UpdateClusterConfig
Updates an Amazon EKS cluster configuration. Your cluster continues to
function during the update. The response output includes an update ID that you can use
to track the status of your cluster update with DescribeUpdate"/>.
You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the Amazon EKS User Guide .
Note
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to
exported control plane logs. For more information, see CloudWatch
Pricing
You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .
You can also use this API operation to choose different subnets and security groups for the cluster. You must specify at least two subnets that are in different Availability Zones. You can't change which VPC the subnets are from, the subnets must be in the same VPC as the subnets that the cluster was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html in the Amazon EKS User Guide .
You can also use this API operation to enable or disable ARC zonal shift. If zonal shift is enabled, AWS configures zonal autoshift for the cluster.
Cluster updates are asynchronous, and they should finish within a few minutes. During
an update, the cluster status moves to UPDATING (this status transition is
eventually consistent). When the update is complete (either Failed or
Successful), the cluster status moves to Active.
Request Syntax
POST /clusters/name/update-config HTTP/1.1
Content-type: application/json
{
"accessConfig": {
"authenticationMode": "string"
},
"clientRequestToken": "string",
"logging": {
"clusterLogging": [
{
"enabled": boolean,
"types": [ "string" ]
}
]
},
"resourcesVpcConfig": {
"endpointPrivateAccess": boolean,
"endpointPublicAccess": boolean,
"publicAccessCidrs": [ "string" ],
"securityGroupIds": [ "string" ],
"subnetIds": [ "string" ]
},
"upgradePolicy": {
"supportType": "string"
},
"zonalShiftConfig": {
"enabled": boolean
}
}URI Request Parameters
The request uses the following URI parameters.
- name
-
The name of the Amazon EKS cluster to update.
Required: Yes
Request Body
The request accepts the following data in JSON format.
- accessConfig
-
The access configuration for the cluster.
Type: UpdateAccessConfigRequest object
Required: No
- clientRequestToken
-
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
Type: String
Required: No
- logging
-
Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS cluster control plane logs in the Amazon EKS User Guide .
Note
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing
. Type: Logging object
Required: No
- resourcesVpcConfig
-
An object representing the VPC configuration to use for an Amazon EKS cluster.
Type: VpcConfigRequest object
Required: No
- upgradePolicy
-
You can enable or disable extended support for clusters currently on standard support. You cannot disable extended support once it starts. You must enable extended support before your cluster exits standard support.
Type: UpgradePolicyRequest object
Required: No
- zonalShiftConfig
-
Enable or disable ARC zonal shift for the cluster. If zonal shift is enabled, AWS configures zonal autoshift for the cluster.
Zonal shift is a feature of Amazon Application Recovery Controller (ARC). ARC zonal shift is designed to be a temporary measure that allows you to move traffic for a resource away from an impaired AZ until the zonal shift expires or you cancel it. You can extend the zonal shift if necessary.
You can start a zonal shift for an EKS cluster, or you can allow AWS to do it for you by enabling zonal autoshift. This shift updates the flow of east-to-west network traffic in your cluster to only consider network endpoints for Pods running on worker nodes in healthy AZs. Additionally, any ALB or NLB handling ingress traffic for applications in your EKS cluster will automatically route traffic to targets in the healthy AZs. For more information about zonal shift in EKS, see Learn about Amazon Application Recovery Controller (ARC) Zonal Shift in Amazon EKS in the Amazon EKS User Guide .
Type: ZonalShiftConfigRequest object
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"update": {
"createdAt": number,
"errors": [
{
"errorCode": "string",
"errorMessage": "string",
"resourceIds": [ "string" ]
}
],
"id": "string",
"params": [
{
"type": "string",
"value": "string"
}
],
"status": "string",
"type": "string"
}
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
For information about the errors that are common to all actions, see Common Errors.
- ClientException
-
These errors are usually caused by a client action. Actions can include using an action or resource on behalf of an IAM principal that doesn't have permissions to use the action or resource or specifying an identifier that is not valid.
HTTP Status Code: 400
- InvalidParameterException
-
The specified parameter is invalid. Review the available parameters for the API request.
HTTP Status Code: 400
- InvalidRequestException
-
The request is invalid given the state of the cluster. Check the state of the cluster and the associated operations.
HTTP Status Code: 400
- ResourceInUseException
-
The specified resource is in use.
HTTP Status Code: 409
- ResourceNotFoundException
-
The specified resource could not be found. You can view your available clusters with
ListClusters. You can view your available managed node groups withListNodegroups. Amazon EKS clusters and node groups are AWS Region specific.HTTP Status Code: 404
- ServerException
-
These errors are usually caused by a server-side issue.
HTTP Status Code: 500
Examples
In the following example or examples, the Authorization header contents
(AUTHPARAMS) must be replaced with an AWS Signature Version 4
signature. For more information about creating these signatures, see Signature
Version 4 Signing Process in the Amazon EKS General
Reference.
You need to learn how to sign HTTP requests only if you intend to manually
create them. When you use the AWS Command Line
Interface (AWS CLI)
Example
The following example disables the Amazon EKS public API server
endpoint for the my-cluster cluster.
Sample Request
POST /clusters/my-cluster/update-config HTTP/1.1
Host: eks.us-west-2.amazonaws.com
Accept-Encoding: identity
User-Agent: aws-cli/1.16.56 Python/3.7.0 Darwin/17.7.0 botocore/1.12.46
X-Amz-Date: 20190228T215632Z
Authorization: AUTHPARAMS
{
"resourcesVpcConfig": {
"endpointPublicAccess": false
},
"clientRequestToken": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}Sample Response
HTTP/1.1 200 OK
Date: Thu, 28 Feb 2019 21:56:33 GMT
Content-Type: application/json
Content-Length: 254
x-amzn-RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
x-amz-apigw-id: V1LanEMJPHcFvTg=
X-Amzn-Trace-Id: Root=1-xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx
Connection: keep-alive
{
"update": {
"id": "71abb011-b524-4983-b17f-c30baa1b5530",
"status": "InProgress",
"type": "EndpointAccessUpdate",
"params": [
{
"type": "EndpointPublicAccess",
"value": "false"
},
{
"type": "EndpointPrivateAccess",
"value": "true"
}
],
"createdAt": 1551390993.374,
"errors": []
}
}Example
The following example enables exporting all cluster control plane logs to CloudWatch Logs.
Sample Request
POST /clusters/my-cluster/update-config HTTP/1.1
Host: eks.us-west-2.amazonaws.com
Accept-Encoding: identity
User-Agent: aws-cli/1.16.120 Python/3.7.0 Darwin/18.2.0 botocore/1.12.110
X-Amz-Date: 20190322T162335Z
Authorization: AUTHPARAMS
{
"logging": {
"clusterLogging": [
{
"types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"enabled": true
}
]
},
"clientRequestToken": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}Sample Response
HTTP/1.1 200 OK
Date: Fri, 22 Mar 2019 16:23:34 GMT
Content-Type: application/json
Content-Length: 313
x-amzn-RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
x-amz-apigw-id: W87Q5HlCvHcFxDA=
X-Amzn-Trace-Id: Root=1-xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx
Connection: keep-alive
{
"update": {
"id": "883405c8-65c6-4758-8cee-2a7c1340a6d9",
"status": "InProgress",
"type": "LoggingUpdate",
"params": [
{
"type": "ClusterLogging",
"value": "{\"clusterLogging\":[{\"types\":[\"api\",\"audit\",\"authenticator\",\"controllerManager\",\"scheduler\"],\"enabled\":true}]}"
}
],
"createdAt": 1553271814.684,
"errors": []
}
}See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
