Workload Management Supervisor Cluster kubelet certificate manual replacement
Article ID: 323420
Updated On:
Products
VMware vCenter Server 8.0
Issue/Introduction
The kubelet certificate used by a WCP Supervisor Control Plane node is expired.
Please use the Certificate Manager utility to automatically rotate vSphere Supervisor certificates:
Environment
- vSphere Supervisor 7.0
- vSphere Supervisor 8.0
Cause
Certificates in Workload Management Supervisor Clusters are built with the default Kubernetes expiration window of 1 year. This is a Kubernetes design decision that VMware adheres to. Kubernetes clusters should be upgraded more than once a year to ensure certificate expiration doesn't take place.
Resolution
If the certmgr utility from KB article 322994 did not successfully renew the kubelet certificate on a Supervisor Control Plane node, please contact Broadcom Support for assistance.
Additional Information
Impact/Risks:
Kubelet certificate expiration will cause the kubelet service to fail startup. This will lead to a failure to connect to the Supervisor cluster and will prevent users from managing their Guest Clusters.
Kubelet certificate expiration will cause the kubelet service to fail startup. This will lead to a failure to connect to the Supervisor cluster and will prevent users from managing their Guest Clusters.
Feedback
Yes
No
Powered by
