:doc:`EKS <../../eks>` / Client / update_addon

************
update_addon
************



.. py:method:: EKS.Client.update_addon(**kwargs)

  

  Updates an Amazon EKS add-on.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/UpdateAddon>`_  


  **Request Syntax**
  ::

    response = client.update_addon(
        clusterName='string',
        addonName='string',
        addonVersion='string',
        serviceAccountRoleArn='string',
        resolveConflicts='OVERWRITE'|'NONE'|'PRESERVE',
        clientRequestToken='string',
        configurationValues='string',
        podIdentityAssociations=[
            {
                'serviceAccount': 'string',
                'roleArn': 'string'
            },
        ]
    )
    
  :type clusterName: string
  :param clusterName: **[REQUIRED]** 

    The name of your cluster.

    

  
  :type addonName: string
  :param addonName: **[REQUIRED]** 

    The name of the add-on. The name must match one of the names returned by `ListAddons <https://docs.aws.amazon.com/eks/latest/APIReference/API_ListAddons.html>`__.

    

  
  :type addonVersion: string
  :param addonVersion: 

    The version of the add-on. The version must match one of the versions returned by `DescribeAddonVersions <https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html>`__.

    

  
  :type serviceAccountRoleArn: string
  :param serviceAccountRoleArn: 

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see `Amazon EKS node IAM role <https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html>`__ in the *Amazon EKS User Guide*.

     

    .. note::

      

      To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see `Enabling IAM roles for service accounts on your cluster <https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html>`__ in the *Amazon EKS User Guide*.

      

    

  
  :type resolveConflicts: string
  :param resolveConflicts: 

    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Conflicts are handled based on the option you choose:

     

    
    * **None** – Amazon EKS doesn't change the value. The update might fail.
     
    * **Overwrite** – Amazon EKS overwrites the changed value back to the Amazon EKS default value.
     
    * **Preserve** – Amazon EKS preserves the value. If you choose this option, we recommend that you test any field and value changes on a non-production cluster before updating the add-on on your production cluster.
    

    

  
  :type clientRequestToken: string
  :param clientRequestToken: 

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    This field is autopopulated if not provided.

  
  :type configurationValues: string
  :param configurationValues: 

    The set of configuration values for the add-on that's created. The values that you provide are validated against the schema returned by ``DescribeAddonConfiguration``.

    

  
  :type podIdentityAssociations: list
  :param podIdentityAssociations: 

    An array of EKS Pod Identity associations to be updated. Each association maps a Kubernetes service account to an IAM role. If this value is left blank, no change. If an empty array is provided, existing associations owned by the add-on are deleted.

     

    For more information, see `Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity <https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html>`__ in the *Amazon EKS User Guide*.

    

  
    - *(dict) --* 

      A type of EKS Pod Identity association owned by an Amazon EKS add-on.

       

      Each association maps a role to a service account in a namespace in the cluster.

       

      For more information, see `Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity <https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html>`__ in the *Amazon EKS User Guide*.

      

    
      - **serviceAccount** *(string) --* **[REQUIRED]** 

        The name of a Kubernetes Service Account.

        

      
      - **roleArn** *(string) --* **[REQUIRED]** 

        The ARN of an IAM Role.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'update': {
              'id': 'string',
              'status': 'InProgress'|'Failed'|'Cancelled'|'Successful',
              'type': 'VersionUpdate'|'EndpointAccessUpdate'|'LoggingUpdate'|'ConfigUpdate'|'AssociateIdentityProviderConfig'|'DisassociateIdentityProviderConfig'|'AssociateEncryptionConfig'|'AddonUpdate'|'VpcConfigUpdate'|'AccessConfigUpdate'|'UpgradePolicyUpdate'|'ZonalShiftConfigUpdate'|'AutoModeUpdate'|'RemoteNetworkConfigUpdate'|'DeletionProtectionUpdate'|'ControlPlaneScalingConfigUpdate'|'VendedLogsUpdate',
              'params': [
                  {
                      'type': 'Version'|'PlatformVersion'|'EndpointPrivateAccess'|'EndpointPublicAccess'|'ClusterLogging'|'DesiredSize'|'LabelsToAdd'|'LabelsToRemove'|'TaintsToAdd'|'TaintsToRemove'|'MaxSize'|'MinSize'|'ReleaseVersion'|'PublicAccessCidrs'|'LaunchTemplateName'|'LaunchTemplateVersion'|'IdentityProviderConfig'|'EncryptionConfig'|'AddonVersion'|'ServiceAccountRoleArn'|'ResolveConflicts'|'MaxUnavailable'|'MaxUnavailablePercentage'|'NodeRepairEnabled'|'UpdateStrategy'|'ConfigurationValues'|'SecurityGroups'|'Subnets'|'AuthenticationMode'|'PodIdentityAssociations'|'UpgradePolicy'|'ZonalShiftConfig'|'ComputeConfig'|'StorageConfig'|'KubernetesNetworkConfig'|'RemoteNetworkConfig'|'DeletionProtection'|'NodeRepairConfig'|'UpdatedTier'|'PreviousTier',
                      'value': 'string'
                  },
              ],
              'createdAt': datetime(2015, 1, 1),
              'errors': [
                  {
                      'errorCode': 'SubnetNotFound'|'SecurityGroupNotFound'|'EniLimitReached'|'IpNotAvailable'|'AccessDenied'|'OperationNotPermitted'|'VpcIdNotFound'|'Unknown'|'NodeCreationFailure'|'PodEvictionFailure'|'InsufficientFreeAddresses'|'ClusterUnreachable'|'InsufficientNumberOfReplicas'|'ConfigurationConflict'|'AdmissionRequestDenied'|'UnsupportedAddonModification'|'K8sResourceNotFound',
                      'errorMessage': 'string',
                      'resourceIds': [
                          'string',
                      ]
                  },
              ]
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **update** *(dict) --* 

        An object representing an asynchronous update.

        
        

        - **id** *(string) --* 

          A UUID that is used to track the update.

          
        

        - **status** *(string) --* 

          The current status of the update.

          
        

        - **type** *(string) --* 

          The type of the update.

          
        

        - **params** *(list) --* 

          A key-value map that contains the parameters associated with the update.

          
          

          - *(dict) --* 

            An object representing the details of an update request.

            
            

            - **type** *(string) --* 

              The keys associated with an update request.

              
            

            - **value** *(string) --* 

              The value of the keys submitted as part of an update request.

              
        
      
        

        - **createdAt** *(datetime) --* 

          The Unix epoch timestamp at object creation.

          
        

        - **errors** *(list) --* 

          Any errors associated with a ``Failed`` update.

          
          

          - *(dict) --* 

            An object representing an error when an asynchronous operation fails.

            
            

            - **errorCode** *(string) --* 

              A brief description of the error.

               

              
              * **SubnetNotFound**: We couldn't find one of the subnets associated with the cluster.
               
              * **SecurityGroupNotFound**: We couldn't find one of the security groups associated with the cluster.
               
              * **EniLimitReached**: You have reached the elastic network interface limit for your account.
               
              * **IpNotAvailable**: A subnet associated with the cluster doesn't have any available IP addresses.
               
              * **AccessDenied**: You don't have permissions to perform the specified operation.
               
              * **OperationNotPermitted**: The service role associated with the cluster doesn't have the required access permissions for Amazon EKS.
               
              * **VpcIdNotFound**: We couldn't find the VPC associated with the cluster.
              

              
            

            - **errorMessage** *(string) --* 

              A more complete description of the error.

              
            

            - **resourceIds** *(list) --* 

              An optional field that contains the resource IDs associated with the error.

              
              

              - *(string) --* 
          
        
      
    
  
  **Exceptions**
  
  *   :py:class:`EKS.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`EKS.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`EKS.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`EKS.Client.exceptions.ResourceInUseException`

  
  *   :py:class:`EKS.Client.exceptions.ClientException`

  
  *   :py:class:`EKS.Client.exceptions.ServerException`

  