gcloud container aws clusters update

NAME
gcloud container aws clusters update - update an Anthos cluster on AWS
SYNOPSIS
gcloud container aws clusters update(CLUSTER :--location=LOCATION)[--admin-groups=[GROUP,…]][--admin-users=USER,[USER,…]][--async][--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE][--cluster-version=CLUSTER_VERSION][--config-encryption-kms-key-arn=CONFIG_ENCRYPTION_KMS_KEY_ARN][--iam-instance-profile=IAM_INSTANCE_PROFILE][--instance-type=INSTANCE_TYPE][--logging=COMPONENT,[COMPONENT,…]][--role-arn=ROLE_ARN][--role-session-name=ROLE_SESSION_NAME][--root-volume-iops=ROOT_VOLUME_IOPS][--root-volume-kms-key-arn=ROOT_VOLUME_KMS_KEY_ARN][--root-volume-size=ROOT_VOLUME_SIZE][--root-volume-throughput=ROOT_VOLUME_THROUGHPUT][--root-volume-type=ROOT_VOLUME_TYPE][--validate-only][--annotations=ANNOTATION,[ANNOTATION,…]    |--clear-annotations][--clear-description    |--description=DESCRIPTION][--clear-proxy-config    |--proxy-secret-arn=PROXY_SECRET_ARN--proxy-secret-version-id=PROXY_SECRET_VERSION_ID][--clear-security-group-ids    |--security-group-ids=[SECURITY_GROUP_ID,…]][--clear-ssh-ec2-key-pair    |--ssh-ec2-key-pair=SSH_EC2_KEY_PAIR][--clear-tags    |--tags=TAG,[TAG,…]][--disable-managed-prometheus    |--enable-managed-prometheus][--disable-per-node-pool-sg-rules    |--enable-per-node-pool-sg-rules][GCLOUD_WIDE_FLAG]
DESCRIPTION
(DEPRECATED) Update an Anthos cluster on AWS.

This command is deprecated. Seehttps://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/deprecations/deprecation-announcementfor more details.

EXAMPLES
To update a cluster namedmy-clustermanaged in locationus-west1, run:
gcloudcontainerawsclustersupdatemy-cluster--location=us-west1--cluster-version=CLUSTER_VERSION
POSITIONAL ARGUMENTS
Cluster resource - cluster to update. The arguments in this group can be used tospecify the attributes of this resource. (NOTE) Some attributes are not givenarguments in this group but can be set in other ways.

To set theproject attribute:

  • provide the argumentcluster on the command line with a fullyspecified name;
  • provide the argument--project on the command line;
  • set the propertycore/project.

This must be specified.

CLUSTER
ID of the cluster or fully qualified identifier for the cluster.

To set thecluster attribute:

  • provide the argumentcluster on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--location=LOCATION
Google Cloud location for the cluster.

To set thelocation attribute:

  • provide the argumentcluster on the command line with a fullyspecified name;
  • provide the argument--location on the command line;
  • set the propertycontainer_aws/location.
FLAGS
--admin-groups=[GROUP,…]
Groups of users that can perform operations as a cluster administrator.
--admin-users=USER,[USER,…]
Users that can perform operations as a cluster administrator.
--async
Return immediately, without waiting for the operation in progress to complete.
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
Set Binary Authorization evaluation mode for this cluster.BINAUTHZ_EVALUATION_MODE must be one of:DISABLED,PROJECT_SINGLETON_POLICY_ENFORCE.
--cluster-version=CLUSTER_VERSION
Kubernetes version to use for the cluster.
--config-encryption-kms-key-arn=CONFIG_ENCRYPTION_KMS_KEY_ARN
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the user data.
--iam-instance-profile=IAM_INSTANCE_PROFILE
Name or ARN of the IAM instance profile associated with the cluster.
--instance-type=INSTANCE_TYPE
AWS EC2 instance type for the control plane's nodes.
--logging=COMPONENT,[COMPONENT,…]
Set the components that have logging enabled.

Examples:

gcloudcontainerawsclustersupdate--logging=SYSTEMgcloudcontainerawsclustersupdate--logging=SYSTEM,WORKLOAD

COMPONENT must be one of:SYSTEM,WORKLOAD.

--role-arn=ROLE_ARN
Amazon Resource Name (ARN) of the IAM role to assume when managing AWSresources.
--role-session-name=ROLE_SESSION_NAME
Identifier for the assumed role session.
--root-volume-iops=ROOT_VOLUME_IOPS
Number of I/O operations per second (IOPS) to provision for the root volume.
--root-volume-kms-key-arn=ROOT_VOLUME_KMS_KEY_ARN
Amazon Resource Name (ARN) of the AWS KMS key to encrypt the root volume.
--root-volume-size=ROOT_VOLUME_SIZE
Size of the root volume. The value must be a whole number followed by a sizeunit ofGB for gigabyte, orTB for terabyte. If nosize unit is specified, GB is assumed.
--root-volume-throughput=ROOT_VOLUME_THROUGHPUT
Throughput to provision for the root volume, in MiB/s. Only valid if the volumetype is GP3. If volume type is GP3 and throughput is not provided, it defaultsto 125.
--root-volume-type=ROOT_VOLUME_TYPE
Type of the root volume.ROOT_VOLUME_TYPE must be oneof:gp2,gp3.
--validate-only
Validate the update of the cluster, but don't actually perform it.
Annotations

At most one of these can be specified:

--annotations=ANNOTATION,[ANNOTATION,…]
Annotations for the cluster.
--clear-annotations
Clear the annotations for the cluster.
Description

At most one of these can be specified:

--clear-description
Clear the description for the cluster.
--description=DESCRIPTION
Description for the cluster.
Proxy config

At most one of these can be specified:

--clear-proxy-config
Clear the proxy configuration associated with the control plane.
Update existing proxy config parameters
--proxy-secret-arn=PROXY_SECRET_ARN
ARN of the AWS Secrets Manager secret that contains a proxy configuration.
--proxy-secret-version-id=PROXY_SECRET_VERSION_ID
Version ID string of the AWS Secrets Manager secret that contains a proxyconfiguration.
Security groups

At most one of these can be specified:

--clear-security-group-ids
Clear any additional security groups associated with the control plane's nodes.This does not remove the default security groups.
--security-group-ids=[SECURITY_GROUP_ID,…]
IDs of additional security groups to add to the control plane's nodes.
SSH config

At most one of these can be specified:

--clear-ssh-ec2-key-pair
Clear the EC2 key pair authorized to login to the control plane's nodes.
--ssh-ec2-key-pair=SSH_EC2_KEY_PAIR
Name of the EC2 key pair authorized to login to the control plane's nodes.
Tags

At most one of these can be specified:

--clear-tags
Clear any tags associated with the control plane's nodes.
--tags=TAG,[TAG,…]
Applies the given tags (comma separated) on the control plane. Example:
gcloudcontainerawsclustersupdateEXAMPLE_CONTROL_PLANE--tags=tag1=one,tag2=two
Monitoring Config

At most one of these can be specified:

--disable-managed-prometheus
Disable managed collection for Managed Service for Prometheus.
--enable-managed-prometheus
Enable managed collection for Managed Service for Prometheus.
Default per node pool security group rules

At most one of these can be specified:

--disable-per-node-pool-sg-rules
Disable the default per node pool subnet security group rules on the controlplane security group. When disabled, at least one security group that allowsnode pools to send traffic to the control plane on ports TCP/443 and TCP/8132must be provided.
--enable-per-node-pool-sg-rules
Enable the default per node pool subnet security group rules on the controlplane security group.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
This variant is also available:
gcloudalphacontainerawsclustersupdate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-07 UTC.