The product described by this documentation, Anthos Clusters on AWS (previous generation), is now in maintenance mode. All new installs must use the current generation product, Anthos clusters on AWS.

Updating user clusters

This topic describes how to update the configuration of an existing user cluster.

Overview

With user clusters running Kubernetes version 1.20 and higher, you can modify the following attributes:

A user cluster's security groups, described in this topic.
Cluster and node pool versions. For more information, seee Upgrading GKE on AWS.
Proxy settings. For more information, see Changing proxy settings.
The size of a node pool. For more information, see Resize a node pool.

With Kubernetes 1.22 and higher, you can update EC2 instance types.

To update these resources, you edit the AWSCluster and AWSNodePool resources.

After you update the configuration, GKE on AWS places the cluster or node pool into the Updating state. When the update is complete, the cluster or node pool is returned to the Provisioned state.

Before you begin

To modify your user clusters, the cluster and node pool must run Kubernetes version 1.20 or higher. If your cluster is not running Kubernetes 1.20, Upgrade your user cluster first.

To modify your cluster's security groups, the AWS IAM role (set as spec.authentication.awsIAM.adminIdentityARNs in anthos-gke.yaml) that manages your GKE on AWS user clusters, must have the ec2:ModifyNetworkInterfaceAttribute permission.

Update security groups

In this section, you update the security groups for a cluster and node pool. To update the security groups, perform the following steps:

From your anthos-aws directory, use anthos-gke to switch context to your management service.
```
cd anthos-aws
anthos-gke aws management get-credentials
```
Note: anthos-gke uses the credentials you specified when you ran aws configure.
Open the YAML file that created your AWSCluster in a text editor. If you do not have your initial YAML file, you can use kubectl edit.
Edit YAML
If you followed the instructions in Creating a user cluster, your YAML file is named cluster-0.yaml. Open this file in a text editor.
kubectl edit
To use kubectl edit to edit your AWSCluster, run the following command:
```
env HTTPS_PROXY=http://localhost:8118 \
  kubectl edit awscluster cluster-name
```
Replace cluster-name with your AWSCluster. For example, to edit the default cluster, cluster-0, run the following command:
```
env HTTPS_PROXY=http://localhost:8118 \
  kubectl edit awscluster cluster-0
```

Edit the spec.controlPlane.securityGroupIDs field of your AWSCluster.

apiVersion: multicloud.cluster.gke.io/v1
kind: AWSCluster
...
spec:
  controlPlane:
    securityGroupIDs:
      - SECURITY_GROUP_ID
    ...

Replace SECURITY_GROUP_ID with the ID of the new security group. To add multiple security groups, add additional values to the array under spec.controlPlane.securityGroupIDs.

The following example includes the security groups sg-12345678ab and sg-abcdef1234:

apiVersion: multicloud.cluster.gke.io/v1
kind: AWSCluster
spec:
  controlPlane:
    securityGroupIDs:
      - sg-12345678ab
      - sg-abcdef1234
    ...

Edit the spec.securityGroupIDs field of your AWSNodePool resources.

apiVersion: multicloud.cluster.gke.io/v1
kind: AWSNodePool
spec:
  securityGroupIDs:
    - SECURITY_GROUP_ID
  ...

Save the file. If you are using kubectl edit, kubectl applies the changes automatically. If you are editing the YAML file, apply it to your management service with the following command:
```
env HTTPS_PROXY=http://localhost:8118 \
  kubectl apply -f cluster-0.yaml
```

Check the update status with kubectl. When the update is finished the object's state changes from Updating to Provisioned.

env HTTPS_PROXY=http://localhost:8118 \
  kubectl get AWSClusters,AWSNodePools

For example, while the cluster is in the updating state, the output resembles the following:

NAME        STATE       AGE      VERSION           ENDPOINT
cluster-0   Updating    10m41s   1.25.5-gke.2100   gke-xyz.elb.us-east-1.amazonaws.com

NAME               CLUSTER     STATE       AGE       VERSION
cluster-0-pool-0   cluster-0   Updating    10m40s    1.25.5-gke.2100

Update instance types

In this section, you update the instance types for a cluster and node pool. To update the instance types, perform the following steps:

From your anthos-aws directory, use anthos-gke to switch context to your management service.
```
cd anthos-aws
anthos-gke aws management get-credentials
```
Note: anthos-gke uses the credentials you specified when you ran aws configure.
Open the YAML file that created your AWSCluster in a text editor. If you do not have your initial YAML file, you can use kubectl edit.
Edit YAML
If you followed the instructions in Creating a user cluster, your YAML file is named cluster-0.yaml. Open this file in a text editor.
kubectl edit
To use kubectl edit to edit your AWSCluster, run the following command:
```
env HTTPS_PROXY=http://localhost:8118 \
  kubectl edit awscluster cluster-name
```
Replace cluster-name with your AWSCluster. For example, to edit the default cluster, cluster-0, run the following command:
```
env HTTPS_PROXY=http://localhost:8118 \
  kubectl edit awscluster cluster-0
```
Edit the spec.controlPlane.instanceType field of your AWSCluster.
```
apiVersion: multicloud.cluster.gke.io/v1
kind: AWSCluster
...
spec:
  controlPlane:
    instanceType: AWS_INSTANCE_TYPE
    ...
```
Replace AWS_INSTANCE_TYPE with the new instance type. For more information, see Supported instance types.

Edit the spec.instanceType field of your AWSNodePool resources.

apiVersion: multicloud.cluster.gke.io/v1
kind: AWSNodePool
spec:
  instanceType: AWS_INSTANCE_TYPE
  ...

Save the file. If you are using kubectl edit, kubectl applies the changes automatically. If you are editing the YAML file, apply it to your management service with the following command:
```
env HTTPS_PROXY=http://localhost:8118 \
  kubectl apply -f cluster-0.yaml
```