This document shows how to generate a set of configuration files from an existing cluster.
One way to create a cluster is to use the gkectl command-line tool. First you
create a set of configuration files for the cluster. Then you run one of the
following commands:
gkectl create adminto create an admin clustergkectl create clusterto create a user cluster
Over time, your original configuration files might become out of sync with the actual state of your cluster. For example, if you update a cluster by editing a custom resource, then your original configuration files might not be an accurate representation of the cluster.
Another way to create a cluster is to use the Google Cloud console, and in that case, you would not have any cluster configuration files. Later you might need cluster configuration files so that you can make certain updates to the cluster.
If you suspect your original configuration files are out of sync with your
cluster, or if you don't have configuration files, you can use the
gkectl get-config command to generate a new set of configuration files that
accurately represent the current state of the cluster.
You can use gkectl get-config with:
- User clusters
- Admin clusters
Generate configuration files
To generate a new set of configuration files for a user cluster:
gkectl get-config cluster --kubeconfig ADMIN_CLUSTER_KUBECONFIG \
--cluster-name USER_CLUSTER_NAME
Replace the following:
ADMIN_CLUSTER_KUBECONFIG: the path of the kubeconfig file for the admin cluster
USER_CLUSTER_NAME: the name of the user cluster
To generate a new set of configuration files for an admin cluster:
gkectl get-config admin --kubeconfig ADMIN_CLUSTER_KUBECONFIG \
--bundle-path BUNDLE
Replace the following:
ADMIN_CLUSTER_KUBECONFIG: the kubeconfig file for the admin cluster
BUNDLE: the path of the GKE on VMware bundle file. The bundle file is on your admin workstation, typically at
/var/lib/gke/bundles/gke-onprem-vsphere-VERSION-full.tgz. If you don't already have a bundle file, you can download one.
By default, the generated configuration files are written to a sub-directory of
the current directory. For a user cluster, the output directory is named
user-cluster-config-output. For an admin cluster, the output directory is
named admin-cluster-config-output.
If you prefer to have the generated files in a different directory, you can
use the --output-dir parameter to specify the path of an output directory.
For example:
gkectl get-config cluster --kubeconfig my-kubeconfig \
--cluster-name my-cluster \
--output-dir /home/me/configuration/generated-files
If there are already files in the default output directory or a specified output
directory, you must include the --force flag so that the newly generated files
will replace the existing files. Otherwise the command will fail. For example:
gkectl get-config cluster --kubeconfig my-kubeconfig \
--cluster-name my-cluster \
--output-dir /home/me/configuration/generated-files
--force
Generated files for an admin cluster
| Filename | Description |
|---|---|
admin-cluster.yaml |
Admin cluster configuration file
Always generated |
admin-cluster-creds.yaml |
Cluster credentials file
Always generated |
component-access-key.json |
JSON key file for your
component access service account
Always generated |
vcenter-ca-cert.pem |
Root certificate
for your vCenter Server
Always generated |
admin-cluster-ipblock.yaml |
IP block file for
cluster nodes
Generated if the cluster nodes use static IP addresses |
admin-seesaw-ipblock.yaml |
IP block file for Seesaw VMs
Generated if the cluster uses the Seesaw load balancer |
connect-register-key.json |
JSON key file for your
connect register service account
Always generated |
private-registry-ca.crt |
Root certificate for your private registry server
Generated if the cluster uses a private registry |
stackdriver-key.json |
JSON key file for your
logging monitoring service account
Generated if the cluster is configured to to export logs and metrics to Cloud Logging and Cloud Monitoring ( stackdriver section in the cluster configuration file)
|
audit-logging-key.json |
JSON key file for your
audit logging service account
Generated if the cluster uses Cloud Audit Logs |
Generated files for a user cluster
| Filename | Description |
|---|---|
user-cluster.yaml |
User cluster configuration file
Always generated |
user-cluster-creds.yaml |
Cluster credentials file
Generated if the cluster is not using prepared credentials |
vcenter-ca-cert.pem |
Root certificate
for your vCenter Server
Always generated |
user-cluster-ipblock.yaml |
IP block file for cluster nodes
Generated if the cluster nodes use static IP addresses |
user-seesaw-ipblock.yaml |
IP block file for Seesaw VMs
Generated if the cluster uses the Seesaw load balancer |
private-registry-ca.crt |
Root certificate for your private registry server
Generated if the cluster uses a private registry |
component-access-key.json |
JSON key file for your
component access service account
Generated if the cluster is not using a private registry |
connect-register-key.json |
JSON key file for your
connect register service account
Always generated |
stackdriver-key.json |
JSON key file for your
logging monitoring service account
Generated if the cluster is configured to to export logs and metrics to Cloud Logging and Cloud Monitoring ( stackdriver section in the cluster configuration file)
|
audit-logging-key.json |
JSON key file for your
audit logging service account
Generated if the cluster uses Cloud Audit Logs |
usage-metering-key.json |
JSON key file for your
usage metering service account
Generated if the cluster stores usage data in a BigQuery dataset |
secrets.yaml |
Secrets configuration file
Generated if the cluster uses prepared credentials For this file to be generated, you must include the --export-secrets-config flag in the
gkectl get-config cluster command.
|
sni-cert.pem |
Additional serving certificate
for the Kubernetes API server
Generated if the cluster is configured to use Server Name Indication (SNI) |
sni-key.json |
Private key file for the additional serving certificate
Generated if the cluster is configured to use SNI |