Update vCenter certificate references

This page describes how to update the reference to the vCenter certificate if it has changed, as your running admin cluster and user clusters must be informed of the change. This affects the vCenter.caCertPath field in the admin cluster configuration file and the user cluster configuration files for Google Distributed Cloud.

You can update the certificate references with the gkectl update command as described here.

Update the referenced vCenter certificate in the cluster configuration files

To update the running admin and user clusters to use the new certificate:

  1. Retrieve the new vCenter certificate and unzip it:

    curl -o certs.zip https://VCENTER_IP_ADDRESS/certs/download.zip
    unzip certs.zip
    

    You can use the -k flag if you want to allow unknown certificates. This is to avoid any certificate issues you may have accessing vCenter.

  2. Save the Linux certificate to a file named vcenter-ca.pem.

  3. In your admin cluster configuration file, set vCenter.caCertPath to the path of your new vcenter-ca.pem file.

  4. Update your admin cluster configuration file:

    gkectl update admin --config ADMIN_CLUSTER_CONFIG --kubeconfig ADMIN_CLUSTER_KUBECONFIG
    

    Replace:

    • ADMIN_CLUSTER_CONFIG with the path of your admin cluster configuration file.
  5. In each of your user cluster configuration files, set vCenter.caCertPath to the path of your new vcenter-ca.pem file.

  6. For each of your user clusters, run gkectl update command:

    gkectl update cluster --config USER_CLUSTER_CONFIG --kubeconfig ADMIN_CLUSTER_KUBECONFIG

    Replace:

    • USER_CLUSTER_CONFIG with the path of your user cluster configuration file.

Once the commands run successfully, the clusters will start using the new certificate.