Updating an instance group to a different instance template also does not replace the instances. Instead you get a message that the new instance template is only applied to new instances and that you have to manually recreate the existing ones if you want to have them use the new settings.
In the same way updating the cluster settings does not need to replace the node pools or the instances. The new settings are only used for any new node pools you create. 'Robert Bailey' via Containers at Google <[email protected]> schrieb am Di., 19. Juli 2016 um 16:22 Uhr: > On Fri, Jul 15, 2016 at 2:56 AM, Richard Musiol <[email protected]> > wrote: > >> Hi Robert, >> >> yes, I'm talking about scopes, the UI calls them permissions. I've >> noticed that we can use the "--scopes" flag to override the cluster's >> setting when using "gcloud container node-pools create", the UI however >> does not offer this option. >> > > That's great feedback. I'll forward it to the UI developers. > > >> >> Still, the room to improve stays even when a workaround is available. ;-) >> I see no reason why the default scopes setting of a cluster needs to be set >> in stone. >> > > This is a limitation of the underlying GCE VMs. If you create a GCE VM, > you can't change the scopes on the VM while it is running (which you can > verify aside from using GKE at all). > > > >> It is only used by the "gcloud container node-pools create" command when >> you don't specify the "--scopes" flag, so why no making it possible to >> change it via the "gcloud container clusters update" command? >> > > If the update command required replacing all VMs, that seems pretty > disruptive / intrusive. And it's the reason that you can't change the > logging setting on a cluster (which requires replacing all nodes). Setting > it on a new node pool and having control over shifting your application / > traffic is much safer, especially for an "update" which for other options > is not nearly as disruptive. > > > >> The benefit would be to avoid human error when creating a new node pool. >> >> Thanks, >> Richard >> >> 'Robert Bailey' via Containers at Google < >> [email protected]> schrieb am Fr., 15. Juli 2016 um >> 05:48 Uhr: >> >>> Hi Richard, >>> >>> By permissions do you mean the scopes that are on the service account >>> attached to each node? When you create a NodePool, you can pass in a >>> NodeConfig >>> object >>> <https://cloud.google.com/container-engine/reference/rest/v1/NodeConfig> >>> that allows you to customize the pool with a specified service account and >>> oauth scopes (and not all pools in your cluster must have the same scopes). >>> >>> Are you trying to create the new node pool using the CLI (gcloud) or the >>> UI (cloud console)? It's possible that this part of the API surface isn't >>> properly exposed with a friendly UX (or if so, maybe it just isn't very >>> discoverable). >>> >>> Robby >>> >>> >>> >>> On Thu, Jul 14, 2016 at 8:53 AM, Richard Musiol <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> would it be possible to add the option to modify the permissions of a >>>> cluster? As far as I can see they are only used as the default permission >>>> values when a new node pool is being created. We would like to change those >>>> defaults without having to create a new cluster. >>>> >>>> Thanks, >>>> Richard >>>> >>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Containers at Google" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>> >>> >>>> To post to this group, send email to [email protected] >>>> . >>>> Visit this group at https://groups.google.com/group/google-containers. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Containers at Google" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/google-containers/pjQUHm-No_4/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/google-containers. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Containers at Google" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/google-containers. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Containers at Google" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/google-containers/pjQUHm-No_4/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/google-containers. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Containers at Google" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-containers. For more options, visit https://groups.google.com/d/optout.
