Updating a Managed Service for Kubernetes cluster
To access a Kubernetes cluster, use its name or unique ID. You can get them by using the following command:
yc managed-kubernetes cluster list
Result:
+----------------------+----------+---------------------+---------+---------+-------------------------+-----------------------+
| ID | NAME | CREATED AT | HEALTH | STATUS | EXTERNAL ENDPOINT | INTERNAL ENDPOINT |
+----------------------+----------+---------------------+---------+---------+-------------------------+-----------------------+
| cati493bu7ia******** | k8s-demo | 2019-11-20 11:26:36 | HEALTHY | RUNNING | https://84.201.174.147/ | https://192.168.0.27/ |
+----------------------+----------+---------------------+---------+---------+-------------------------+-----------------------+
Changing Managed Service for Kubernetes clusters
You can change the following parameters of a Managed Service for Kubernetes cluster:
-
Name.
-
Description.
-
Kubernetes version.
-
Updates policy.
-
List of security groups.
-
Settings for sending logs to Yandex Cloud Logging.
Alert
Do not delete the security groups bound to a running Managed Service for Kubernetes cluster as this might result in disruptions in its operation and data loss.
-
Mask of the Managed Service for Kubernetes node subnet.
Warning
If you change the subnet mask of an active Managed Service for Kubernetes cluster, it may run out of CIDR blocks. In this case, you will not be able to deploy pods on new node groups.
To learn how to change a cluster's availability zone, see Migrating Managed Service for Kubernetes resources to a different availability zone.
To update a Managed Service for Kubernetes cluster:
- Open Managed Service for Kubernetes in the folder where you want to update the Managed Service for Kubernetes cluster.
- Click the name of the Managed Service for Kubernetes cluster.
- Click Edit in the top-right corner.
- Change the required parameters in the window that opens.
- Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To update a Managed Service for Kubernetes cluster:
-
View a description of the update Managed Service for Kubernetes cluster CLI command:
yc managed-kubernetes cluster update --help
-
Run the following command and provide a list of settings you want to change (not all settings are listed in the example below):
yc managed-kubernetes cluster update <Managed_Service_for_Kubernetes_cluster_name> \ --new-name <new_name_for_Managed_Service_for_Kubernetes_cluster> \ --description <Managed_Service_for_Kubernetes_cluster_description> \ --service-account-id <ID_of_service_account_for_resources> \ --service-account-name <name_of_service_account_for_resources> \ --node-service-account-id <ID_of_service_account_for_Kubernetes_nodes> \ --security-group-ids <list_of_security_group_IDs> \ --master-logging enabled=<sending_logs>,` `log-group-id=<log_group_ID>,` `folder-id=<folder_ID>,` `kube-apiserver-enabled=<sending_kube-apiserver_logs>,` `cluster-autoscaler-enabled=<sending_cluster-autoscaler_logs>,` `events-enabled=<sending_Kubernetes_events>` `audit-enabled=<sending_audit_events>
Where:
-
--new-name
: Managed Service for Kubernetes cluster name. -
--description
: Managed Service for Kubernetes cluster description. -
--service-account-id
,--service-account-name
: Service account for managing the Managed Service for Kubernetes cluster. -
--node-service-account-id
,--node-service-account-name
: Service account for managing the Managed Service for Kubernetes nodes. -
--security-group-ids
: Managed Service for Kubernetes cluster security groups.Warning
The configuration of security groups determines cluster performance, availability, and services running in the cluster.
-
--master-logging
: Sending logs to Cloud Logging:enabled
: Flag that enables log sending,true
orfalse
.log-group-id
: ID of the log group to send the logs to.folder-id
: ID of the folder to send the logs to. The logs will be sent to the log group of the default folder.kube-apiserver-enabled
: Flag that enables kube-apiserver log sending,true
orfalse
.cluster-autoscaler-enabled
: Flag that enablescluster-autoscaler
log sending,true
orfalse
.events-enabled
: Flag that enables Kubernetes event sending,true
orfalse
.audit-enabled
: Flag that enables audit event sending,true
orfalse
.
If log sending is enabled but neither
log-group-id
norfolder-id
is specified, the logs will be sent to the default log group of the folder with the Managed Service for Kubernetes cluster. You cannot set bothlog-group-id
andfolder-id
at the same time. -
--version
: Kubernetes version. -
--latest-revision
: Get all available updates for the current Managed Service for Kubernetes master version. -
--auto-upgrade
: Manage automatic Managed Service for Kubernetes cluster updates. -
Managing the maintenance window:
--anytime-maintenance-window
: Update at any time.--daily-maintenance-window
: Update daily at the selected time.--weekly-maintenance-window
: Update on selected days.
-
To update a Managed Service for Kubernetes cluster:
-
Open the current configuration file with the Managed Service for Kubernetes cluster description.
For more information about creating this file, see Creating a Managed Service for Kubernetes cluster.
-
Edit the required parameters in the Managed Service for Kubernetes cluster description.
To edit the settings for sending logs to Cloud Logging, configure the
master_logging
section parameters. If there is no such section, create one.resource "yandex_kubernetes_cluster" "<cluster_name>" { ... master { ... master_logging { enabled = <log_sending> log_group_id = "<log_group_ID>" folder_id = "<folder_ID>" kube_apiserver_enabled = <kube-apiserver_log_sending> cluster_autoscaler_enabled = <cluster-autoscaler_log_sending> events_enabled = <Kubernetes_event_sending> audit_enabled = <audit_event_sending> } } }
Where:
enabled
: Flag that enables log sending,true
orfalse
.log_group_id
: ID of the log group to send the logs to.folder_id
: ID of the folder to send the logs to. The logs will be sent to the log group of the default folder.kube_apiserver_enabled
: Flag that enables kube-apiserver log sending,true
orfalse
.cluster_autoscaler_enabled
: Flag that enablescluster-autoscaler
log sending,true
orfalse
.events_enabled
: Flag that enables Kubernetes event sending,true
orfalse
.audit_enabled
: Flag that enables audit event sending,true
orfalse
.
If log sending is enabled but neither
log_group_id
norfolder_id
is specified, the logs will be sent to the default log group of the folder with the Managed Service for Kubernetes cluster. You cannot set bothlog_group_id
andfolder_id
at the same time. -
Make sure the configuration files are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
For more information, see the Terraform
provider documentation. -
Managing Managed Service for Kubernetes cluster cloud labels
You can perform the following actions with Managed Service for Kubernetes cluster cloud labels:
Adding a cloud label
Run this command:
yc managed-kubernetes cluster add-labels k8s-demo --labels new_label=test_label
Result:
done (1s)
id: abcd123ef4gh********
folder_id: l1m01nopqr1s********
...
description: My test Kubernetes cluster
labels:
new_label: test_label
...
Updating a cloud label
Run this command:
yc managed-kubernetes cluster update k8s-demo --labels test_label=my_k8s_label
Warning
The existing set of labels
is completely overwritten by the one transmitted in the request.
Result:
done (1s)
id: abcd123ef4gh********
folder_id: l1m01nopqr1s********
...
description: My test Kubernetes cluster
labels:
test_label: my_k8s_label
...
Deleting a cloud label
Run this command:
yc managed-kubernetes cluster remove-labels k8s-demo --labels test_label
Result:
done (1s)
id: cati493bu7ia********
folder_id: b1g88tflru0e********
created_at: "2019-11-20T11:26:36Z"
name: k8s-demo
...