Starting in Anthos GKE on-prem version 1.3.1, you can update the
of your admin and user clusters with the
gkectl update credentials vsphere
Each admin and user cluster is initially configured to use the vCenter username
that you used to create those clusters. If you need to update your
vCenter credentials or transfer administrative ownership to another vSphere user
account, you can update the cluster's configuration file and then
gkectl update credentials vsphere command to deploy those changes.
Example vCenter username and password configuration:
... vcenter: credentials: ... username: "vCenterfirstname.lastname@example.org" password: "vCenter-user-password" ...
Before you begin
Ensure that you meet the following prerequisites before updating your vCenter credentials:
Only clusters version 1.3.1 or later are supported.
gkectl update credentials vspherecommand currently supports only your cluster's vCenter
password. All other changes that exist in the configuration file are ignored.
The vCenter credentials that you want to add to a cluster must already exist. Learn about vCenter roles and user privileges.
Updating cluster credentials
Use the following steps to update the vCenter credentials on your clusters:
Obtain the username and password of the existing vCenter credentials to which you want to configure your admin or user clusters.
SSH into your admin workstation by running the following command:
ssh -i ~/.ssh/vsphere_workstation ubuntu@[IP_ADDRESS]
where [IP_ADDRESS] is the IP address of your admin workstation.
Open your configuration file in an editor.
Consider creating a copy that you can modify and use for this purpose only. For example:
Modify your configuration file:
Depending on whether you are updating either your admin cluster or user cluster, you must modify your configuration file by removing one of the following sections:
To update the user cluster, remove the
userclustersection in your configuration but remove all of the contents of the
adminclustersection. For example:
admincluster: vcenter: network: "" bigip: ... podiprange: ""
To update the admin cluster, remove the
adminclustersection in your configuration but remove all of the contents of the
userclustersection. For example:
usercluster: vcenter: network: "" bigip: ... clustername: "" masternode: ... podiprange: ""
vCenter.credentialsto include the vCenter credentials that you want to set for the cluster. For example:
gcp: whitelistedServiceAccountKeyPath: "my-key-folder/whitelisted-key.json" vCenter: credentials: address: "203.0.113.1" username: "vCenteremail@example.com" password: "user-account-password" datacenter: "MY-DATACENTER" datastore: "MY-DATASTORE" cluster: "MY-CLUSTER" ...
gkectl update credentials vspherecommand to deploy the changes to your cluster:
gkectl update credentials vsphere \ --config [VCENTER_CREDS_CONFIG.YAML] \ --kubeconfig [CLUSTER_KUBECONFIG] \ --update-admin-cluster
- [VCENTER_CREDS_CONFIG.YAML]: Specifies the
file that includes the vCenter credentials that you want to deploy to
your cluster. Example:
- [CLUSTER_KUBECONFIG]: Specifies the
kubeconfigfile of the admin cluster that you want to update. Example:
For the admin cluster, you must also include the
--update-admin-cluster: Required flag if you are deploying changes to the admin cluster. Exclude this flag when deploying changes to the user cluster.
Result: The changed vCenter credentials are immediately validated against the server and a confirmation is output to the terminal: "
vsphere credentials updated successfully". If the new credentials fail to log in to the vCenter server, you can edit the
passwordin the configuration file and redeploy your changes.
User cluster example: To deploy changes to the vCenter credentials on a user cluster, you run:
gkectl update credentials vsphere \ --config vcenter-creds-user-config.yaml --kubeconfig admin-cluster-kubeconfig
validating new credentials against vcenter restarted "deployment/clusterapi-controllers" in namespace "testcluster" restarted "deployment/kube-controller-manager" in namespace "testcluster" restarted "statefulsets/kube-apiserver" in namespace "testcluster" vsphere credentials updated successfully.
Admin cluster example: To deploy changes to the vCenter credentials on an admin cluster, you run:
gkectl update credentials vsphere \ --config vcenter-creds-admin-config.yaml --kubeconfig admin-cluster-kubeconfig \ --update-admin-cluster
validating new credentials against vcenter restarted "deployment/clusterapi-controllers" in namespace "kube-system" vsphere credentials updated successfully.
- [VCENTER_CREDS_CONFIG.YAML]: Specifies the configuration file that includes the vCenter credentials that you want to deploy to your cluster. Example: