gcloud alpha container clusters upgrade - upgrade the Kubernetes version of an existing container cluster
gcloud alpha container clusters upgrade NAME [--async] [--cluster-version=CLUSTER_VERSION] [--image-type=IMAGE_TYPE] [--master] [--node-pool=NODE_POOL] [--region=REGION | --zone=ZONE, -z ZONE] [--security-profile=SECURITY_PROFILE --security-profile-runtime-rules] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Upgrades the Kubernetes version of an existing container cluster.
This command upgrades the Kubernetes version of the node pools or master of a cluster. Note that the Kubernetes version of the cluster's master is also periodically upgraded automatically as new releases are available.
If desired cluster version is omitted, node pool upgrades default to the current master version and master upgrades default to the default cluster version, which can be found in the server config.
During node pool upgrades, nodes will be deleted and recreated. While persistent Kubernetes resources, such as Pods backed by replication controllers, will be rescheduled onto new nodes, a small cluster may experience a few minutes where there are insufficient nodes available to run all of the scheduled Kubernetes resources.
Please ensure that any data you wish to keep is stored on a persistent disk before upgrading the cluster. Ephemeral Kubernetes resources--in particular, Pods without replication controllers--will be lost, while persistent Kubernetes resources will get rescheduled.
Upgrade the node pool pool-1 of sample-cluster to the Kubernetes version of the cluster's master.
$ gcloud alpha container clusters upgrade sample-cluster \ --node-pool=pool-1
Upgrade the node pool pool-1 of sample-cluster to Kubernetes version 1.14.7-gke.14:
$ gcloud alpha container clusters upgrade sample-cluster \ --node-pool=pool-1 --cluster-version="1.14.7-gke.14"
Upgrade the master of sample-cluster to the default cluster version:
$ gcloud alpha container clusters upgrade sample-cluster --master
- NAME
The name of the cluster to upgrade.
- --async
Return immediately, without waiting for the operation in progress to complete.
- --cluster-version=CLUSTER_VERSION
The GKE release version to which to upgrade the cluster's node pools or master.
If desired cluster version is omitted, node pool upgrades default to the current master version and master upgrades default to the default cluster version, which can be found in the server config.
You can find the list of allowed versions for upgrades by running:
$ gcloud container get-server-config
- --image-type=IMAGE_TYPE
The image type to use for the cluster/node pool. Defaults to server-specified.
Image Type specifies the base OS that the nodes in the cluster/node pool will run on. If an image type is specified, that will be assigned to the cluster/node pool and all future upgrades will use the specified image type. If it is not specified the server will pick the default image type.
The default image type and the list of valid image types are available using the following command.
$ gcloud container get-server-config
- --master
Upgrade the cluster's master. Node pools cannot be upgraded at the same time as the master.
- --node-pool=NODE_POOL
The node pool to upgrade.
- At most one of these can be specified:
- --region=REGION
Compute region (e.g. us-central1) for the cluster.
- --zone=ZONE, -z ZONE
Compute zone (e.g. us-central1-a) for the cluster. Overrides the default compute/zone property value for this command invocation.
- Flags for Security Profile:
- --security-profile=SECURITY_PROFILE
Name and version of the security profile to be applied to the cluster. If not specified, the current security profile settings are preserved. If the current security profile is not supported in the new cluster version, this option must be explicitly specified with a supported security profile, otherwise the operation will fail.
Examples:
$ gcloud alpha container clusters upgrade example-cluster \ --security-profile=default-1.0-gke.1
- --security-profile-runtime-rules
Apply runtime rules in the specified security profile to the cluster. When enabled, a security profile controller and webhook are deployed on the cluster to enforce the runtime rules. If --no-security-profile-runtime-rules is specified to disable this feature, only bootstrapping rules are applied, and no security profile controller or webhook are installed.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud container clusters upgrade
$ gcloud beta container clusters upgrade