Name (ARN) of the AWS KMS key to encrypt the root volume.

.TP 2m
\fB\-\-root\-volume\-size\fR=\fIROOT_VOLUME_SIZE\fR

Size of the root volume. The value must be a whole number followed by a size
unit of \f5GB\fR for gigabyte, or \f5TB\fR for terabyte. If no size unit is
specified, GB is assumed.

.TP 2m
\fB\-\-root\-volume\-throughput\fR=\fIROOT_VOLUME_THROUGHPUT\fR

Throughput to provision for the root volume, in MiB/s. Only valid if the volume
type is GP3. If volume type is GP3 and throughput is not provided, it defaults
to 125.

.TP 2m
\fB\-\-root\-volume\-type\fR=\fIROOT_VOLUME_TYPE\fR

Type of the root volume. \fIROOT_VOLUME_TYPE\fR must be one of: \fBgp2\fR,
\fBgp3\fR.

.TP 2m
\fB\-\-validate\-only\fR

Validate the update of the cluster, but don't actually perform it.

.TP 2m

Annotations

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-annotations\fR=\fIANNOTATION\fR,[\fIANNOTATION\fR,...]

Annotations for the cluster.

.TP 2m
\fB\-\-clear\-annotations\fR

Clear the annotations for the cluster.

.RE
.sp
.TP 2m

Description

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-description\fR

Clear the description for the cluster.

.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR

Description for the cluster.

.RE
.sp
.TP 2m

Proxy config

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-proxy\-config\fR

Clear the proxy configuration associated with the control plane.

.TP 2m

Update existing proxy config parameters


.RS 2m
.TP 2m
\fB\-\-proxy\-secret\-arn\fR=\fIPROXY_SECRET_ARN\fR

ARN of the AWS Secrets Manager secret that contains a proxy configuration.

.TP 2m
\fB\-\-proxy\-secret\-version\-id\fR=\fIPROXY_SECRET_VERSION_ID\fR

Version ID string of the AWS Secrets Manager secret that contains a proxy
configuration.

.RE
.RE
.sp
.TP 2m

Security groups

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-security\-group\-ids\fR

Clear any additional security groups associated with the control plane's nodes.
This does not remove the default security groups.

.TP 2m
\fB\-\-security\-group\-ids\fR=[\fISECURITY_GROUP_ID\fR,...]

IDs of additional security groups to add to the control plane's nodes.

.RE
.sp
.TP 2m

SSH config

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-ssh\-ec2\-key\-pair\fR

Clear the EC2 key pair authorized to login to the control plane's nodes.

.TP 2m
\fB\-\-ssh\-ec2\-key\-pair\fR=\fISSH_EC2_KEY_PAIR\fR

Name of the EC2 key pair authorized to login to the control plane's nodes.

.RE
.sp
.TP 2m

Tags

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-clear\-tags\fR

Clear any tags associated with the control plane's nodes.

.TP 2m
\fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]

Applies the given tags (comma separated) on the control plane. Example:

.RS 2m
$ gcloud container aws clusters update EXAMPLE_CONTROL_PLANE \e
    \-\-tags=tag1=one,tag2=two
.RE

.RE
.sp
.TP 2m

Monitoring Config

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-disable\-managed\-prometheus\fR

Disable managed collection for Managed Service for Prometheus.

.TP 2m
\fB\-\-enable\-managed\-prometheus\fR

Enable managed collection for Managed Service for Prometheus.

.RE
.sp
.TP 2m

Default per node pool security group rules

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-disable\-per\-node\-pool\-sg\-rules\fR

Disable the default per node pool subnet security group rules on the control
plane security group. When disabled, at least one security group that allows
node pools to send traffic to the control plane on ports TCP/443 and TCP/8132
must be provided.

.TP 2m
\fB\-\-enable\-per\-node\-pool\-sg\-rules\fR

Enable the default per node pool subnet security group rules on the control
plane security group.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This variant is also available:

.RS 2m
$ gcloud alpha container aws clusters update
.RE