Each admin and user cluster is initially configured to use the vCenter username
and password
that you used to create those clusters. If you need to update your
vCenter credentials or transfer administrative ownership to another vSphere user
account, you can update the cluster's configuration file and then
use the gkectl update credentials vsphere command to deploy those changes.
Example vCenter username and password configuration:
Consider creating a copy that you can modify and use for this purpose only.
For example: vcenter-creds-config.yaml
Modify your configuration file:
Depending on whether you are updating either your admin cluster or user
cluster, you must modify your configuration file by removing one of the
following sections:
To update the user cluster, remove the admincluster section.
Leave the usercluster section in your configuration but remove all
of the contents of the admincluster section. For example:
Update the username and password attributes under vCenter.credentials
to include the vCenter credentials that you want to set for the cluster.
For example:
[VCENTER_CREDS_CONFIG.YAML]: Specifies the
configuration
file that includes the vCenter credentials that you want to deploy to
your cluster. Example: vcenter-creds-config.yaml
[CLUSTER_KUBECONFIG]: Specifies the
kubeconfig
file of the admin cluster that you want to update.
Example: kubeconfig
For the admin cluster, you must also include the
--admin-cluster flag.
--admin-cluster: Required flag if you are
deploying changes to the admin cluster. Exclude this flag when deploying
changes to the user cluster.
Result: The changed vCenter credentials are immediately validated against
the server and a confirmation is output to the terminal:
"vsphere credentials updated successfully". If the new credentials fail to
log in to the vCenter server, you can edit the username and password in
the configuration file and redeploy your changes.
Examples:
User cluster example: To deploy changes to the vCenter credentials on a
user cluster, you run:
validating new credentials against vcenter
restarted "deployment/clusterapi-controllers" in namespace "testcluster"
restarted "deployment/kube-controller-manager" in namespace "testcluster"
restarted "statefulsets/kube-apiserver" in namespace "testcluster"
vsphere credentials updated successfully.
Admin cluster example: To deploy changes to the vCenter credentials on an
admin cluster, you run:
validating new credentials against vcenter
restarted "deployment/clusterapi-controllers" in namespace "kube-system"
vsphere credentials updated successfully.
Updating F5 BIG-IP credentials for a user cluster
Update the F5 BIG-IP credentials in the F5 web interface.
SSH into an admin workstation, version 1.4.1 or later.
On your admin workstation, use the following steps to update the F5 BIG-IP
credentials for a user cluster.
Make a copy of your user cluster configuration file. Name the copy
user-f5-creds.yaml. For example:
cp user-cluster.yaml user-f5-creds.yaml
In user-f5-creds.yaml, update the F5 credentials. For example:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide outlines how to update vCenter and F5 BIG-IP credentials for Google Distributed Cloud clusters, using \u003ccode\u003egkectl\u003c/code\u003e commands for deployment.\u003c/p\u003e\n"],["\u003cp\u003eStarting with version 1.3.1, you can update vCenter credentials using the \u003ccode\u003egkectl update credentials vsphere\u003c/code\u003e command, requiring modification of the cluster's configuration file.\u003c/p\u003e\n"],["\u003cp\u003eFrom version 1.4.1 onwards, F5 BIG-IP credentials can be updated using the \u003ccode\u003egkectl update credentials f5bigip\u003c/code\u003e command, which also requires modifying the respective cluster's configuration file.\u003c/p\u003e\n"],["\u003cp\u003eUpdating vCenter credentials involves obtaining new credentials, modifying the appropriate cluster configuration file to include the new username and password, and using \u003ccode\u003egkectl\u003c/code\u003e to deploy the changes.\u003c/p\u003e\n"],["\u003cp\u003eUpdating F5 BIG-IP credentials involves modifying the cluster config file with the new credentials and using the \u003ccode\u003egkectl\u003c/code\u003e command to deploy the changes to the user cluster, also using a copy of the original config file for changes.\u003c/p\u003e\n"]]],[],null,["# Updating cluster credentials\n\nThis page shows how to update the vCenter and F5 BIG-IP credentials for an Google Distributed Cloud\ncluster.\n\nStarting in Google Distributed Cloud version 1.3.1, you can update the\n[vCenter credentials](/anthos/clusters/docs/on-prem/1.6/how-to/vsphere-requirements-basic)\nby using the `gkectl update credentials vsphere` command.\n\nStarting in Google Distributed Cloud version 1.4.1, you can update the\nF5 BIG-IP credentials by using the `gkectl update credentials f5bigip`\ncommand.\n\nUpdating vSphere credentials\n----------------------------\n\nThe vCenter credentials that you want to add to a cluster must already\nexist. [Learn about vCenter roles and user\nprivileges](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-18071E9A-EED1-4968-8D51-E0B4F526FDA3.html).\n\nEach admin and user cluster is initially configured to use the [vCenter username\nand password](/anthos/clusters/docs/on-prem/1.6/how-to/admin-workstation#vcentercredentialsusername)\nthat you used to create those clusters. If you need to update your\nvCenter credentials or transfer administrative ownership to another vSphere user\naccount, you can update the cluster's configuration file and then\nuse the `gkectl update credentials vsphere` command to deploy those changes.\n\nExample vCenter username and password configuration: \n\n ...\n vcenter:\n credentials:\n ...\n username: \"vCenter-username@vsphere.local\"\n password: \"vCenter-user-password\"\n ...\n\nUse the following steps to update the vCenter credentials on your clusters:\n\n1. Obtain the username and password of the existing vCenter credentials to\n which you want to configure your admin or user clusters.\n\n2. SSH into your admin workstation by running the following command:\n\n ```\n ssh -i ~/.ssh/vsphere_workstation ubuntu@[IP_ADDRESS]\n ```\n\n where \u003cvar translate=\"no\"\u003e[IP_ADDRESS]\u003c/var\u003e is the IP address of your admin workstation.\n3. Open your [configuration\n file](/anthos/clusters/docs/on-prem/1.6/reference/gkectl/update) in an editor.\n\n Consider creating a copy that you can modify and use for this purpose only.\n For example: `vcenter-creds-config.yaml`\n4. Modify your configuration file:\n\n 1. Depending on whether you are updating either your admin cluster or user\n cluster, you must modify your configuration file by removing one of the\n following sections:\n\n - To update the user cluster, remove the `admincluster` section.\n\n Leave the `usercluster` section in your configuration but remove all\n of the contents of the `admincluster` section. For example:\n\n ```\n admincluster:\n vcenter:\n network: \"\"\n bigip:\n ...\n podiprange: \"\"\n ```\n\n \u003cbr /\u003e\n\n - To update the admin cluster, remove the `usercluster` section.\n\n Leave the `admincluster` section in your configuration but remove all\n of the contents of the `usercluster` section. For example:\n\n ```\n usercluster:\n vcenter:\n network: \"\"\n bigip:\n ...\n clustername: \"\"\n masternode:\n ...\n podiprange: \"\"\n ```\n\n \u003cbr /\u003e\n\n 2. Update the `username` and `password` attributes under `vCenter.credentials`\n to include the vCenter credentials that you want to set for the cluster.\n For example:\n\n ```\n gcp:\n whitelistedServiceAccountKeyPath: \"my-key-folder/whitelisted-key.json\"\n vCenter:\n credentials:\n address: \"203.0.113.1\"\n username: \"vCenter-user-account@vsphere.local\"\n password: \"user-account-password\"\n datacenter: \"MY-DATACENTER\"\n datastore: \"MY-DATASTORE\"\n cluster: \"MY-CLUSTER\"\n ...\n ```\n5. Run the [`gkectl update credentials\n vsphere`](/anthos/clusters/docs/on-prem/1.6/reference/gkectl/update#gkectl_update_credentials_vsphere)\n command to deploy the changes to your cluster:\n\n ```\n gkectl update credentials vsphere \\\n --config [VCENTER_CREDS_CONFIG.YAML] \\\n --kubeconfig [CLUSTER_KUBECONFIG] \\\n --admin-cluster\n ```\n\n where:\n - \u003cvar translate=\"no\"\u003e[VCENTER_CREDS_CONFIG.YAML]\u003c/var\u003e: Specifies the [configuration\n file](/anthos/clusters/docs/on-prem/1.6/reference/gkectl/update) that includes the vCenter credentials that you want to deploy to your cluster. Example: `vcenter-creds-config.yaml`\n - \u003cvar translate=\"no\"\u003e[CLUSTER_KUBECONFIG]\u003c/var\u003e: Specifies the [`kubeconfig`](/anthos/clusters/docs/on-prem/1.6/how-to/create-admin-cluster#create-admin-cluster) file of the admin cluster that you want to update. Example: `kubeconfig`\n\n For the admin cluster, you must also include the\n `--admin-cluster` flag.\n - `--admin-cluster`: Required flag if you are deploying changes to the admin cluster. Exclude this flag when deploying changes to the user cluster.\n\n Result: The changed vCenter credentials are immediately validated against\n the server and a confirmation is output to the terminal:\n \"`vsphere credentials updated successfully`\". If the new credentials fail to\n log in to the vCenter server, you can edit the `username` and `password` in\n the configuration file and redeploy your changes.\n\n **Examples:**\n - User cluster example: To deploy changes to the vCenter credentials on a\n user cluster, you run:\n\n ```\n gkectl update credentials vsphere \\\n --config vcenter-creds-user-config.yaml --kubeconfig admin-cluster-kubeconfig\n ```\n\n Result: \n\n ```\n validating new credentials against vcenter\n restarted \"deployment/clusterapi-controllers\" in namespace \"testcluster\"\n restarted \"deployment/kube-controller-manager\" in namespace \"testcluster\"\n restarted \"statefulsets/kube-apiserver\" in namespace \"testcluster\"\n vsphere credentials updated successfully.\n ```\n - Admin cluster example: To deploy changes to the vCenter credentials on an\n admin cluster, you run:\n\n ```\n gkectl update credentials vsphere \\\n --config vcenter-creds-admin-config.yaml --kubeconfig admin-cluster-kubeconfig \\\n --admin-cluster\n ```\n\n Result: \n\n ```\n validating new credentials against vcenter\n restarted \"deployment/clusterapi-controllers\" in namespace \"kube-system\"\n vsphere credentials updated successfully.\n ```\n\nUpdating F5 BIG-IP credentials for a user cluster\n-------------------------------------------------\n\nUpdate the F5 BIG-IP credentials in the F5 web interface.\n\nSSH into an admin workstation, version 1.4.1 or later.\n\nOn your admin workstation, use the following steps to update the F5 BIG-IP\ncredentials for a user cluster.\n\n1. Make a copy of your user cluster configuration file. Name the copy\n `user-f5-creds.yaml`. For example:\n\n ```\n cp user-cluster.yaml user-f5-creds.yaml\n ```\n2. In `user-f5-creds.yaml`, update the F5 credentials. For example:\n\n ```\n apiVersion: v1\n kind: UserCluster\n ...\n f5BigIP:\n ...\n credentials:\n username: \"new-user\"\n password: \"new-password\"\n ```\n3. Update the F5 BIG-IP credentials for your user cluster::\n\n ```\n gkectl update credentials f5bigip --config user-f5-config.yaml \\\n --kubeconfig ADMIN_CLUSTER_KUBECONFIG\n ```\n\nUpdating F5 BIG-IP credentials for the admin cluster\n----------------------------------------------------\n\nUpdate the F5 BIG-IP credentials in the F5 web interface.\n\nSSH into an admin workstation, version 1.4.1 or later.\n\nOn your admin workstation, use the following steps to update the F5 BIG-IP\ncredentials for the admin cluster.\n\n1. Make a copy of your admin cluster configuration file. Name the copy\n `admin-f5-creds.yaml`. For example:\n\n ```\n cp admin-cluster.yaml admin-f5-creds.yaml\n ```\n2. In `admin-f5-creds.yaml`, update the F5 credentials. For example:\n\n ```\n apiVersion: v1\n kind: AdminCluster\n ...\n f5BigIP:\n ...\n credentials:\n username: \"new-user\"\n password: \"new-password\"\n ```\n3. Update the F5 BIG-IP credentials for your admin cluster::\n\n ```\n gkectl update credentials f5bigip --config admin-f5-config.yaml \\\n --kubeconfig ADMIN_CLUSTER_KUBECONFIG --admin-cluster\n ```"]]
