This topic describes how to deactivate VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) cluster admission control plugins.
For more information about Admission Control Plugins, see Using Admission Control Plugins for Tanzu Kubernetes Grid Integrated Edition Clusters.
To deactivate a single admission control plugin, do the following:
Alternatively, instead of enabling Upgrade all clusters errand, you can upgrade individual Kubernetes clusters through the TKGI Command Line Interface (TKGI CLI). For instructions on upgrading individual Kubernetes clusters, see Upgrading Clusters.
The Ops Manager UI does not let you deselect (deactivate) all admission control plugins.
In other words, after an admission control plugin is activated, the Ops Manager UI requires that at least one admission control plugin check box is selected (activated).
To deactivate an orphaned Admission control Plugin, complete the following workflow:
Obtain the BOSH deployment name for the Tanzu Kubernetes Grid Integrated Edition tile by doing one of the following options:
Option 1: Use the Ops Manager API:
In a terminal, run the following command:
curl -i "https://OPS-MAN-FQDN/api/v0/staged/products" -X GET -H "Authorization: Bearer UAA-ACCESS-TOKEN" -k
installation_name
that begins with pivotal-container-service
.pivotal-container-service-4b48fc5b704d54c6c7de
.Option 2: Use the Ops Manager UI:
Copy the BOSH deployment name including the GUID from the URL:
The deployment name contains “pivotal-container-service” and a unique GUID string. For example, pivotal-container-service-4b48fc5b704d54c6c7de
.
To deactivate the orphaned admission control plugin, run the following Ops Manager API command:
curl -i "https://OPS-MAN-FQDN/api/v0/staged/pivotal-container-service-GUID/properties" \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-X PUT -d '{"properties": {".properties.PLAN-NUMBER_selector.active.admission_plugins":{"value":[]}}}' \
-H "Content-Type: application/json"
Where:
OPS-MAN-FQDN
is the URL of your Ops Manager.pivotal-container-service-GUID
is the BOSH deployment name of your Tanzu Kubernetes Grid Integrated Edition that you retrieved earlier in this procedure.UAA-ACCESS-TOKEN
is the UAA token you retrieved earlier in this procedure.PLAN-NUMBER
is the plan configuration you want to update. For example, plan1
or plan2
.For example:
$ curl -i "https://pcf.example.com/api/v0/staged/products/pivotal-container-service-4b48fc5b704d54c6c7de/properties" \
-H "Authorization: Bearer aBcdEfg0hIJKlm123.e" \
-X PUT -d '{"properties": {".properties.plan1_selector.active.admission_plugins":{"value":[]}}}' \
-H "Content-Type: application/json"
From the output, verify that the command returns a HTTP 200
status code.
Validate your manifest change in the Ops Manager UI. Do the following:
Verify that the admission control plugins are displayed as removed in the Manifest section. For example:
Click Apply Changes.