Updating cluster credentials

This page shows how to update the vCenter and F5 BIG-IP credentials for the admin cluster or a user cluster for Google Distributed Cloud.

Update vSphere credentials

The vCenter credentials that you want to add to a cluster must already exist. Learn about vCenter roles and user privileges.

The admin cluster and each user cluster are initially configured to use the vCenter username and password that you used to create those clusters. The admin cluster configuration file contains a reference to a credentials file, as does each user cluster configuration file. These references can be different for each cluster.

Use the following steps to update the vCenter credentials on a cluster:

  1. In the admin workstation, open your credentials configuration file in an editor.

    Update the username and password attributes in the credentials configuration file.

  2. Run the gkectl update credentials vsphere command to deploy the changes to a cluster:

    gkectl update credentials vsphere \
      --config CLUSTER_CONFIG \
      --kubeconfig CLUSTER_KUBECONFIG \
      --admin-cluster

    Replace the following:

    • CLUSTER_CONFIG: Specifies the admin cluster configuration file or the user cluster configuration file, depending on which cluster you are updating.That cluster configuration file includes a reference to the vCenter credentials that you want to deploy to your cluster.
    • ADMIN_CLUSTER_KUBECONFIG: Specifies the kubeconfig file of the admin cluster. Example: kubeconfig

      For updating credentials for the admin cluster, you must also include the --admin-cluster flag.

    • --admin-cluster: Required flag if you are deploying changes to the admin cluster. Exclude this flag when deploying changes to a user cluster.

    Result: The changed vCenter credentials are immediately validated against the server and a confirmation is output to the terminal: "vsphere credentials updated successfully". If the new credentials fail to log in to the vCenter server, you can edit the username and password in the credentials file and redeploy your changes.

    Examples:

    • User cluster example:

      gkectl update credentials vsphere \
      --config USER_CLUSTER_CONFIG --kubeconfig ADMIN_CLUSTER_KUBECONFIG

      If successful, the result output indicates that the vSphere credentials have updated successfully.

    • Admin cluster example:

      gkectl update credentials vsphere \
      --config ADMIN_CLUSTER_CONFIG --kubeconfig ADMIN_CLUSTER_KUBECONFIG \
      --admin-cluster

      Result:

      validating new credentials against vcenter
      restarted "deployment/clusterapi-controllers" in namespace "kube-system"
      vsphere credentials updated successfully.

Update F5 BIG-IP credentials for an admin cluster or a user cluster

Update the F5 BIG-IP credentials in the F5 web interface.

On your admin workstation, use the following steps to update the F5 BIG-IP credentials for an admin cluster or a user cluster.

  1. Edit your F5 credentials file to change the credentials.

  2. Update the F5 BIG-IP credentials for your cluster:

    gkectl update credentials f5bigip --config CLUSTER_CONFIG \
       --kubeconfig ADMIN_CLUSTER_KUBECONFIG --admin-cluster
    

Update private registry credentials for an admin cluster or a user cluster (Preview)

You can update the private registry credentials and certificate (server update is not supported) for a cluster. As you do the update, both the current and new credentials must be able to connect to the private registry.

On your admin workstation, use the following steps to update the private registry credentials for an admin cluster or a user cluster.

  1. Update your private registry credentials in the credentials configuration file.

  2. Update the cluster to use the new private registry credentials:

    Admin cluster:

    gkectl update credentials privateregistry --config CLUSTER_CONFIG \
       --kubeconfig ADMIN_CLUSTER_KUBECONFIG --admin-cluster
    

    User cluster:

    gkectl update credentials privateregistry --config CLUSTER_CONFIG \
       --kubeconfig ADMIN_CLUSTER_KUBECONFIG
    

Update other credentials

To update keys for your Identity and Access Management service accounts, see Rotate service account keys.