Advanced maintenance control for sole-tenancy lets you control plannedmaintenance events for sole-tenant node groups and minimize maintenance-relateddisruptions. This feature is available only for sole-tenant node groups. To usethis feature with your existing virtual machines, you must first move your VMsto sole-tenant node groups that have advanced maintenance control enabled.

The advanced maintenance control for sole-tenancy feature lets you:

• Check for maintenance events scheduled for a sole-tenant node 28 days inadvance.
• Trigger maintenance immediately or schedule it for later. Note that if youtrigger maintenance immediately, the maintenance takes place within 6 hoursfrom the time you trigger the request.

The following is the process for creating a sole-tenant node group with advancedmaintenance control:

1. Opt into advanced maintenance control on compatible sole-tenancynode groups. This feature is available only for sole-tenant node groups. Touse this feature with your existing VMs or sole-tenant workloads, you mustfirst move your VMs to sole-tenant node groups with advanced maintenancecontrol enabled.

   Note: For a new sole-tenant node created within a node group, no maintenanceevent is planned for the first 28 days.

2. Check for upcoming maintenance for your sole-tenantnodes. Maintenance for a sole-tenant node happens at most every 28 days. Youcan check the maintenance event for a node 28 days before the start of the6-hour maintenance window in which maintenance is scheduled to happen forthat node.

3. If maintenance is scheduled for a sole-tenant node, and before the scheduledmaintenance window begins, you can:

   • Trigger maintenance immediately, or schedule it for later.If you choose to trigger maintenance immediately, maintenance takesplace within 6 hours from the time you trigger the request. Note that thescheduled date and time you choose must be before the start time of theinitial maintenance window.

   • If you don't trigger maintenance immediately or schedule it for later,maintenance happens within the time provided in the initial maintenancewindow.

You can opt to autoscale sole-tenant node groups with advanced maintenance controlenabled. Audit logs are generated in all cases.

Supported machine families

Advanced maintenance control for sole-tenant nodes is supported for the C2, C3,C3D, C4, G2, H3, M1, M2, M3, and M4 machine families inGeneral Availability.

Limitations

The following are the limitations of the advanced maintenance control forsole-tenancy feature:

• Local SSDs and GPUs: Local SSDs and GPUs are not supported by this feature.
• Maintenance policies: This feature supports the default-maintenance policy(live migration). Other maintenance policies, such as, restart in placeand migrate within node group are not supported.
• Nodes: This feature can support a maximum of 20 nodes per project, per zone.
• Advanced maintenance control for existing sole-tenant node groups:You cannot opt-in existing sole-tenant node groups for advanced maintenancecontrol. If you want to run your existing workloads on sole-tenant node groupswith advanced maintenance control enabled, you must first create a new nodegroup with advanced maintenance control enabled and then migrate your workloadinto this group. Similarly, to opt out of advanced maintenance control, youmust migrate your sole-tenant nodes into sole-tenant node groups that don'thave advanced maintenance control enabled.
• Impact on current maintenance policies: When you opt-in for this feature,it overrides any existing maintenance windows associated with the sole-tenantnodes.

Costs

There is no additional cost for using advanced maintenance control on sole-tenantnodes.

Before you begin

• Before provisioning VMs on a sole-tenant node,check your quota. Depending on the number and size of nodes that you reserve, you might need torequest additional quota.
• If you haven't already, set upauthentication. Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:

  Select the tab for how you plan to use the samples on this page:

  Console

  When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

  gcloud

  1. Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:

     gcloudinit

     If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

     Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.
  2. Set a default region and zone.

  REST

  To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

  Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:

  gcloudinit

  If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.

  For more information, seeAuthenticate for using REST in the Google Cloud authentication documentation.

Enable advanced maintenance control on a sole-tenant node

Advanced maintenance control for sole-tenancy is an opt-in feature and isavailable only for sole-tenant node groups. To use this feature with yourexisting VMs or sole-tenant workloads, you must first move your VMs tosole-tenant node groups with advanced maintenance control enabled.

gcloud compute sole-tenancy node-groups createNODE_GROUP_NAME \--node-template=NODE_TEMPLATE_NAME \--zone=NODE_GROUP_ZONE \--target-size=NODE_GROUP_SIZE \--maintenance-interval=RECURRENT

POST https://compute.googleapis.com/compute/projects/PROJECT_ID/zones/NODE_GROUP_ZONE/nodeGroups{"name": "NODE_GROUP_NAME","nodeTemplate": "NODE_TEMPLATE_URL","zone": "NODE_GROUP_ZONE","size": "NODE_GROUP_SIZE","maintenanceInterval": "RECURRENT"}

Check for upcoming maintenance

Maintenance for a sole-tenant node happens at most every 28 days. You can checkthe maintenance event for a node 28 days before the start of the 6-hourmaintenance window, in which maintenance is scheduled to happen for that node.

gcloud compute sole-tenancy node-groups list-nodesNODE_GROUP_NAME \--format "table(name, status, node_type, instances, server_id, upcoming_maintenance)"

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/NODE_GROUP_ZONE/nodeGroups/NODE_GROUP_ID/listNodes

{  …  "items": [    …    {      "name": string,      "status": string,      …      "upcomingMaintenance": {        "canReschedule": boolean,        "maintenanceType": enum, // SCHEDULED | UNSCHEDULED        "windowStartTime": string, // RFC 3339 timestamp string        "windowEndTime": string, // RFC 3339 timestamp string        "latestWindowStartTime": string, // RFC 3339 timestamp string        "maintenanceStatus": enum // PENDING | ONGOING      },      …    },    …  ],  …}

If you don't see any maintenance event, it means that there is no upcomingmaintenance for any nodes in the node group.

Trigger maintenance immediately or schedule maintenance for a node

After you know which nodes in a sole-tenant node group are scheduled formaintenance, you can do one of the following:

• Trigger maintenance immediately. If you choose to trigger maintenanceimmediately, maintenance takes place within 6 hours from the time you triggerthe request.

• Schedule maintenance for later based on your requirements.

If you don't trigger maintenance immediately or schedule it for a later date andtime, maintenance occurs within the initial maintenance window. Once maintenancefor a node begins, you cannot pause or reschedule it.

gcloud compute sole-tenancy node-groups perform-maintenanceNODE_GROUP_NAME \--zone=NODE_GROUP_ZONE \--nodes=NODE_NAMES \--window-start-time=WINDOW_START_TIME

POSThttps://compute.googleapis.com/compute/projects/PROJECT_ID/zones/NODE_GROUP_ZONE/nodeGroups/NODE_GROUP_ID/performMaintenance{"nodes": "NODE_NAMES" // [Required] The user needs to list at least 1 node"windowStartTime":  "WINDOW_START_TIME" // [Optional] RFC 3339 timestamp string}

TheMaintenance Status field of a node displays the following status duringthe maintenance process:

• Pending: The maintenance operation has not yet started, but isscheduled.
• Ongoing: The maintenance window has started. The maintenance event remainsOngoing until the maintenance is successfully completed for the node.

Check if maintenance is complete

To query the maintenance status of a node with advanced maintenance control, usethegcloud compute sole-tenancy node-groups list-nodes command or thenodeGroups.listNodes method.

For more information, seecheck maintenance status.

• Maintenance is successful: If the maintenance of a sole-tenant node issuccessful, the maintenance notification is removed. When you query the nodegroup name, theupcomingMaintenance section will no longer bepresent for the node.
• Maintenance has failed: If maintenance fails to complete in the 6-hourtime window, the maintenance event remainsOngoing until the maintenanceis successfully completed for the node. Upon successful completion, themaintenance notification is removed.

Sometimes, the maintenance trigger request for the date and time of your choicemight be rejected if Google Cloud internal limits on advanced maintenancecontrol for sole-tenancy nodes have exceeded for the specified date and time. Inthis case, you must select another date and time for the maintenance of the node.Maintenance Status for this node isOngoing and remains so untilmaintenance is successfully completed.

Change scheduled maintenance date and time

You can modify the scheduled maintenance date and time for a sole-tenancy nodeusing the same procedure that you use totrigger or schedule maintenance for a node.