Rotation of the VKS Supervisor cluster certificates gives the error "error restarting apiserver-proxy"

search cancel

Rotation of the VKS Supervisor cluster certificates gives the error "error restarting apiserver-proxy"

book

Article ID: 420224

calendar_today

Updated On:

Products

Tanzu Kubernetes Runtime

Issue/Introduction

Rotation/Replacement of the Supervisor cluster certificates using the wcp-cert-manager utility returns "error" under the "OVERALL STATUS" column. The error message seen is

error restarting apiserver-proxy: error while stopping container wcp-apiserver-proxy after 5 attempts: crictl: wcp-apiserver-proxy not running
The screenshot below confirms how exactly the failure looks like.

Environment

VMware vSphere Kubernetes Service
VMware vCenter Server 8.x
VMware vCenter Server 9.0

Cause

The missing apiserver-proxy pod marks the overall status of the certificate replacement task as "failed".

Resolution

The wcp-apiserver-proxy pod isn't present in the current vSphere 8.x versions and 9.0 as well. Engineering is working on improving the cert-manager utility to skip the pod restart if the pod or the certificate associated with the pod doesn't exist.

If all the other valid certificates have been replaced successfully, error concerning the wcp-apiserver-proxy pod can be ignored.

Feedback

thumb_up Yes

thumb_down No