Updating Avi Load balancer certificate in VKS deployment
search cancel

Updating Avi Load balancer certificate in VKS deployment

book

Article ID: 334986

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service VMware Avi Load Balancer

Issue/Introduction

This knowledge base article outlines the process for rotating the NSX Advanced Load Balancer (AVI) certificate and updating it on the VMware supervisor.

Environment

Avi Load balancer

vSphere Kuberenetes service 

 

Cause

Avi portal certificate expired which can lead to failure in establishing secure communication between AKO pod running in VKS supervisor and Avi controller. 

Resolution

Create a new controller certificate

  1. Log in to AVI UI
  2. Go to templates >  security > TLS certificate
  3. Create a new certificate for Controller. 
    Reference techdoc: SSL-Certificates 
  4. Then copy the same certificate by clicking on the download button 
  5. Log in to vSphere UI
  6. Workload management > supervisor cluster > loadbalancer> edit certificate - paste the certificate copied in step 4 > save

Assign this new controller certificate to the AVI controller 

  1. Log in to AVI UI
  2. Go to Administration > System Settings > Edit -  change the SSL/TLS certificate with the new one created. 

Restart AKO pod for the certificate change to be consumed by AKO pod. 

  1. SSH to the supervisor cluster and check the ako pod:
    kubectl get pods -A | grep -i ako
  2. Restart this ako pod, then confirm it's running.
    kubectl delete pod vmware-system-ako-ako-controller-manager-#### -n vmware-system-ako
  3. Confirm the AKO pod is in running state: 
    kubectl get pods -A | grep -i ako




Additional Information



Powered by Wolken Software