Update notes¶
This section describes the specific actions you as a cloud operator need to complete before or after your Container Cloud cluster update to the Cluster releases 17.1.4 or 16.1.4.
Consider this information as a supplement to the generic update procedures published in Operations Guide: Automatic upgrade of a management cluster and Update a patch Cluster release of a managed cluster.
Post-update actions¶
Configure Kubernetes auditing and profiling for log rotation¶
After the MKE update to 3.7.8, if you are going to enable or already enabled Kubernetes auditing and profiling on your managed or management cluster, keep in mind that enabling audit log rotation requires an additional step. Set the following options in the MKE configuration file after enabling auditing and profiling:
[cluster_config]
kube_api_server_audit_log_maxage=30
kube_api_server_audit_log_maxbackup=10
kube_api_server_audit_log_maxsize=10
For the configuration procedure, see MKE documentation: Configure an existing MKE cluster.
While using this procedure, replace the command to upload the newly edited MKE configuration file with the following one:
curl --silent --insecure -X PUT -H "X-UCP-Allow-Restricted-API: i-solemnly-swear-i-am-up-to-no-good" -H "accept: application/toml" -H "Authorization: Bearer $AUTHTOKEN" --upload-file 'mke-config.toml' https://$MKE_HOST/api/ucp/config-toml
The value for
MKE_HOST
has the<loadBalancerHost>:6443
format, whereloadBalancerHost
is the corresponding field in the cluster status.The value for
MKE_PASSWORD
is taken from theucp-admin-password-<clusterName>
secret in the cluster namespace of the management cluster.The value for
MKE_USERNAME
is alwaysadmin
.