How to renew SSL certificates for AVI Loadbalancer and vSphere with Tanzu
search cancel

How to renew SSL certificates for AVI Loadbalancer and vSphere with Tanzu

book

Article ID: 334986

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vSphere Kubernetes Service VMware Avi Load Balancer

Issue/Introduction

Symptoms:
AVI Load balancer certificate is getting expired and need to be renewed.

Environment

VMware vSphere 7.0 with Tanzu

Resolution

Create a new controller certificate

  1. Login to AVI UI
  2. Go to templates >  security > TLS certificate
  3. Create new certificate (controller certificate)
  4. Then copy the certificate
  5. Login to vSphere UI
  6. Cluster> configure > supervisor cluster > loadbalancer> edit certificate


Assign this new controller certificate to the AVI controller itself

  1. Login to AVI UI
  2. Go to Administration > Settings > Access settings
  3. Edit with the pencil: and change the ssl/TLS certificate as shown in the screenshot and save:




SSH to the supervisor cluster and check the ako pod:

kubectl get pods -A | grep -i ako


Restart this ako pod then confirm it's running

kubectl delete pod vmware-system-ako-ako-controller-manager-XXXX -n vmware-system-ako



Additional Information

Powered by Wolken Software