A new version of Anthos clusters on AWS (GKE on AWS) was released on September 1. See the release notes for more information.

Updating user clusters

This topic describes how to update the configuration of an existing user cluster.

Overview

With user clusters running Kubernetes version 1.20 and higher, you can modify the following attributes:

To update these resources, you edit the AWSCluster and AWSNodePool resources.

After you update the configuration, Anthos clusters on AWS places the cluster or node pool into the Updating state. When the update is complete, the cluster or node pool is returned to the Provisioned state.

Before you begin

To modify your user clusters, the cluster and node pool must run Kubernetes version 1.20 or higher. If your cluster is not running Kubernetes 1.20, Upgrade your user cluster first.

To modify your cluster's security groups, the AWS IAM role (set as spec.authentication.awsIAM.adminIdentityARNs in anthos-gke.yaml) that manages your Anthos clusters on AWS user clusters, must have the ec2:ModifyNetworkInterfaceAttribute permission.

Updating security groups

In this section, you update the security groups for a cluster and node pool. To update the security groups, perform the following steps:

  1. From your anthos-aws directory, use anthos-gke to switch context to your management service.

    cd anthos-aws
    anthos-gke aws management get-credentials

  2. Open the YAML file that created your AWSCluster in a text editor. If you do not have your initial YAML file, you can use kubectl edit.

    Edit YAML

    If you followed the instructions in Creating a user cluster, your YAML file is named cluster-0.yaml. Open this file in a text editor.

    kubectl edit

    To use kubectl edit to edit your AWSCluster, run the following command:

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl edit awscluster cluster-name
    

    Replace cluster-name with your AWSCluster. For example, to edit the default cluster, cluster-0, run the following command:

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl edit awscluster cluster-0
    
  3. Edit the spec.controlPlane.securityGroupIDs field of your AWSCluster.

    apiVersion: multicloud.cluster.gke.io/v1
    kind: AWSCluster
    ...
    spec:
      controlPlane:
        securityGroupIDs:
          - SECURITY_GROUP_ID
        ...
    

    Replace SECURITY_GROUP_ID with the ID of the new security group. To add multiple security groups, add additional values to the array under spec.controlPlane.securityGroupIDs.

    The following example includes the security groups sg-12345678ab and sg-abcdef1234:

    apiVersion: multicloud.cluster.gke.io/v1
    kind: AWSCluster
    spec:
      controlPlane:
        securityGroupIDs:
          - sg-12345678ab
          - sg-abcdef1234
        ...
    
  4. Edit the spec.securityGroupIDs field of your AWSNodePool resources.

    apiVersion: multicloud.cluster.gke.io/v1
    kind: AWSNodePool
    spec:
      securityGroupIDs:
        - SECURITY_GROUP_ID
      ...
    
  5. Save the file. If you are using kubectl edit, kubectl applies the changes automatically. If you are editing the YAML file, apply it to your management service with the following command:

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl apply -f cluster-0.yaml
    
  6. Check the update status with kubectl. When the update is finished the object's state changes from Updating to Provisioned.

    env HTTPS_PROXY=http://localhost:8118 \
      kubectl get AWSClusters,AWSNodePools
    

    For example, while the cluster is in the updating state, the output resembles the following:

    NAME        STATE       AGE      VERSION           ENDPOINT
    cluster-0   Updating    10m41s   1.20.7-gke.2400   gke-xyz.elb.us-east-1.amazonaws.com
    
    NAME               CLUSTER     STATE       AGE       VERSION
    cluster-0-pool-0   cluster-0   Updating    10m40s    1.20.7-gke.2400
    

What's next