Users notice that their K8S VIMs are Disconnected in TCA-M, or the status of the Workload Cluster is disconnected (indicated with a red dot) in TCA-CP Appliance Management portal (9443).
VMware Telco Cloud Automation 2.3, 2.3.0.1
Starting from TCA 2.3, TCA supports automatic certificate renewal for both management cluster and v2 workload clusters. Refer this for more details.
In certain cases, the certificates are renewed, but these are not synced to the TCA appliances. In such scenarios, users would notice that the relevant K8S VIM is Disconnected in TCA-M, or the status of this Cluster might be disconnected (indicated with a red dot) in TCA-CP Appliance Management portal (9443).
In such cases, it is required to manually update the Cluster certificates and / or kubeconfig stored in TCA database.
There are 2 parts to updating the CaaS Cluster certificates:
This KB talks about step 2.
The assumption here is that the individual Cluster certificates have all been replaced correctly. If not, please follow the entire KB here: https://knowledge.broadcom.com/external/article?legacyId=94761
This has been resolved in VMware Telco Cloud Automation 2.3.0.2 and newer versions (3.x).
For a manual resolution for VMware Telco Cloud Automation 2.3 or 2.3.0.1, please follow the steps below.
Note: All (upgraded and non-upgraded) Clusters require the kubeconfig to be synchronised
i.e. both upgraded and non-upgraded Clusters should follow this procedure.
curl -D - --location --insecure --request POST 'https://tca-m-url/hybridity/api/sessions' --header 'Accept: application/json' --header 'Content-Type: text/plain' --data-raw '{"username": "username","password": "plain_text_password"}'
curl --location --insecure --request POST 'https://tca-m-fqdn/telco/api/caas/v2/clusters/cluster_name/syncKubeconfig' --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'x-hm-authorization: auth-token'
curl --location --insecure --request GET 'https://tca-m-fqdn/hybridity/api/jobs/job_id_from_above_response' --header 'Accept: application/json' --header 'x-hm-authorization: auth-token'
ssh admin@tca-cp
su -
systemctl restart app-engine
systemctl restart web-engine