Tanzu package configuration not reconciled to all workload clusters
search cancel

Tanzu package configuration not reconciled to all workload clusters

book

Article ID: 389077

calendar_today

Updated On:

Products

Tanzu Kubernetes Runtime

Issue/Introduction

An update is made to one of the auto-managed packages on the Management cluster, it is expected that this configuration is reconciled on all corresponding packages on Workload clusters.

However while updating the AVI CA Cert on the Management cluster, the load-balancer-and-ingress-service package is not reconciled on all workload clusters and new AVI CA is not reflected in the AKO configuration on the workload clusters. Only some workload cluster are updated with new AVI CA Cert.

This issue can be observed for different packages, not just load-balancer-and-ingress-service package.

Environment

TKGm 2.5.2

Cause

Known issue in tanzu-addon-controller-manager

 

Resolution

Manually update the secret associated with the package on each impacted workload cluster.

In the case for AVI CA Cert, manually update the Load Balancer and Ingress secret

kubectl get secret -n tkg-system <Load Balancer secret> -o jsonpath='{.data.values\.yaml}' | base64 -d > values.yaml

Updated CA Cert in values.yaml

Base64 encode values.yaml

cat values.yaml | base64 -w 0

Update load balancer and ingress secret with encoded values.yaml

kubectl edit secret -n tkg-system <Load Balancer secret>
Powered by Wolken Software