Update your Azure cluster parameters

This page describes how to update your GKE on Azure cluster's settings.You can use these instructions to update any updatable setting in your cluster,including the Kubernetes version. Because upgrading the version is oneof the most common cluster update operations, a separateupgrade your cluster page covers howto upgrade a cluster version.

Reasons to update a cluster

You might update a cluster for any of the following reasons:

  • To update your cluster's description.
  • To update your cluster's annotations.
  • To update your cluster's list of administrative users.
  • To update your cluster's logging configuration.
  • To update your cluster's VM size.
  • To update your cluster's AzureClient.
  • To update your cluster's Authentication from AzureClient to workload identity federation.

You can also update other fields in your clusters not listed here.For a complete list of fields you can update, see thegcloud container azure clusters updateand theprojects.locations.azureClusters.patchdocumentation.

Prerequisites

  • To update any of your cluster's fields, you must have thegkemulticloud.googleapis.com/azureClusters.update Identity and Access Management permission.

The update process

The process by which GKE on Azure updates a cluster differs dependingon the type of update. For some changes, GKE on Azure can update acluster without restarting or recreating any resources—for example,updating a cluster's description. GKE on Azure makes these changesimmediately.

Other changes require restarting the control plane nodes—forexample, updating the VM size or Kubernetes version.For such updates, GKE on Azure performs a "rolling update" consistingof the following steps:

  1. Choose one control plane instance to update. GKE on Azure updates unhealthy instances, if any, before healthy ones.
  2. Delete the instance. GKE on Azure recreates the instance and the instance boots with the new configuration.
  3. Perform health checks on the new instance.
  4. If the health checks succeed, select another instance and perform the same steps on it. Repeat this cycle until all instances are restarted or recreated. If the health check fails, GKE on Azure places the cluster into aDEGRADED state and stops the update. For more information, see the following section.

When an update fails

After an update, GKE on Azure performs a health check on the cluster.If the health check fails, the cluster is marked asDEGRADED. You can displaythe status of your cluster with the following Google Cloud CLI command:

gcloudcontainerazureclustersdescribeCLUSTER_NAME\--location=GOOGLE_CLOUD_LOCATION

Replace the following:

  • CLUSTER_NAME: the name of your cluster
  • GOOGLE_CLOUD_LOCATION: the Google Cloud region thatmanages your cluster

Update your cluster

You can use either the Google Cloud console, the Google Cloud CLI, or theGKE Multi-Cloud API to update multiple cluster fields at once.

Choose an update method

You can update most fields through either the console, thegcloud CLI, or the GKE Multi-Cloud API. Some fields can only be updatedthrough one mechanism or the other. If you want to use the console to updatea cluster, you must first choose and configure an authentication method forlogging in to the cluster. For more information, seeConnect and authenticate to your cluster.

Console

  1. In the Google Cloud console, go to theGoogle Kubernetes Engine clustersoverview page.

    Go to GKE clusters

  2. Select the Google Cloud project that the cluster is in.

  3. In the cluster list, select the name of the cluster, and then selectView details in the side panel.

  4. On theDetails tab, selectEdit on the field that you want to change.

    For example, to grant cluster administrative privileges to other usersselectEdit next toAdmin users and enter the email address of the user.

  5. When you are finished making changes, selectDone.

gcloud

When you update a cluster using the gcloud CLI, you must alwaysinclude theCLUSTER_NAME andGOOGLE_CLOUD_LOCATION fields, which tellGKE on Azure what cluster to update. In the following command, onlyinclude the fields that you want to update; remove the other fields beforerunning the command.

gcloudcontainerazureclustersupdateCLUSTER_NAME\--location=GOOGLE_CLOUD_LOCATION\--cluster-version=CLUSTER_VERSION\--admin-users=USERNAME_LIST\--client=CLIENT_NAME\--vm-size=VM_SIZE

Replace the following:

  • CLUSTER_NAME: the name of your cluster
  • GOOGLE_CLOUD_LOCATION (required): thesupported Google Cloud regionthat manages your cluster—for example,us-west1
  • CLUSTER_VERSION: the newsupported cluster version
  • USERNAME_LIST: a comma-separated list of usernames, for example, "kai@example.com,hao@example.com,kalani@example.com". These are the email addresses of the users you're granting administrative privileges on this cluster to. The names in this setting will replace any previous list of admin-users on the cluster.
  • CLIENT_NAME: your AzureClient
  • VM_SIZE: the new supportedVM size

To update the cluster's Authentication from AzureClient toworkload identity federation,run the following command:

gcloudcontainerazureclustersupdateCLUSTER_NAME\--location=GOOGLE_CLOUD_LOCATION\--azure-tenant-id="${TENANT_ID}"\--azure-application-id="${APPLICATION_ID}"\--clear-client

API

When you update a cluster using the GKE Multi-Cloud API, you must alwaysinclude theCLUSTER_NAME andGOOGLE_CLOUD_LOCATION fields in the HTTP request. Thesefields tell GKE on Azure what cluster to update. You must alsoinclude the API endpoint in the request. You create a JSON file with thefields that you want to update. Only include the fields that you want toupdate in the JSON file and in theUPDATE_MASK.

The following example shows how to update your cluster through the API.For more information, including the list of fields that you can update, seetheprojects.locations.azureClusters.patchmethod documentation.

  1. Create a JSON file namedcluster_update.json with the fields thatyou want to update.

    • When usingworkload identity federation,the JSON file should look like this:
      {  "description": "CLUSTER_DESCRIPTION",  "controlPlane": {    "version": "CLUSTER_VERSION",    "vm_size": "VM_SIZE  },  "azureServicesAuthentication": {    "tenantId": "TENANT_ID",    "applicationId": "APPLICATION_ID"  },  "authorization": {      "adminUsers": [          {          "username":USERNAME1,          "username":USERNAME2,          "username":USERNAME3          }      ]  }}
    • When usingAzure client,the JSON file should look like this:
      {  "description": "CLUSTER_DESCRIPTION",  "controlPlane": {    "version": "CLUSTER_VERSION",    "vm_size": "VM_SIZE  },  "azureClient": "CLIENT_NAME",  "authorization": {      "adminUsers": [          {          "username":USERNAME1,          "username":USERNAME2,          "username":USERNAME3          }      ]  }}

    Replace the following:

    • CLUSTER_VERSION: the newsupported cluster version. Note thatyou must upgrade through all minor versions when upgrading your cluster
    • CLUSTER_DESCRIPTION: the new cluster description
    • USERNAME1,USERNAME2,USERNAME3:the email addresses of the users you'regranting administrative privileges on this cluster to. The names inthese fields will replace any previous list of admin-users on the cluster.
    • CLIENT_NAME: yourAzureClient name
    • TENANT_ID: the Azure tenant ID
    • APPLICATION_ID: the Azure application ID that wascreated inCreate an Azure Active Directory Application
    • VM_SIZE: the newVM size

  2. Update these settings through the GKE Multi-Cloud API with following command.

    curl-d@cluster_update.json-XPATCH\ENDPOINT/projects/PROJECT_ID/locations/GOOGLE_CLOUD_LOCATION/azureClusters/CLUSTER_NAME?update_mask=UPDATE_MASK

Replace the following:

  • ENDPOINT (required): Your Google Cloudservice endpoint
  • PROJECT_ID (required): Your Google Cloud project
  • GOOGLE_CLOUD_LOCATION (required): thesupported Google Cloud regionthat manages your cluster—for example,us-west1
  • CLUSTER_NAME (required): Your cluster name
  • UPDATE_MASK (required): a comma-separated list of oneor more of the following flags, indicating which fields you want toupdate. In this example, specify the following.
    • controlPlane.version
    • description
    • authorization.admin_users
    • control_plane.vm_size
    • azure_client
    • azure_services_authentication.tenant_id
    • azure_services_authentication.application_id

To update the cluster's Authentication from AzureClient toworkload identity federation,addazure_client,azure_services_authentication.tenant_id andazure_services_authentication.application_id in the fieldupdate_mask.

Update Logging Config

You can update your cluster'sCloud Loggingconfiguration settings with the Google Cloud CLI.To update the logging configuration, run the followingcommand:

gcloudcontainerazureclustersupdateCLUSTER_NAME\--location=GOOGLE_CLOUD_LOCATION\--logging=LOGGING_CONFIG\

Replace the following:

  • CLUSTER_NAME: your cluster's name
  • GOOGLE_CLOUD_LOCATION: thesupported Google Cloud regionthat manages your cluster—for example,us-west1
  • LOGGING_CONFIG: [SYSTEM] or [SYSTEM,WORKLOAD]

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-24 UTC.