Updating Expired AVI Password in the TKG Environment
search cancel

Updating Expired AVI Password in the TKG Environment

book

Article ID: 379052

calendar_today

Updated On:

Products

Tanzu Kubernetes Grid VMware Tanzu Kubernetes Grid VMware Tanzu Kubernetes Grid Management

Issue/Introduction

AVI password expired and the changed password needed to be updated in the TKG environment

Environment

Tanzu Kubernetes Grid 2.x

Resolution

To change the AVI password following steps were followed

  • Patched the following secrets with the new password
Note: 

It's very critical to keep the file name exactly as tkgpackagevalues.yaml and values.yaml as mentioned in the below because the file name is also used as the key name in K8s secret


# Setup variables
export MGMT_CLUSTER=<management cluster name>
export NS="tkg-system"
export PKG_NAME="$MGMT_CLUSTER-load-balancer-and-ingress-service"

kubectl get secret -n $NS $PKG_NAME-addon \
-o jsonpath="{.data.values\.yaml}" | base64 -d > values.yaml

# Edit password field in the values.yaml
kubectl patch secret $PKG_NAME-addon -n $NS \
-p "{\"data\":{\"values.yaml\":\"$(base64 -w 0 < values.yaml)\"}}" --type=merge

kubectl get secret -n tkg-system tkg-pkg-tkg-system-values \
-o jsonpath="{.data.tkgpackagevalues\.yaml}" | base64 -d > tkgpackagevalues.yaml

# Edit avi_password field in the tkgpackagevalues.yaml
kubectl patch secret -n tkg-system tkg-pkg-tkg-system-values \
-p "{\"data\":{\"tkgpackagevalues.yaml\":\"$(base64 -w 0 < tkgpackagevalues.yaml)\"}}" --type=merge

kubectl get secret -n tkg-system ako-operator-v2-values \
-o jsonpath="{.data.values\.yaml}" | base64 -d > values.yaml

# Edit avi_password field in the values.yaml
kubectl patch secret -n tkg-system ako-operator-v2-values \
-p "{\"data\":{\"values.yaml\":\"$(base64 -w 0 < values.yaml)\"}}" --type=merge

# Edit password field with the base64 decoded value of the password
kubectl edit secret -n  tkg-system-networking avi-controller-credentials
  • Kick off package reconciliation
tanzu package installed kick -n tkg-system $PKG_NAME  --debug -y
tanzu package installed kick -n tkg-system ako-operator --debug -y
  • Verified passwords are propagated to all the secrets
kubectl get secret -n  tkg-system-networking avi-controller-credentials -oyaml | grep pass
kubectl get secret -n $NS $PKG_NAME-data-values -o jsonpath="{.data.values\.yaml}" | base64 -d | grep pass
kubectl get secret -n tkg-system tkg-pkg-tkg-system-values -o jsonpath="{.data.tkgpackagevalues\.yaml}" | base64 -d | grep pass
kubectl get secret -n $NS $PKG_NAME-addon -o jsonpath="{.data.values\.yaml}" | base64 -d | grep pass
kubectl get secret -n tkg-system ako-operator-v2-values -o jsonpath="{.data.values\.yaml}" | base64 -d | grep pass