The certmgr-tool does not work correctly in stretched supervisor environments

search cancel

The certmgr-tool does not work correctly in stretched supervisor environments

book

Article ID: 422645

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

When certmgr tool command are run from a vCenter with stretched supervisor cluster (by following KB322994), they only execute on that specific supervisor node but ignore supervisor nodes residing on other clusters.

Please refer to below screenshot as an example:

#Use certmgr to list the certificates for the Supervisor Cluster
./certmgr certificates list

Environment

vSphere Kubernetes Service

Cause

Broadcom engineering confirmed it is certmgr-tool limitation.They have tracked the issue internally to add support in certmgr tool to work with stretched supervisor cluster, currently there is no ETA could be shared.

Resolution

The certmgr-tool does not work correctly in stretched supervisor environments. When certmgr-tool commands are run from the VC with a stretched supervisor, they only execute on the supervisor master node and ignore CPVMs residing on other clusters.we do have a workaround that involves copying the certmgr-tool to each supervisor node and performing rotation manually.

Feedback

thumb_up Yes

thumb_down No