AVI password expired and the changed password needed to be updated in the TKG environment
Tanzu Kubernetes Grid 2.x
To change the AVI password following steps were followed
Note:
It's very critical to keep the file name exactly as tkgpackagevalues.yaml and values.yaml as mentioned in the below because the file name is also used as the key name in K8s secret
# Setup variables
export MGMT_CLUSTER=<management cluster name>
export NS="tkg-system"
export PKG_NAME="$MGMT_CLUSTER-load-balancer-and-ingress-service"
kubectl get secret -n $NS $PKG_NAME-addon \
-o jsonpath="{.data.values\.yaml}" | base64 -d > values.yaml
# Edit password field in the values.yaml
kubectl patch secret $PKG_NAME-addon -n $NS \
-p "{\"data\":{\"values.yaml\":\"$(base64 -w 0 < values.yaml)\"}}" --type=merge
kubectl get secret -n tkg-system tkg-pkg-tkg-system-values \
-o jsonpath="{.data.tkgpackagevalues\.yaml}" | base64 -d > tkgpackagevalues.yaml
# Edit avi_password field in the tkgpackagevalues.yaml
kubectl patch secret -n tkg-system tkg-pkg-tkg-system-values \
-p "{\"data\":{\"tkgpackagevalues.yaml\":\"$(base64 -w 0 < tkgpackagevalues.yaml)\"}}" --type=merge
kubectl get secret -n tkg-system ako-operator-v2-values \
-o jsonpath="{.data.values\.yaml}" | base64 -d > values.yaml
# Edit avi_password field in the values.yaml
kubectl patch secret -n tkg-system ako-operator-v2-values \
-p "{\"data\":{\"values.yaml\":\"$(base64 -w 0 < values.yaml)\"}}" --type=merge
# Edit password field with the base64 decoded value of the password
kubectl edit secret -n tkg-system-networking avi-controller-credentials
tanzu package installed kick -n tkg-system $PKG_NAME --debug -y
tanzu package installed kick -n tkg-system ako-operator --debug -y
kubectl get secret -n tkg-system-networking avi-controller-credentials -oyaml | grep pass
kubectl get secret -n $NS $PKG_NAME-data-values -o jsonpath="{.data.values\.yaml}" | base64 -d | grep pass
kubectl get secret -n tkg-system tkg-pkg-tkg-system-values -o jsonpath="{.data.tkgpackagevalues\.yaml}" | base64 -d | grep pass
kubectl get secret -n $NS $PKG_NAME-addon -o jsonpath="{.data.values\.yaml}" | base64 -d | grep pass
kubectl get secret -n tkg-system ako-operator-v2-values -o jsonpath="{.data.values\.yaml}" | base64 -d | grep pass