This page shows how to update the vCenter and F5 BIG-IP credentials for an Google Distributed Cloud cluster.
Starting in Google Distributed Cloud version 1.3.1, you can update the
vCenter credentials
by using the gkectl update credentials vsphere
command.
Starting in Google Distributed Cloud version 1.4.1, you can update the
F5 BIG-IP credentials by using the gkectl update credentials f5bigip
command.
Updating vSphere credentials
The vCenter credentials that you want to add to a cluster must already exist. Learn about vCenter roles and user privileges.
Each admin and user cluster is initially configured to use the
vCenter username and password
that you used to create those clusters. If you need to update your
vCenter credentials or transfer administrative ownership to another vSphere user
account, you can update the cluster's configuration file and then
use the gkectl update credentials vsphere
command to deploy those changes.
Example vCenter username and password configuration:
...
vcenter:
credentials:
...
username: "vCenter-username@vsphere.local"
password: "vCenter-user-password"
...
Use the following steps to update the vCenter credentials on your clusters:
Obtain the username and password of the existing vCenter credentials to which you want to configure your admin or user clusters.
SSH into your admin workstation by running the following command:
ssh -i ~/.ssh/vsphere_workstation ubuntu@[IP_ADDRESS]
where [IP_ADDRESS] is the IP address of your admin workstation.
Open your configuration file in an editor.
Consider creating a copy that you can modify and use for this purpose only. For example:
vcenter-creds-config.yaml
Modify your configuration file:
Depending on whether you are updating either your admin cluster or user cluster, you must modify your configuration file by removing one of the following sections:
To update the user cluster, remove the
admincluster
section.Leave the
usercluster
section in your configuration but remove all of the contents of theadmincluster
section. For example:admincluster: vcenter: network: "" bigip: ... podiprange: ""
To update the admin cluster, remove the
usercluster
section.Leave the
admincluster
section in your configuration but remove all of the contents of theusercluster
section. For example:usercluster: vcenter: network: "" bigip: ... clustername: "" masternode: ... podiprange: ""
Update the
username
andpassword
attributes undervCenter.credentials
to include the vCenter credentials that you want to set for the cluster. For example:gcp: whitelistedServiceAccountKeyPath: "my-key-folder/whitelisted-key.json" vCenter: credentials: address: "203.0.113.1" username: "vCenter-user-account@vsphere.local" password: "user-account-password" datacenter: "MY-DATACENTER" datastore: "MY-DATASTORE" cluster: "MY-CLUSTER" ...
Run the
gkectl update credentials vsphere
command to deploy the changes to your cluster:gkectl update credentials vsphere \ --config [VCENTER_CREDS_CONFIG.YAML] \ --kubeconfig [CLUSTER_KUBECONFIG] \ --admin-cluster
where:
- [VCENTER_CREDS_CONFIG.YAML]: Specifies the
configuration
file that includes the vCenter credentials that you want to deploy to
your cluster. Example:
vcenter-creds-config.yaml
- [CLUSTER_KUBECONFIG]: Specifies the
kubeconfig
file of the admin cluster that you want to update. Example:kubeconfig
For the admin cluster, you must also include the
--admin-cluster
flag. --admin-cluster
: Required flag if you are deploying changes to the admin cluster. Exclude this flag when deploying changes to the user cluster.
Result: The changed vCenter credentials are immediately validated against the server and a confirmation is output to the terminal: "
vsphere credentials updated successfully
". If the new credentials fail to log in to the vCenter server, you can edit theusername
andpassword
in the configuration file and redeploy your changes.Examples:
User cluster example: To deploy changes to the vCenter credentials on a user cluster, you run:
gkectl update credentials vsphere \ --config vcenter-creds-user-config.yaml --kubeconfig admin-cluster-kubeconfig
Result:
validating new credentials against vcenter restarted "deployment/clusterapi-controllers" in namespace "testcluster" restarted "deployment/kube-controller-manager" in namespace "testcluster" restarted "statefulsets/kube-apiserver" in namespace "testcluster" vsphere credentials updated successfully.
Admin cluster example: To deploy changes to the vCenter credentials on an admin cluster, you run:
gkectl update credentials vsphere \ --config vcenter-creds-admin-config.yaml --kubeconfig admin-cluster-kubeconfig \ --admin-cluster
Result:
validating new credentials against vcenter restarted "deployment/clusterapi-controllers" in namespace "kube-system" vsphere credentials updated successfully.
- [VCENTER_CREDS_CONFIG.YAML]: Specifies the
configuration
file that includes the vCenter credentials that you want to deploy to
your cluster. Example:
Updating F5 BIG-IP credentials for a user cluster
Update the F5 BIG-IP credentials in the F5 web interface.
SSH into an admin workstation, version 1.4.1 or later.
On your admin workstation, use the following steps to update the F5 BIG-IP credentials for a user cluster.
Make a copy of your user cluster configuration file. Name the copy
user-f5-creds.yaml
. For example:cp user-cluster.yaml user-f5-creds.yaml
In
user-f5-creds.yaml
, update the F5 credentials. For example:apiVersion: v1 kind: UserCluster ... f5BigIP: ... credentials: username: "new-user" password: "new-password"
Update the F5 BIG-IP credentials for your user cluster::
gkectl update credentials f5bigip --config user-f5-config.yaml \ --kubeconfig ADMIN_CLUSTER_KUBECONFIG
Updating F5 BIG-IP credentials for the admin cluster
Update the F5 BIG-IP credentials in the F5 web interface.
SSH into an admin workstation, version 1.4.1 or later.
On your admin workstation, use the following steps to update the F5 BIG-IP credentials for the admin cluster.
Make a copy of your admin cluster configuration file. Name the copy
admin-f5-creds.yaml
. For example:cp admin-cluster.yaml admin-f5-creds.yaml
In
admin-f5-creds.yaml
, update the F5 credentials. For example:apiVersion: v1 kind: AdminCluster ... f5BigIP: ... credentials: username: "new-user" password: "new-password"
Update the F5 BIG-IP credentials for your admin cluster::
gkectl update credentials f5bigip --config admin-f5-config.yaml \ --kubeconfig ADMIN_CLUSTER_KUBECONFIG --admin-cluster
Update other credentials
To update credentials for the cloudauditlogging
, usagemetering
, or stackdriver
components, see Rotate service account keys. For the Connect Agent Service Account key, see Rotate the Connect Agent Service Account key.