[Yandex Cloud documentation](../../../index.md) > [Yandex Managed Service for Kubernetes](../../index.md) > [Step-by-step guides](../index.md) > Managing a Kubernetes cluster > Updating a Kubernetes cluster

# Updating a Managed Service for Kubernetes cluster

To access a Kubernetes cluster, use its name or unique ID that you can get by using this command:

```bash
yc managed-kubernetes cluster list
```

Result:

```bash
+----------------------+----------+---------------------+---------+---------+-------------------------+-----------------------+
|          ID          |   NAME   |     CREATED AT      | HEALTH  | STATUS  |    EXTERNAL ENDPOINT    |   INTERNAL ENDPOINT   |
+----------------------+----------+---------------------+---------+---------+-------------------------+-----------------------+
| cati493bu7ia******** | k8s-demo | 2019-11-20 11:26:36 | HEALTHY | RUNNING | https://84.201.174.147/ | https://192.168.0.27/ |
+----------------------+----------+---------------------+---------+---------+-------------------------+-----------------------+
```

## Updating a Managed Service for Kubernetes cluster {#update-cluster}

{% note warning %}

You can only assign a [public IP address](../../../vpc/concepts/address.md#public-addresses) when [creating](kubernetes-cluster-create.md) a Managed Service for Kubernetes cluster. You cannot assign a public IP address to an existing cluster.

{% endnote %}

You can change the following parameters of a [Managed Service for Kubernetes cluster](../../concepts/index.md#kubernetes-cluster):
* Name.
* Description.
* [Service accounts](../../../iam/operations/sa/create.md).
* [Resource configuration](../../concepts/index.md#master-resources) for the master.
* [Kubernetes version](../../concepts/release-channels-and-updates.md).
* [Updates](../../concepts/release-channels-and-updates.md#updates) policy.
* List of [security groups](../connect/security-groups.md).
* Settings for sending logs to [Yandex Cloud Logging](../../../logging/index.md).

  {% note alert %}

  Do not delete security groups associated with a running Managed Service for Kubernetes cluster as this may disrupt its operation and result in data loss.

  {% endnote %}

* [Subnet mask](../../../vpc/concepts/network.md#subnet) of the [Managed Service for Kubernetes nodes](../../concepts/index.md#node-group).

  {% note warning %}

  * If you change the subnet mask for a running Managed Service for Kubernetes cluster, it may run out of CIDR blocks. In this case, you will not be able to deploy [pods](../../concepts/index.md#pod) on new node groups.
  * After changing the subnet mask, you must recreate the cluster node groups.

  {% endnote %}

Learn how to change a cluster [availability zone](../../../overview/concepts/geo-scope.md) in [Migrating Kubernetes resources to a different availability zone](../../tutorials/migration-to-an-availability-zone.md).

{% list tabs group=instructions %}

- Management console {#console}

  To update a Managed Service for Kubernetes cluster:
  1. Open **Managed Service for&nbsp;Kubernetes** in the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) where you want to update the Managed Service for Kubernetes cluster.
  1. Click the name of the Managed Service for Kubernetes cluster.
  1. Click **Edit** in the top-right corner.
  1. Change the parameters in the window that opens.
  1. Click **Save**.

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  To update a Managed Service for Kubernetes cluster:
  1. View the description of the CLI command for updating a Managed Service for Kubernetes cluster:

     ```bash
     yc managed-kubernetes cluster update --help
     ```

  1. Run the command listing the settings you want to update (not all settings are listed in the example below):

     ```bash
     yc managed-kubernetes cluster update <Managed_Service_for_Kubernetes_cluster_name> \
       --new-name <new_name_for_Managed_Service_for_Kubernetes_cluster> \
       --description <Managed_Service_for_Kubernetes_cluster_description> \
       --service-account-id <ID_of_service_account_for_resources> \
       --service-account-name <name_of_service_account_for_resources> \
       --node-service-account-id <ID_of_service_account_for_Kubernetes_nodes> \
       --security-group-ids <list_of_security_group_IDs> \
       --master-logging enabled=<send_logs>,`
           `log-group-id=<log_group_ID>,`
           `folder-id=<folder_ID>,`
           `kube-apiserver-enabled=<send_kube-apiserver_logs>,`
           `cluster-autoscaler-enabled=<send_cluster-autoscaler_logs>,`
           `events-enabled=<send_Kubernetes_events>`
           `audit-enabled=<send_audit_events>
     ```

     Where:
     * `--new-name`: Managed Service for Kubernetes cluster name.
     * `--description`: Managed Service for Kubernetes cluster description.
     * `--service-account-id`, `--service-account-name`: Service account for managing the Managed Service for Kubernetes cluster.
     * `--node-service-account-id`, `--node-service-account-name`: Service account for managing the Managed Service for Kubernetes nodes.
     * `--security-group-ids`: Managed Service for Kubernetes cluster security groups.

       {% note warning %}
       
       The [configuration of security groups](../connect/security-groups.md) determines performance and availability of the cluster and services running in it.
       
       {% endnote %}

     * `--master-logging`: Sending logs to [Yandex Cloud Logging](../../../logging/index.md):

       * `enabled`: Flag that enables sending logs, `true` or `false`.
       * `log-group-id`: ID of the [log group](../../../logging/concepts/log-group.md) to send logs to.
       * `folder-id`: ID of the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) to send logs to. Logs will be sent to the log group of the default folder.
       * `kube-apiserver-enabled`: Flag that enables sending [kube-apiserver](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) logs, `true` or `false`.
       * `cluster-autoscaler-enabled`: Flag that enables sending `cluster-autoscaler` logs, `true` or `false`.
       * `events-enabled`: Flag that enables sending Kubernetes events, `true` or `false`.
       * `audit-enabled`: Flag that enables sending audit events, `true` or `false`.

       To send logs to Yandex Cloud Logging, [assign](../../../iam/operations/sa/assign-role-for-sa.md) the [logging.writer](../../../logging/security/index.md#loggingwriter) role for resources to the service account.

       If log sending is enabled but neither `log-group-id` nor `folder-id` is specified, logs will be sent to the default log group in the [Managed Service for Kubernetes cluster folder](../../concepts/index.md#kubernetes-cluster). You cannot specify both `log-group-id` and `folder-id` at the same time.

     * `--version`: Kubernetes version.
     * `--latest-revision`: Get all available updates for the current [Managed Service for Kubernetes master](../../concepts/index.md#master) version.
     * `--auto-upgrade`: Manage automatic Managed Service for Kubernetes cluster updates.
     * Managing the maintenance window:
       * `--anytime-maintenance-window`: Update at any time.
       * `--daily-maintenance-window`: Update daily at the selected time.
       * `--weekly-maintenance-window`: Update on selected days.

         {% note info %}
         
         If you activate an update, either daily or on particular days, it may start later than specified.  
         
         {% endnote %}

- Terraform {#tf}

  To update a Managed Service for Kubernetes cluster:
  1. Open the current configuration file with the Managed Service for Kubernetes cluster description.

     For more info on how to create such a file, see [Creating a Managed Service for Kubernetes cluster](kubernetes-cluster-create.md).
  1. Edit the required parameters in the Managed Service for Kubernetes cluster description.

     To edit the settings for sending logs to [Yandex Cloud Logging](../../../logging/index.md), update the `master_logging` section parameters. If there is no such section, create one.

     >```hcl
     >resource "yandex_kubernetes_cluster" "<cluster_name>" {
     >  ...
     >  master {
     >    ...
     >    master_logging {
     >      enabled                    = <send_logs>
     >      log_group_id               = "<log_group_ID>"
     >      folder_id                  = "<folder_ID>"
     >      kube_apiserver_enabled     = <send_kube-apiserver_logs>
     >      cluster_autoscaler_enabled = <send_cluster-autoscaler_logs>
     >      events_enabled             = <send_Kubernetes_events>
     >      audit_enabled              = <send_audit_events>
     >    }
     >  }
     >}
     >```

     Where:

     * `enabled`: Flag that enables sending logs, `true` or `false`.
     * `log_group_id`: ID of the [log group](../../../logging/concepts/log-group.md) to send logs to.
     * `folder_id`: ID of the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) to send logs to. Logs will be sent to the log group of the default folder.
     * `kube_apiserver_enabled`: Flag that enables sending [kube-apiserver](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) logs, `true` or `false`.
     * `cluster_autoscaler_enabled`: Flag that enables sending `cluster-autoscaler` logs, `true` or `false`.
     * `events_enabled`: Flag that enables sending Kubernetes events, `true` or `false`.
     * `audit_enabled`: Flag that enables sending audit events, `true` or `false`.

       To send logs to Yandex Cloud Logging, [assign](../../../iam/operations/sa/assign-role-for-sa.md) the [logging.writer](../../../logging/security/index.md#loggingwriter) role for resources to the service account.

       If log sending is enabled but neither `log-group-id` nor `folder-id` is specified, logs will be sent to the default log group in the [Managed Service for Kubernetes cluster folder](../../concepts/index.md#kubernetes-cluster). You cannot specify both `log-group-id` and `folder-id` at the same time.

  1. Make sure the configuration files are correct.

     1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.
     1. Run this command:
     
        ```bash
        terraform validate
        ```
     
        Terraform will show any errors found in your configuration files.

  1. Confirm resource changes.

     1. Run this command to view the planned changes:
     
        ```bash
        terraform plan
        ```
     
        If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
     
     1. If everything looks correct, apply the changes:
        1. Run this command:
     
           ```bash
           terraform apply
           ```
     
        1. Confirm updating the resources.
        1. Wait for the operation to complete.

     {% note warning "Timeouts" %}
     
     The Terraform provider limits the time for creating and updating a Managed Service for Kubernetes cluster to 30 minutes.
     
     Operations in excess of this time will be interrupted.
     
     {% cut "How do I modify these limits?" %}
     
     Add a `timeouts` block to the cluster description, e.g.:
     
     ```hcl
     resource "yandex_kubernetes_cluster" "<cluster_name>" {
       ...
       timeouts {
         create = "60m"
         update = "60m"
       }
     }
     ```
     
     {% endcut %}
     
     {% endnote %}

     For more information, see [this Terraform provider guide](../../../terraform/resources/kubernetes_cluster.md).

- API {#api}

  To update the Managed Service for Kubernetes cluster parameters, use the [update](../../managed-kubernetes/api-ref/Cluster/update.md) REST API method for the [Cluster](../../managed-kubernetes/api-ref/Cluster/index.md) resource or the [ClusterService/Update](../../managed-kubernetes/api-ref/grpc/Cluster/update.md) gRPC API call.

  To edit the settings for sending logs to Cloud Logging, update their values in the `masterSpec.masterLogging` parameter for the REST API, or `master_spec.master_logging`, for the gRPC API.

  To send logs to Yandex Cloud Logging, [assign](../../../iam/operations/sa/assign-role-for-sa.md) the [logging.writer](../../../logging/security/index.md#loggingwriter) role for resources to the service account.

{% endlist %}

## Managing Managed Service for Kubernetes cluster cloud labels {#manage-label}

You can perform the following actions with [Managed Service for Kubernetes cluster cloud labels](../../concepts/index.md#cluster-labels):

* [Add](#add-label)
* [Edit](#update-label)
* [Delete](#remove-label)

### Adding a cloud label {#add-label}

{% list tabs group=instructions %}

- Management console {#console}

    1. Open **Managed Service for&nbsp;Kubernetes** in the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) containing the Managed Service for Kubernetes cluster.
    1. Click the name of the Managed Service for Kubernetes cluster.
    1. Click **Edit** in the top-right corner.
    1. In the **Labels** field, click **Add label**.
    1. Enter the key and value, and press **Enter**.
    1. Click **Save**.

- CLI {#cli}

  Run this command:

  ```bash
  yc managed-kubernetes cluster add-labels k8s-demo --labels new_label=test_label
  ```

  Result:

  ```text
  done (1s)
  id: abcd123ef4gh********
  folder_id: l1m01nopqr1s********
  ...
  description: My test Kubernetes cluster
  labels:
    new_label: test_label
  ...
  ```

{% endlist %}

### Updating a cloud label {#update-label}

{% list tabs group=instructions %}

- Management console {#console}

  To update a cloud label, you will need to remove and recreate it:

    1. Open **Managed Service for&nbsp;Kubernetes** in the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) containing the Managed Service for Kubernetes cluster.
    1. Click the name of the Managed Service for Kubernetes cluster.
    1. Click **Edit** in the top-right corner.
    1. In the **Labels** field, click the cross next to the label to remove it.
    1. Click **Add label** and enter a key and/or value for the new label.
    1. Press **Enter** and click **Save**.

- CLI {#cli}

  Run this command:

  ```bash
  yc managed-kubernetes cluster update k8s-demo --labels test_label=my_k8s_label
  ```

  {% note warning %}
  
  The existing labels (`labels`) will be completely overwritten by the ones you provide in your request.
  
  {% endnote %}

  Result:

  ```text
  done (1s)
  id: abcd123ef4gh********
  folder_id: l1m01nopqr1s********
  ...
  description: My test Kubernetes cluster
  labels:
    test_label: my_k8s_label
  ...
  ```

{% endlist %}

### Removing a cloud label {#remove-label}

{% list tabs group=instructions %}

- Management console {#console}

    1. Open **Managed Service for&nbsp;Kubernetes** in the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) containing the Managed Service for Kubernetes cluster.
    1. Click the name of the Managed Service for Kubernetes cluster.
    1. Click **Edit** in the top-right corner.
    1. In the **Labels** field, click the cross next to the label.
    1. Click **Save**.

- CLI {#cli}

  Run this command:

  ```bash
  yc managed-kubernetes cluster remove-labels k8s-demo --labels test_label
  ```

  Result:

  ```text
  done (1s)
  id: cati493bu7ia********
  folder_id: b1g88tflru0e********
  created_at: "2019-11-20T11:26:36Z"
  name: k8s-demo
  ...
  ```

{% endlist %}

## Updating the master resource configuration {#manage-resources}

{% note info %}

The feature of selecting and updating a master configuration is at the [Preview](../../../overview/concepts/launch-stages.md) stage.

{% endnote %}

{% note warning %}

Starting June 18, 2026, master node pricing will change, with fees based on the number of vCPUs and the amount of RAM. Use [this table](../../concepts/master-configuration.md) to estimate the required master node resources for your cluster.

{% endnote %}

{% list tabs group=instructions %}

- Management console {#console}

  1. Open **Managed Service for&nbsp;Kubernetes** in the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) where you want to update the Managed Service for Kubernetes cluster.
  1. Click the name of the Managed Service for Kubernetes cluster.
  1. Click **Edit** in the top-right corner.
  1. Under **Master configuration**, expand the **Computing resources** section and select a [resource configuration](../../concepts/index.md#master-resources) for the master.

      The selected configuration allocates minimum resources to the master. Depending on the load, the amount of RAM and number of vCPUs will increase automatically.

      _By default_, the following resources are provided for the operation of one master host:
      * [Platform](../../../compute/concepts/vm-platforms.md): Intel Cascade Lake
      * Guaranteed vCPU share: 100%
      * vCPU: 2
      * RAM: 8 GB

  1. Click **Save**.

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  Specify the required master resource configuration in the cluster modification command:

  ```bash
  yc managed-kubernetes cluster update <Managed_Service_for_Kubernetes_cluster_name> \
    --master-scale-policy policy=auto,min-resource-preset-id=<master_host_class>
  ```

  The selected configuration allocates minimum resources to the master. Depending on the load, the amount of RAM and number of vCPUs will increase automatically.

  Result:

  ```text
  done (1s)
  id: abcd123ef4gh********
  folder_id: l1m01nopqr1s********
  ...
  description: My test Kubernetes cluster
  master:
    scale_policy:
      auto_scale:
        min_resource_preset_id: <master_host_class>
  ...
  ```

- Terraform {#tf}

  1. Open the current configuration file with the Managed Service for Kubernetes cluster description.

     For more info on how to create such a file, see [Creating a Managed Service for Kubernetes cluster](kubernetes-cluster-create.md).

  1. Add or update [the master computing resource](../../concepts/index.md#master-resources) configuration in the Managed Service for Kubernetes cluster description in the `scale_policy` section:

     >```hcl
     >resource "yandex_kubernetes_cluster" "<cluster_name>" {
     >  ...
     >  master {
     >    ...
     >    scale_policy {
     >      auto_scale  {
     >        min_resource_preset_id = "<master_host_class>"
     >      }
     >    }
     >  }
     >}
     >```

     The selected configuration allocates minimum resources to the master. Depending on the load, the amount of RAM and number of vCPUs will increase automatically.

  1. Make sure the configuration files are correct.

     1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.
     1. Run this command:
     
        ```bash
        terraform validate
        ```
     
        Terraform will show any errors found in your configuration files.

  1. Confirm resource changes.

     1. Run this command to view the planned changes:
     
        ```bash
        terraform plan
        ```
     
        If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
     
     1. If everything looks correct, apply the changes:
        1. Run this command:
     
           ```bash
           terraform apply
           ```
     
        1. Confirm updating the resources.
        1. Wait for the operation to complete.

     {% note warning "Timeouts" %}
     
     The Terraform provider limits the time for creating and updating a Managed Service for Kubernetes cluster to 30 minutes.
     
     Operations in excess of this time will be interrupted.
     
     {% cut "How do I modify these limits?" %}
     
     Add a `timeouts` block to the cluster description, e.g.:
     
     ```hcl
     resource "yandex_kubernetes_cluster" "<cluster_name>" {
       ...
       timeouts {
         create = "60m"
         update = "60m"
       }
     }
     ```
     
     {% endcut %}
     
     {% endnote %}

     For more information, see [this Terraform provider guide](../../../terraform/resources/kubernetes_cluster.md).

- API {#api}

  To update the master resource configuration, use the [update](../../managed-kubernetes/api-ref/Cluster/update.md) REST API method for the [Cluster](../../managed-kubernetes/api-ref/Cluster/index.md) resource or the [ClusterService/Update](../../managed-kubernetes/api-ref/grpc/Cluster/update.md) gRPC API call and provide the following parameter in the request:

  * `masterSpec.scalePolicy.autoScale.minResourcePresetId`: For REST API.
  * `master_spec.scale_policy.auto_scale.min_resource_preset_id`: For gRPC API.

  The selected configuration allocates minimum resources to the master. Depending on the load, the amount of RAM and number of vCPUs will increase automatically.

{% endlist %}