$ kops create cluster external-prd-20200329.k8s.h3poteto.dev --zones ap-northeast-1a,ap-northeast-1c,ap-northeast-1d --node-count 3 --master-zones ap-northeast-1a,ap-northeast-1c,ap-northeast-1d --node-size t3.medium --master-size t3.small
Edit this cluster before apply. And apply it.
$ kops update cluster --lifecycle-overrides IAMRole=ExistsAndWarnIfChanges,IAMRolePolicy=ExistsAndWarnIfChanges,IAMInstanceProfileRole=ExistsAndWarnIfChanges --name external-prd-20200329.k8s.h3poteto.dev --yes
You can edit cluster or instancegroup.
Edit cluster.
$ kops edit cluster external-prd-20200329.k8s.h3poteto.devEdit master instancegroup. You have to edit each master instance.
$ kops edit instancegroup master-ap-northeast-1a --name external-prd-20200329.k8s.h3poteto.dev
$ kops edit instancegroup master-ap-northeast-1c --name external-prd-20200329.k8s.h3poteto.dev
...Edit node instancegroup.
$ kops edit instancegroup nodes --name external-prd-20200329.k8s.h3poteto.devAnd after that, please update the cluster.
At first, update cluster definition. Then rolling update the cluster to replace all master and node instances.
$ kops update cluster --yes --admin --lifecycle-overrides IAMRole=ExistsAndWarnIfChanges,IAMRolePolicy=ExistsAndWarnIfChanges,IAMInstanceProfileRole=ExistsAndWarnIfChangesSometimes the command show some differences about iam role, please ignore it. I added required policy to role, but kops added the poliyc as inline policy, so the differences are appear. But it is no problem.
# update master instances
$ kops rolling-update cluster external-prd-20200329.k8s.h3poteto.dev --instance-group-roles=control-plane --force --yes
# update node instances
$ kops rolling-update cluster external-prd-20200329.k8s.h3poteto.dev --instance-group-roles=node --force --yes