This page describes how to update the reference to the vCenter certificate if it has changed, as your running admin cluster and user clusters must be informed of the change. This affects the vCenter.caCertPath field in the admin cluster configuration file and the user cluster configuration files for Google Distributed Cloud.
You can update the certificate references with the gkectl update command as described here.
Update the referenced vCenter certificate in the cluster configuration files
To update the running admin and user clusters to use the new certificate:
Retrieve the new vCenter certificate and unzip it:
curl -o certs.zip https://VCENTER_IP_ADDRESS/certs/download.zip unzip certs.zip
You can use the
-kflag if you want to allow unknown certificates. This is to avoid any certificate issues you may have accessing vCenter.Save the Linux certificate to a file named
vcenter-ca.pem.In your admin cluster configuration file, set
vCenter.caCertPathto the path of your newvcenter-ca.pemfile.Update your admin cluster configuration file:
gkectl update admin --config ADMIN_CLUSTER_CONFIG --kubeconfig ADMIN_CLUSTER_KUBECONFIG
Replace:
- ADMIN_CLUSTER_CONFIG with the path of your admin cluster configuration file.
In each of your user cluster configuration files, set
vCenter.caCertPathto the path of your newvcenter-ca.pemfile.For each of your user clusters, run gkectl update command:
gkectl update cluster --config USER_CLUSTER_CONFIG --kubeconfig ADMIN_CLUSTER_KUBECONFIG
Replace:
- USER_CLUSTER_CONFIG with the path of your user cluster configuration file.
Once the commands run successfully, the clusters will start using the new certificate.