How to update the configuration for add-on secrets in Tanzu Kubernetes Grid
search cancel

How to update the configuration for add-on secrets in Tanzu Kubernetes Grid

book

Article ID: 316949

calendar_today

Updated On:

Products

Tanzu Kubernetes Grid

Issue/Introduction

This article provides instructions for updating the configuration of add-on secrets in Tanzu Kubernetes Grid (TKG) to make changes persistent through upgrades.

Pinniped also utilizes the an add-on secret when utilized with an LDAP solution.  Thus, these are the steps to also renew a Pinniped LDAP password.

Environment

Tanzu Kubernetes Grid 1.x
Tanzu Kubernetes Grid 2.5.x

Cause

The Pinniped LDAP passwords may have an expiry time per the LDAP solution being used by the TKG Operator.

Resolution

TKG 2.5.x and higher: For the Pinniped LDAP password update, that add-on secret is updated using the following steps: 

  1. Issue a command similar to the following to switch to the TKG management cluster context: 

kubectl config use-context <MGMT-CLUSTER>-admin@<MGMT-CLUSTER>

  1. Issue a command similar to the following to export the two add-on secrets to be modified (Pinniped in this example) to two separate text files: 

kubectl get secret  <MGMT-CLUSTER>-pinniped-data-values -n tkg-system -o jsonpath="{.data.values\.yaml}" | base64 --decode > pinniped-data-values.yaml

kubectl get secret  <MGMT-CLUSTER>-pinniped-package -n tkg-system -o jsonpath="{.data.values\.yaml}" | base64 --decode > pinniped-package-values.yaml

  1. Open the pinniped-data-values.yaml file with a text editor and make any needed changes. Save and close the file.

  2. Open the pinniped-package-values.yaml file with a text editor and make any needed changes. Save and close the file

  3. Issue the following command encode the contents of the pinniped-data-values.yaml file:
base64 -w 0 pinniped-data-values.yaml

Note: Make a note of the encoded value as it will be used in a future step.
  1. Issue a command similar to the following to open the secret for editing:

kubectl edit secret MGMT-CLUSTER-pinniped-data-values -n tkg-system

  1. Replace the encoded pinniped-data-values.yaml data with the value noted in Step 5.

  2. Type :wq to close the editor.

  3. Issue the following command encode the contents of the pinniped-package-values.yaml file

    base64 -w 0 pinniped-package-values.yaml

    Note: Make a note of the encoded value as it will be used in a future step.

  4. Issue a command similar to the following to open the secret for editing:

    kubectl edit secret MGMT-CLUSTER-pinniped-package -n tkg-system

  5. Replace the encoded pinniped-package-values.yaml data with the value noted in Step 9.

  6. Type :wq to close the editor.
 

 

For TKG versions older than 2.X.X: Pinniped LDAP password update, that add-on secret is updated using the following steps:

  1. Issue a command similar to the following to switch to the TKG management cluster context:

kubectl config use-context <MGMT-CLUSTER>-admin@<MGMT-CLUSTER>

  1. Issue a command similar to the following to export the add-on secret to be modified (pinniped in this example) to a text file: 

kubectl get secret  <MGMT-CLUSTER>-pinniped-addon -n tkg-system -o jsonpath="{.data.values\.yaml}" | base64 --decode > values.yaml

  1. Open the values.yaml file with a text editor and make any needed changes. Save and close the file.

  2. Issue the following command encode the contents of the values.yaml file:
base64 -w 0 values.yaml

Note: Make a note of the encoded value as it will be used in a future step.
  1. Issue a command similar to the following to open the secret for editing:

kubectl edit secret MGMT-CLUSTER-pinniped-addon -n tkg-system

  1. Replace the encoded values.yaml data with the value noted in Step 4.

  2. Type :wq to close the editor.

Additional Information

NOTE: You should not change the "name" of these secrets.

Powered by Wolken Software