Updating a Managed Service for Kubernetes node group
To access a node group, use its name or unique ID obtained using the command:
yc managed-kubernetes node-group list
Result:
+----------------------+----------------------+-------------+----------------------+---------------------+---------+------+
| ID | CLUSTER ID | NAME | INSTANCE GROUP ID | CREATED AT | STATUS | SIZE |
+----------------------+----------------------+-------------+----------------------+---------------------+---------+------+
| catt3knapbq5******** | cati493bu7ia******** | k8s-demo-ng | cl1tbm76ms7p******** | 2019-11-20 12:01:02 | RUNNING | 2 |
+----------------------+----------------------+-------------+----------------------+---------------------+---------+------+
Before you start, make sure you have enough free resources in your cloud.
Changing node group parameters
You can change the following parameters of a Managed Service for Kubernetes node group:
-
Name
-
Description
-
Number of Managed Service for Kubernetes nodes
-
IP address assignment method: internal only or both internal and external
-
List of security groups
Alert
Do not delete security groups attached to a running Managed Service for Kubernetes node group as this may disrupt its operation and result in a loss of data.
-
Computing resources and Managed Service for Kubernetes node disk size
-
Managed Service for Kubernetes node name template
-
Updates policy
Alert
Do not reconfigure VMs belonging to a Managed Service for Kubernetes cluster with the help of the Yandex Compute Cloud interfaces. This will disrupt the operation of the node group and the whole Managed Service for Kubernetes cluster.
To learn how to change the availability zone of a node group, see Migrating Managed Service for Kubernetes resources to a different availability zone.
To update a Managed Service for Kubernetes node group:
- Open Managed Service for Kubernetes in the folder where you want to update the Managed Service for Kubernetes cluster.
- Click the name of the Managed Service for Kubernetes cluster.
- Go to the Node group tab.
- Select the desired node group.
- Click Edit in the top-right corner.
- Change the required parameters in the window that opens.
- Click Save.
Get detailed information about the command to edit the Managed Service for Kubernetes node group:
yc managed-kubernetes node-group update --help
Use the following flags to update the Managed Service for Kubernetes node group:
-
--new-name
: Change the name. -
--description
: Edit the description. -
--service-account-id
,--service-account-name
: Edit the service account resource. -
--node-service-account-id
,--node-service-account-name
: Update the service account for Managed Service for Kubernetes nodes. -
--version
: Change the Kubernetes version. -
--network-interface
: Network settings:security-group-ids
: IDs of Security groups.subnets
: Names of subnets that will host the nodes.ipv4-address
: Method of assigning an IPv4 address.ipv6-address
: Method of assigning an IPv6 address.
ipv4-address
andipv6-address
determine the method of assigning an IP address:auto
: Only the internal IP address is assigned to the node.nat
: Public and internal IP addresses are assigned to the node.
-
--network-acceleration-type
: Type of network acceleration:-
standard
: No acceleration. -
software-accelerated
: Software-accelerated network.Warning
Before activating a software-accelerated network, make sure that you have sufficient cloud resources available to create an additional Managed Service for Kubernetes node.
-
-
--container-runtime
: Change the container runtime environment,docker
orcontainerd
. -
--node-name
: Update the node Managed Service for Kubernetes name template. The name is unique if the template contains at least one of the following variables:{instance_group.id}
: Instance group ID.{instance.index}
: Unique instance number in the instance group. Possible values: 1 to N, where N is the number of instances in the group.{instance.index_in_zone}
: Instance number in a zone. It's unique for a specific instance group within the zone.{instance.short_id}
: Instance ID that is unique within the group. Consists of four letters.{instance.zone_id}
: Zone ID.
For example,
prod-{instance.short_id}-{instance_group.id}
. If not specified, the default value is used:{instance_group.id}-{instance.short_id}
. -
--template-labels
: Update node group cloud labels in<label_name>=<label_value>
format. You can specify multiple labels separated by commas. -
--latest-revision
: Get all available updates for current master Managed Service for Kubernetes version. -
--auto-upgrade
: Manage automatic updates. -
Managing the maintenance window:
--anytime-maintenance-window
: Update at any time.--daily-maintenance-window
: Update daily at the selected time.--weekly-maintenance-window
: Update on selected days.
Warning
- The
user-data
metadata key is not supported for VM post-configuration or user data transmission. - To manage SSH keys, use the
ssh-keys
key. - For post-configuring nodes, use privileged DaemonSets. For example, sysctl-tuner
.
To update a Managed Service for Kubernetes node group:
-
Open the current Terraform configuration file describing the Managed Service for Kubernetes node group.
For more information about creating this file, see Creating a node group.
-
Edit the Managed Service for Kubernetes node group description properties.
-
To change the container runtime environment, add an
instance_template.container_runtime
section:resource "yandex_kubernetes_node_group" "<node_group_name>" { ... instance_template { ... container_runtime { type = "<environment_type>" } } }
Where
type
is container runtime environment type:docker
orcontainerd
. -
To update the node group cloud labels, add the
instance_template.labels
section:resource "yandex_kubernetes_node_group" "<node_group_name>" { ... instance_template { ... labels { "<label_name>"="<label_value>" } } }
-
To change the Managed Service for Kubernetes node name template, update the
instance_template.name
parameter. The name is unique if the template contains at least one of the following variables:{instance_group.id}
: Instance group ID.{instance.index}
: Unique instance number in the instance group. Possible values: 1 to N, where N is the number of instances in the group.{instance.index_in_zone}
: Instance number in a zone. It's unique for a specific instance group within the zone.{instance.short_id}
: Instance ID that is unique within the group. Consists of four letters.{instance.zone_id}
: Zone ID.
For example,
prod-{instance.short_id}-{instance_group.id}
. If not specified, the default value is used:{instance_group.id}-{instance.short_id}
. -
To update DNS records:
-
Add the
instance_template.network_interface.ipv4_dns_records
section:resource "yandex_kubernetes_node_group" "<node_group_name>" { ... instance_template { network_interface { ipv4_dns_records { fqdn = "<DNS_record_FQDN>" dns_zone_id = "<DNS_zone_ID>" ttl = "<DNS_record_TTL_in_seconds>" ptr = "<PTR_record_creation>" } } } }
Where
ptr
denotes a PTR record creation:true
orfalse
.In a DNS record's FQDN, you can use a template with variables:
{instance_group.id}
: Instance group ID.{instance.index}
: Unique instance number in the instance group. Possible values: 1 to N, where N is the number of instances in the group.{instance.index_in_zone}
: Instance number in a zone. It is unique for a specific instance group within a zone.{instance.short_id}
: Instance ID that is unique within the group. It consists of four alphabetic characters.{instance.zone_id}
: Zone ID.
-
-
Make sure the configuration files are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
For more information, see the Terraform provider documentation
. -
To update a Managed Service for Kubernetes node group's properties, use the update method for the NodeGroup resource.
To change the container runtime environment, provide the docker
or the containerd
value in the nodeTemplate.containerRuntimeSettings.type
parameter.
To update the node group cloud labels, provide their values in the nodeTemplate.labels
parameter.
To update the Managed Service for Kubernetes node name template, provide it in the nodeTemplate.name
parameter. The name is unique if the template contains at least one of the following variables:
{instance_group.id}
: Instance group ID.{instance.index}
: Unique instance number in the instance group. Possible values: 1 to N, where N is the number of instances in the group.{instance.index_in_zone}
: Instance number in a zone. It's unique for a specific instance group within the zone.{instance.short_id}
: Instance ID that is unique within the group. Consists of four letters.{instance.zone_id}
: Zone ID.
For example, prod-{instance.short_id}-{instance_group.id}
. If not specified, the default value is used: {instance_group.id}-{instance.short_id}
.
To update DNS records, provide their settings in the nodeTemplate.v4AddressSpec.dnsRecordSpecs
parameter. In a DNS record's FQDN, you can use the nodeTemplate.name
node name template with variables.
Enabling access to nodes from the internet
- Go to the folder page and select Compute Cloud.
- Click the VM name.
- Under Network, click
and select Add public IP address. - Specify the appropriate settings and click Add.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To enable access to Managed Service for Kubernetes nodes from the internet:
-
Get detailed information about the command to edit the Managed Service for Kubernetes node group:
yc managed-kubernetes node-group update --help
-
Run the node group update command with the
--network-interface
flag set:yc managed-kubernetes node-group update <node_group_ID_or_name> \ ... --network-interface subnets=<name_of_node_group_subnet>, ipv4-address=nat
You can find out the names and IDs of Managed Service for Kubernetes node groups from the list of node groups in the folder.
Alternatively, you can grant internet access permission to Managed Service for Kubernetes cluster nodes by creating and setting up a NAT gateway or NAT instance. As a result, through static routing, traffic will be routed via the gateway or a separate VM instance with NAT features.
Note
If you assigned public IP addresses to the cluster nodes and then configured the NAT gateway or NAT instance, internet access via the public IPs will be disabled. For more information, see the Yandex Virtual Private Cloud documentation.
Managing node group cloud labels
You can perform the following actions with cloud labels of Managed Service for Kubernetes node groups:
Adding a cloud label
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
Add a cloud label to a Managed Service for Kubernetes node group:
yc managed-kubernetes node-group add-labels my-node-group --labels new_label=test_label
Result:
done (28s)
id: catpl8c44kii********
cluster_id: catcsqidoos7********
...
-
Open the current Terraform configuration file describing the Managed Service for Kubernetes node group.
For more information about creating this file, see Creating a node group.
-
Add the
labels
property to the Managed Service for Kubernetes node group description:
resource "yandex_kubernetes_node_group" "<node_group_name>" {
cluster_id = yandex_kubernetes_cluster.<cluster_name>.id
...
labels = {
"<cloud_label>" = "<value>"
}
...
}
-
Make sure the configuration files are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
For more information, see the Terraform provider documentation
Updating a cloud label
Update a cloud label of a Managed Service for Kubernetes node group:
Warning
The existing set of labels
is completely overwritten by the one transmitted in the request.
yc managed-kubernetes node-group update my-node-group --labels test_label=my_ng_label
Result:
done (3s)
id: catpl8c44kii********
cluster_id: catcsqidoos7********
...
-
Open the current Terraform configuration file describing the Managed Service for Kubernetes node group.
For more information about creating this file, see Creating a node group.
-
Edit the
labels
property in the Managed Service for Kubernetes node group description:resource "yandex_kubernetes_node_group" "<node_group_name>" { cluster_id = yandex_kubernetes_cluster.<cluster_name>.id ... labels = { "<cloud_label>" = "<value>" ... } ... }
-
Make sure the configuration files are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
For more information, see the Terraform provider documentation
Deleting a cloud label
Delete a cloud label of a Managed Service for Kubernetes node group:
yc managed-kubernetes node-group remove-labels my-node-group --labels test_label
Result:
done (2s)
id: catpl8c44kii********
cluster_id: catcsqidoos7********
...
-
Open the current Terraform configuration file describing the Managed Service for Kubernetes node group.
For more information about creating this file, see Creating a node group.
-
In the Managed Service for Kubernetes node group description, delete the cloud labels you no longer need under
labels
. -
Make sure the configuration files are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
For more information, see the Terraform provider documentation