EKS / Client / update_cluster_config
update_cluster_config#
- EKS.Client.update_cluster_config(**kwargs)#
Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.
You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren’t exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
Note
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
You can also use this API operation to enable or disable public and private access to your cluster’s Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
Warning
You can’t update the subnets or security group IDs for an existing cluster.
Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to
UPDATING
(this status transition is eventually consistent). When the update is complete (eitherFailed
orSuccessful
), the cluster status moves toActive
.See also: AWS API Documentation
Request Syntax
response = client.update_cluster_config( name='string', resourcesVpcConfig={ 'subnetIds': [ 'string', ], 'securityGroupIds': [ 'string', ], 'endpointPublicAccess': True|False, 'endpointPrivateAccess': True|False, 'publicAccessCidrs': [ 'string', ] }, logging={ 'clusterLogging': [ { 'types': [ 'api'|'audit'|'authenticator'|'controllerManager'|'scheduler', ], 'enabled': True|False }, ] }, clientRequestToken='string' )
- Parameters:
name (string) –
[REQUIRED]
The name of the Amazon EKS cluster to update.
resourcesVpcConfig (dict) –
An object representing the VPC configuration to use for an Amazon EKS cluster.
subnetIds (list) –
Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
(string) –
securityGroupIds (list) –
Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. If you don’t specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see Amazon EKS security group considerations in the Amazon EKS User Guide .
(string) –
endpointPublicAccess (boolean) –
Set this value to
false
to disable public access to your cluster’s Kubernetes API server endpoint. If you disable public access, your cluster’s Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter istrue
, which enables public access for your Kubernetes API server. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .endpointPrivateAccess (boolean) –
Set this value to
true
to enable private access for your cluster’s Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster’s VPC use the private VPC endpoint. The default value for this parameter isfalse
, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or Fargate pods in the cluster, then ensure thatpublicAccessCidrs
includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .publicAccessCidrs (list) –
The CIDR blocks that are allowed access to your cluster’s public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is
0.0.0.0/0
. If you’ve disabled private endpoint access and you have nodes or Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .(string) –
logging (dict) –
Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren’t exported to CloudWatch Logs. For more information, see Amazon EKS cluster control plane logs in the Amazon EKS User Guide .
Note
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
clusterLogging (list) –
The cluster control plane logging configuration for your cluster.
(dict) –
An object representing the enabled or disabled Kubernetes control plane logs for your cluster.
types (list) –
The available cluster control plane log types.
(string) –
enabled (boolean) –
If a log type is enabled, that log type exports its control plane logs to CloudWatch Logs. If a log type isn’t enabled, that log type doesn’t export its control plane logs. Each individual log type can be enabled or disabled independently.
clientRequestToken (string) –
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
This field is autopopulated if not provided.
- Return type:
dict
- Returns:
Response Syntax
{ 'update': { 'id': 'string', 'status': 'InProgress'|'Failed'|'Cancelled'|'Successful', 'type': 'VersionUpdate'|'EndpointAccessUpdate'|'LoggingUpdate'|'ConfigUpdate'|'AssociateIdentityProviderConfig'|'DisassociateIdentityProviderConfig'|'AssociateEncryptionConfig'|'AddonUpdate', 'params': [ { 'type': 'Version'|'PlatformVersion'|'EndpointPrivateAccess'|'EndpointPublicAccess'|'ClusterLogging'|'DesiredSize'|'LabelsToAdd'|'LabelsToRemove'|'TaintsToAdd'|'TaintsToRemove'|'MaxSize'|'MinSize'|'ReleaseVersion'|'PublicAccessCidrs'|'LaunchTemplateName'|'LaunchTemplateVersion'|'IdentityProviderConfig'|'EncryptionConfig'|'AddonVersion'|'ServiceAccountRoleArn'|'ResolveConflicts'|'MaxUnavailable'|'MaxUnavailablePercentage', 'value': 'string' }, ], 'createdAt': datetime(2015, 1, 1), 'errors': [ { 'errorCode': 'SubnetNotFound'|'SecurityGroupNotFound'|'EniLimitReached'|'IpNotAvailable'|'AccessDenied'|'OperationNotPermitted'|'VpcIdNotFound'|'Unknown'|'NodeCreationFailure'|'PodEvictionFailure'|'InsufficientFreeAddresses'|'ClusterUnreachable'|'InsufficientNumberOfReplicas'|'ConfigurationConflict'|'AdmissionRequestDenied'|'UnsupportedAddonModification'|'K8sResourceNotFound', 'errorMessage': 'string', 'resourceIds': [ 'string', ] }, ] } }
Response Structure
(dict) –
update (dict) –
An object representing an asynchronous update.
id (string) –
A UUID that is used to track the update.
status (string) –
The current status of the update.
type (string) –
The type of the update.
params (list) –
A key-value map that contains the parameters associated with the update.
(dict) –
An object representing the details of an update request.
type (string) –
The keys associated with an update request.
value (string) –
The value of the keys submitted as part of an update request.
createdAt (datetime) –
The Unix epoch timestamp in seconds for when the update was created.
errors (list) –
Any errors associated with a
Failed
update.(dict) –
An object representing an error when an asynchronous operation fails.
errorCode (string) –
A brief description of the error.
SubnetNotFound: We couldn’t find one of the subnets associated with the cluster.
SecurityGroupNotFound: We couldn’t find one of the security groups associated with the cluster.
EniLimitReached: You have reached the elastic network interface limit for your account.
IpNotAvailable: A subnet associated with the cluster doesn’t have any free IP addresses.
AccessDenied: You don’t have permissions to perform the specified operation.
OperationNotPermitted: The service role associated with the cluster doesn’t have the required access permissions for Amazon EKS.
VpcIdNotFound: We couldn’t find the VPC associated with the cluster.
errorMessage (string) –
A more complete description of the error.
resourceIds (list) –
An optional field that contains the resource IDs associated with the error.
(string) –
Exceptions
EKS.Client.exceptions.InvalidParameterException
EKS.Client.exceptions.ClientException
EKS.Client.exceptions.ServerException
EKS.Client.exceptions.ResourceInUseException
EKS.Client.exceptions.ResourceNotFoundException
EKS.Client.exceptions.InvalidRequestException