This document guides user to update airgap server CA certificate of a management cluster which is fresh created with TCA 2.3.
Prerequisites
The tkgcontext of management cluster has been updated.
Procedure
- Update cluster CR of management cluster.
# mk get cluster -n tkg-system NAME PHASE AGE VERSION ipv4-airgap-mgmt Provisioned 23d v1.24.10+vmware.1 # mk edit cluster -n tkg-system ipv4-airgap-mgmt # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: ... - name: trust value: additionalTrustedCAs: - data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ2VENDQTZXZ0F3SUJBZ0lVVmJ4bkZ4emtjZXM2c2dhUU1RamltaGR1bWtrd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2JqRUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdNQjBKbGFXcHBibWN4RURBT0JnTlZCQWNNQjBKbAphV3BwYm1jeER6QU5CZ05WQkFvTUJsWk5kMkZ5WlRFTU1Bb0dBMVVFQ3d3RFZFVkRNUnd3R2dZRFZRUUREQk5wCmNIWTJMbVZ1Wnk1MmJYZGhjbVV1WTI5dE1CNFhEVEl5TURneU5qQXlOVGcxT1ZvWERUTXlNRGd5TXpBeU5UZzEKT1Zvd2JqRUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdNQjBKbGFXcHBibWN4RURBT0JnTlZCQWNNQjBKbAphV3BwYm1jeER6QU5CZ05WQkFvTUJsWk5kMkZ5WlRFTU1Bb0dBMVVFQ3d3RFZFVkRNUnd3R2dZRFZRUUREQk5wCmNIWTJMbVZ1Wnk1MmJYZGhjbVV1WTI5dE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0MKQWdFQTZ4c2RVcVF5bVBUN3lvcCtQaFZVTnBnSVhNQVMwMENQWjFSZndNM1M0RE11cDJxWWRiN2JOMXphVkx6WApPbGpoQmNYNmo1S1llWnhDNitvUEU4eE14a2d0L21FZkNpREp4SU9XcWt0cVJjbjZ4U3EvUzgydTdKTTVRZURaCnJnaXYwcGl5NVBWS0I1LzU4RlEvWXFpaHR0YUVYT3V4Y3A2V1J0bVNyTVd5enJHc0kwcExBTktJeEdERW5vajAKSkNacFNHSE9oM21uczVPVi9GRFhHcjZhL3N1RmxvWGFqMnFvRnRkQzhnUkpseUJnWjc0OHVob3NZZ0VmZjdzcwpkMUJ3SzA0ZndCdlBxRDJxSHV4a2JSWk1JTkgxVysrbjUzTVlUcDBOeUFtbmx1R0NreWNwa3FEc0hJa3ZjREJVCndXL3VpV1hudy9lbVhlQWJuSENwZVQ5UGxiUjJzUmt4bUJOSkZLQ0FFc1diMFBGVzVHcURVMDdmUkRVTkE3VG4KZkRIdWxNMXMvMFhESFo4UEZDYjlhZ0xxczdFZ2NTanhZNUVLNDVsL3Z1OUo0SHVib0xGUUFxR0VzUm1mSnY0dwpuemowaTM3SDlLMXk4MnVMMldYVUp0c282aHdzTUkyeW5EcFpYaVNOK1p1SHYxZmZVb1UwK3dqR0FoS2NjdkE4CkxZMVh4RzRGcFRteWQzcFZhbjhTL0RDallMTmlHRHFzQ1B3ckRUbTRhVnFwbktWaHZWejdFTVF0Nk9jaVU2dTUKTGV3UzNwMS9lUkx3eWlzbDBrMWx0SnRtNUR0RkUvYVA2NVQ0azFCWHBOdUZuTzdWaE5ibFNRSVBpaGVxN2VtcgozcFdjb3NzZ0sxQUVkc29kcWhBWjNVSlgvMXRFM25kZzFmVkZ1VEdURWJOZkpJRUNBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRktTaVNEUXpEeUtTZWlUVUt6UTlLUlBOYm5WUE1COEdBMVVkSXdRWU1CYUFGS1NpU0RRekR5S1MKZWlUVUt6UTlLUlBOYm5WUE1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRU5CUUFEZ2dJQgpBSE9NcG9JdlBtUk55cWV5dmpnOVdvb2s5eWs1MDNkb3p2RXIxWnZjeUNjZlljaHlYNHVTR2NpelZEK2tLUUFVCkorWkZjMUpQL0w4UUNodzRXVkRBV3NGSjhPZHZvZFlKamRhaUVuREM4UitVdkU5bmxLdnJjd3BmaFJmUWEzcGsKKy9Lb0xObDVCakVIbGpaakhDZTF1YTFreEdaZ0J4VW5MNHZpVG9BZVFWVHVpbmRNcDdUU1BqSVlxOHFPZDB2agppam5PV21GSEFQS1RGRTViQ2pia0ZzYXdqcDd4MjZOUW5Vbit3ajRlenIyMDEwZCtjMFc3SXhEd3BSNFlDWnh1CnV4WTdMWHNxckIvN25tLzA1NEZ4aW84RzI0ZCs5SnBjMWhyeXRvMmVHN3VETXFrMEVUcGx6ZVV0SHVEMlh6WFMKU3N2NjgrYU1leEp4Um9aZmFJRTEyNnJFTDFoaDdLUGdDallIa01aRjJrUnorRUl0NXhvMDA3cUh0dGhkSmxEdgpoMVZrZHhQRU1ZNTU0SUtTQitsZkFQdVZleGJiTFJyUFBlOGFkSnk5cXgyMXhSaE5vTUhXVHJJbjU1VWdwSzBtCmRadWNPbjBWRHR5Y09mRkExT1NDZkJZUWZRbU5MRnpLNlNoU28wMVlmZU1vbktpL0l0WldkS0lWcUJDVU42SlYKN1BQbUQzTHFEM3ZMa0orZC83TmpFVnYydWtRQ1BGTXhCQ2NyKzBwZlhZUGJpYkZma2VyYjZ2NVN1TXVaZGZVeApGbmRGQXFhOG1EWk9iNDBDUFpoV1ZIaDFubS9MV0JkU3lWWFphSUNaM3V0RG05dy9vcDVFaEFPSVUrcFgxSDRZClpranJSTExpWW9zQVRLckdnZzdhQm5ZcjRUancrWE5zTDhxTHVUS0RLc05NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= name: imageRepository ... - name: customTDNFRepository value: certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ2VENDQTZXZ0F3SUJBZ0lVVmJ4bkZ4emtjZXM2c2dhUU1RamltaGR1bWtrd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2JqRUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdNQjBKbGFXcHBibWN4RURBT0JnTlZCQWNNQjBKbAphV3BwYm1jeER6QU5CZ05WQkFvTUJsWk5kMkZ5WlRFTU1Bb0dBMVVFQ3d3RFZFVkRNUnd3R2dZRFZRUUREQk5wCmNIWTJMbVZ1Wnk1MmJYZGhjbVV1WTI5dE1CNFhEVEl5TURneU5qQXlOVGcxT1ZvWERUTXlNRGd5TXpBeU5UZzEKT1Zvd2JqRUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdNQjBKbGFXcHBibWN4RURBT0JnTlZCQWNNQjBKbAphV3BwYm1jeER6QU5CZ05WQkFvTUJsWk5kMkZ5WlRFTU1Bb0dBMVVFQ3d3RFZFVkRNUnd3R2dZRFZRUUREQk5wCmNIWTJMbVZ1Wnk1MmJYZGhjbVV1WTI5dE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0MKQWdFQTZ4c2RVcVF5bVBUN3lvcCtQaFZVTnBnSVhNQVMwMENQWjFSZndNM1M0RE11cDJxWWRiN2JOMXphVkx6WApPbGpoQmNYNmo1S1llWnhDNitvUEU4eE14a2d0L21FZkNpREp4SU9XcWt0cVJjbjZ4U3EvUzgydTdKTTVRZURaCnJnaXYwcGl5NVBWS0I1LzU4RlEvWXFpaHR0YUVYT3V4Y3A2V1J0bVNyTVd5enJHc0kwcExBTktJeEdERW5vajAKSkNacFNHSE9oM21uczVPVi9GRFhHcjZhL3N1RmxvWGFqMnFvRnRkQzhnUkpseUJnWjc0OHVob3NZZ0VmZjdzcwpkMUJ3SzA0ZndCdlBxRDJxSHV4a2JSWk1JTkgxVysrbjUzTVlUcDBOeUFtbmx1R0NreWNwa3FEc0hJa3ZjREJVCndXL3VpV1hudy9lbVhlQWJuSENwZVQ5UGxiUjJzUmt4bUJOSkZLQ0FFc1diMFBGVzVHcURVMDdmUkRVTkE3VG4KZkRIdWxNMXMvMFhESFo4UEZDYjlhZ0xxczdFZ2NTanhZNUVLNDVsL3Z1OUo0SHVib0xGUUFxR0VzUm1mSnY0dwpuemowaTM3SDlLMXk4MnVMMldYVUp0c282aHdzTUkyeW5EcFpYaVNOK1p1SHYxZmZVb1UwK3dqR0FoS2NjdkE4CkxZMVh4RzRGcFRteWQzcFZhbjhTL0RDallMTmlHRHFzQ1B3ckRUbTRhVnFwbktWaHZWejdFTVF0Nk9jaVU2dTUKTGV3UzNwMS9lUkx3eWlzbDBrMWx0SnRtNUR0RkUvYVA2NVQ0azFCWHBOdUZuTzdWaE5ibFNRSVBpaGVxN2VtcgozcFdjb3NzZ0sxQUVkc29kcWhBWjNVSlgvMXRFM25kZzFmVkZ1VEdURWJOZkpJRUNBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRktTaVNEUXpEeUtTZWlUVUt6UTlLUlBOYm5WUE1COEdBMVVkSXdRWU1CYUFGS1NpU0RRekR5S1MKZWlUVUt6UTlLUlBOYm5WUE1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRU5CUUFEZ2dJQgpBSE9NcG9JdlBtUk55cWV5dmpnOVdvb2s5eWs1MDNkb3p2RXIxWnZjeUNjZlljaHlYNHVTR2NpelZEK2tLUUFVCkorWkZjMUpQL0w4UUNodzRXVkRBV3NGSjhPZHZvZFlKamRhaUVuREM4UitVdkU5bmxLdnJjd3BmaFJmUWEzcGsKKy9Lb0xObDVCakVIbGpaakhDZTF1YTFreEdaZ0J4VW5MNHZpVG9BZVFWVHVpbmRNcDdUU1BqSVlxOHFPZDB2agppam5PV21GSEFQS1RGRTViQ2pia0ZzYXdqcDd4MjZOUW5Vbit3ajRlenIyMDEwZCtjMFc3SXhEd3BSNFlDWnh1CnV4WTdMWHNxckIvN25tLzA1NEZ4aW84RzI0ZCs5SnBjMWhyeXRvMmVHN3VETXFrMEVUcGx6ZVV0SHVEMlh6WFMKU3N2NjgrYU1leEp4Um9aZmFJRTEyNnJFTDFoaDdLUGdDallIa01aRjJrUnorRUl0NXhvMDA3cUh0dGhkSmxEdgpoMVZrZHhQRU1ZNTU0SUtTQitsZkFQdVZleGJiTFJyUFBlOGFkSnk5cXgyMXhSaE5vTUhXVHJJbjU1VWdwSzBtCmRadWNPbjBWRHR5Y09mRkExT1NDZkJZUWZRbU5MRnpLNlNoU28wMVlmZU1vbktpL0l0WldkS0lWcUJDVU42SlYKN1BQbUQzTHFEM3ZMa0orZC83TmpFVnYydWtRQ1BGTXhCQ2NyKzBwZlhZUGJpYkZma2VyYjZ2NVN1TXVaZGZVeApGbmRGQXFhOG1EWk9iNDBDUFpoV1ZIaDFubS9MV0JkU3lWWFphSUNaM3V0RG05dy9vcDVFaEFPSVUrcFgxSDRZClpranJSTExpWW9zQVRLckdnZzdhQm5ZcjRUancrWE5zTDhxTHVUS0RLc05NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= ...Locate the airgap server CA certificate file content of
imageRepositoryandcustomTDNFRepository, update them with new CA certificate base64 encoding string.Save it with ":wq".
Note:This operation will result in all nodes of management cluster redeployment.
- Update management cluster secrets
update tkg-pkg-tkg-system-values secret if exist
Savetkgpackagevalues.yaml valueoftkg-pkg-tkg-system-valuessecret to a file# mk get secret -n tkg-system tkg-pkg-tkg-system-values -o jsonpath={.data."tkgpackagevalues\.yaml"} | base64 -d > tkgpkg.yamledit
tkgpkg.yamlwith new CA certificate in base64 format, and save it with ":wq"# vi tkgpkg.yaml akoOperatorPackage: {} clusterclassPackage: {} configvalues: ... TKG_CUSTOM_IMAGE_REPOSITORY_CA_CERTIFICATE: <new CA cert in base64 format> ... tkrSourceControllerPackage: tkrSourceControllerPackageValues: bomImagePath: a-11.dc1.vmw/registry/tkr-bom bomMetadataImagePath: a-11.dc1.vmw/registry/tkr-compatibility caCerts: <new CA cert in base64 format> ...patch secret# mk patch secret -n tkg-system tkg-pkg-tkg-system-values -p "{\"data\":{\"tkgpackagevalues.yaml\": \"`base64 tkgpkg.yaml -w 0`\"}}"Update TKR secrets
tkr-source-controller-valuesandtkr-vsphere-resolver-valueswith new CA certificate content.- Decode secret data and save to a yaml file.
# mk get secret -n tkg-system tkr-source-controller-values -o jsonpath='{.data.values\.yaml}' | base64 -d > data.yaml - Edit the decoded secret data file, replace the value of
caCertswith new encoded CA certificate content, then save the file with ":wq".# vi data.yaml namespace: tkg-system legacyNamespace: tkr-system bomImagePath: airgap-repo-server-2.ipv6.eng.vmware.com/registry/tkr-bom bomMetadataImagePath: airgap-repo-server-2.ipv6.eng.vmware.com/registry/tkr-compatibility tkrRepoImagePath: airgap-repo-server-2.ipv6.eng.vmware.com/registry/tkr-repository-vsphere-nonparavirt defaultCompatibleTKR: v1.24.10+vmware.1-tkg.2 skipVerifyRegistryCert: false initialDiscoverFrequency: 60 continuousDiscoverFrequency: 600 caCerts: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ2VENDQTZXZ0F3SUJBZ0lVVmJ4bkZ4emtjZXM2c2dhUU1RamltaGR1bWtrd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2JqRUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdNQjBKbGFXcHBibWN4RURBT0JnTlZCQWNNQjBKbAphV3BwYm1jeER6QU5CZ05WQkFvTUJsWk5kMkZ5WlRFTU1Bb0dBMVVFQ3d3RFZFVkRNUnd3R2dZRFZRUUREQk5wCmNIWTJMbVZ1Wnk1MmJYZGhjbVV1WTI5dE1CNFhEVEl5TURneU5qQXlOVGcxT1ZvWERUTXlNRGd5TXpBeU5UZzEKT1Zvd2JqRUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdNQjBKbGFXcHBibWN4RURBT0JnTlZCQWNNQjBKbAphV3BwYm1jeER6QU5CZ05WQkFvTUJsWk5kMkZ5WlRFTU1Bb0dBMVVFQ3d3RFZFVkRNUnd3R2dZRFZRUUREQk5wCmNIWTJMbVZ1Wnk1MmJYZGhjbVV1WTI5dE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0MKQWdFQTZ4c2RVcVF5bVBUN3lvcCtQaFZVTnBnSVhNQVMwMENQWjFSZndNM1M0RE11cDJxWWRiN2JOMXphVkx6WApPbGpoQmNYNmo1S1llWnhDNitvUEU4eE14a2d0L21FZkNpREp4SU9XcWt0cVJjbjZ4U3EvUzgydTdKTTVRZURaCnJnaXYwcGl5NVBWS0I1LzU4RlEvWXFpaHR0YUVYT3V4Y3A2V1J0bVNyTVd5enJHc0kwcExBTktJeEdERW5vajAKSkNacFNHSE9oM21uczVPVi9GRFhHcjZhL3N1RmxvWGFqMnFvRnRkQzhnUkpseUJnWjc0OHVob3NZZ0VmZjdzcwpkMUJ3SzA0ZndCdlBxRDJxSHV4a2JSWk1JTkgxVysrbjUzTVlUcDBOeUFtbmx1R0NreWNwa3FEc0hJa3ZjREJVCndXL3VpV1hudy9lbVhlQWJuSENwZVQ5UGxiUjJzUmt4bUJOSkZLQ0FFc1diMFBGVzVHcURVMDdmUkRVTkE3VG4KZkRIdWxNMXMvMFhESFo4UEZDYjlhZ0xxczdFZ2NTanhZNUVLNDVsL3Z1OUo0SHVib0xGUUFxR0VzUm1mSnY0dwpuemowaTM3SDlLMXk4MnVMMldYVUp0c282aHdzTUkyeW5EcFpYaVNOK1p1SHYxZmZVb1UwK3dqR0FoS2NjdkE4CkxZMVh4RzRGcFRteWQzcFZhbjhTL0RDallMTmlHRHFzQ1B3ckRUbTRhVnFwbktWaHZWejdFTVF0Nk9jaVU2dTUKTGV3UzNwMS9lUkx3eWlzbDBrMWx0SnRtNUR0RkUvYVA2NVQ0azFCWHBOdUZuTzdWaE5ibFNRSVBpaGVxN2VtcgozcFdjb3NzZ0sxQUVkc29kcWhBWjNVSlgvMXRFM25kZzFmVkZ1VEdURWJOZkpJRUNBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRktTaVNEUXpEeUtTZWlUVUt6UTlLUlBOYm5WUE1COEdBMVVkSXdRWU1CYUFGS1NpU0RRekR5S1MKZWlUVUt6UTlLUlBOYm5WUE1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRU5CUUFEZ2dJQgpBSE9NcG9JdlBtUk55cWV5dmpnOVdvb2s5eWs1MDNkb3p2RXIxWnZjeUNjZlljaHlYNHVTR2NpelZEK2tLUUFVCkorWkZjMUpQL0w4UUNodzRXVkRBV3NGSjhPZHZvZFlKamRhaUVuREM4UitVdkU5bmxLdnJjd3BmaFJmUWEzcGsKKy9Lb0xObDVCakVIbGpaakhDZTF1YTFreEdaZ0J4VW5MNHZpVG9BZVFWVHVpbmRNcDdUU1BqSVlxOHFPZDB2agppam5PV21GSEFQS1RGRTViQ2pia0ZzYXdqcDd4MjZOUW5Vbit3ajRlenIyMDEwZCtjMFc3SXhEd3BSNFlDWnh1CnV4WTdMWHNxckIvN25tLzA1NEZ4aW84RzI0ZCs5SnBjMWhyeXRvMmVHN3VETXFrMEVUcGx6ZVV0SHVEMlh6WFMKU3N2NjgrYU1leEp4Um9aZmFJRTEyNnJFTDFoaDdLUGdDallIa01aRjJrUnorRUl0NXhvMDA3cUh0dGhkSmxEdgpoMVZrZHhQRU1ZNTU0SUtTQitsZkFQdVZleGJiTFJyUFBlOGFkSnk5cXgyMXhSaE5vTUhXVHJJbjU1VWdwSzBtCmRadWNPbjBWRHR5Y09mRkExT1NDZkJZUWZRbU5MRnpLNlNoU28wMVlmZU1vbktpL0l0WldkS0lWcUJDVU42SlYKN1BQbUQzTHFEM3ZMa0orZC83TmpFVnYydWtRQ1BGTXhCQ2NyKzBwZlhZUGJpYkZma2VyYjZ2NVN1TXVaZGZVeApGbmRGQXFhOG1EWk9iNDBDUFpoV1ZIaDFubS9MV0JkU3lWWFphSUNaM3V0RG05dy9vcDVFaEFPSVUrcFgxSDRZClpranJSTExpWW9zQVRLckdnZzdhQm5ZcjRUancrWE5zTDhxTHVUS0RLc05NCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= imageRepository: airgap-repo-server-2.ipv6.eng.vmware.com/registry deployment: hostNetwork: false nodeSelector: null tolerations: [] httpProxy: null httpsProxy: null noProxy: null
- Encode new secret data file content. Copy the encoded output string.
# cat data.yaml | base64 -w 0 bmFtZXNwYWNlOiB0a2ctc3lzdGVtCmxlZ2FjeU5hbWVzcGFjZTogdGtyLXN5c3RlbQpib21JbWFnZVBhdGg6IGFpcmdhcC1yZXBvLXNlcnZlci0yLmlwdjYuZW5nLnZtd2FyZS5jb20vcmVnaXN0cnkvdGtyLWJvbQpib21NZXRhZGF0YUltYWdlUGF0aDogYWlyZ2FwLXJlcG8tc2VydmVyLTIuaXB2Ni5lbmcudm13YXJlLmNvbS9yZWdpc3RyeS90a3ItY29tcGF0aWJpbGl0eQp0a3JSZXBvSW1hZ2VQYXRoOiBhaXJnYXAtcmVwby1zZXJ2ZXItMi5pcHY2LmVuZy52bXdhcmUuY29tL3JlZ2lzdHJ5L3Rrci1yZXBvc2l0b3J5LXZzcGhlcmUtbm9ucGFyYXZpcnQKZGVmYXVsdENvbXBhdGlibGVUS1I6IHYxLjI0LjEwK3Ztd2FyZS4xLXRrZy4yCnNraXBWZXJpZnlSZWdpc3RyeUNlcnQ6IGZhbHNlCmluaXRpYWxEaXNjb3ZlckZyZXF1ZW5jeTogNjAKY29udGludW91c0Rpc2NvdmVyRnJlcXVlbmN5OiA2MDAKY2FDZXJ0czogTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVWjJWRU5EUVRaWFowRjNTVUpCWjBsVlZtSjRia1o0ZW10alpYTTJjMmRoVVUxUmFtbHRhR1IxYld0cmQwUlJXVXBMYjFwSmFIWmpUa0ZSUlU0S1FsRkJkMkpxUlV4TlFXdEhRVEZWUlVKb1RVTlJNRFI0UlVSQlQwSm5UbFpDUVdkTlFqQktiR0ZYY0hCaWJXTjRSVVJCVDBKblRsWkNRV05OUWpCS2JBcGhWM0J3WW0xamVFUjZRVTVDWjA1V1FrRnZUVUpzV2s1a01rWjVXbFJGVFUxQmIwZEJNVlZGUTNkM1JGWkZWa1JOVW5kM1IyZFpSRlpSVVVSRVFrNXdDbU5JV1RKTWJWWjFXbmsxTW1KWVpHaGpiVlYxV1RJNWRFMUNORmhFVkVsNVRVUm5lVTVxUVhsT1ZHY3hUMVp2V0VSVVRYbE5SR2Q1VFhwQmVVNVVaekVLVDFadmQySnFSVXhOUVd0SFFURlZSVUpvVFVOUk1EUjRSVVJCVDBKblRsWkNRV2ROUWpCS2JHRlhjSEJpYldONFJVUkJUMEpuVGxaQ1FXTk5RakJLYkFwaFYzQndZbTFqZUVSNlFVNUNaMDVXUWtGdlRVSnNXazVrTWtaNVdsUkZUVTFCYjBkQk1WVkZRM2QzUkZaRlZrUk5VbmQzUjJkWlJGWlJVVVJFUWs1d0NtTklXVEpNYlZaMVduazFNbUpZWkdoamJWVjFXVEk1ZEUxSlNVTkpha0ZPUW1kcmNXaHJhVWM1ZHpCQ1FWRkZSa0ZCVDBOQlp6aEJUVWxKUTBOblMwTUtRV2RGUVRaNGMyUlZjVkY1YlZCVU4zbHZjQ3RRYUZaVlRuQm5TVmhOUVZNd01FTlFXakZTWm5kTk0xTTBSRTExY0RKeFdXUmlOMkpPTVhwaFZreDZXQXBQYkdwb1FtTllObW8xUzFsbFduaEROaXR2VUVVNGVFMTRhMmQwTDIxRlprTnBSRXA0U1U5WGNXdDBjVkpqYmpaNFUzRXZVemd5ZFRkS1RUVlJaVVJhQ25KbmFYWXdjR2w1TlZCV1MwSTFMelU0UmxFdldYRnBhSFIwWVVWWVQzVjRZM0EyVjFKMGJWTnlUVmQ1ZW5KSGMwa3djRXhCVGt0SmVFZEVSVzV2YWpBS1NrTmFjRk5IU0U5b00yMXVjelZQVmk5R1JGaEhjalpoTDNOMVJteHZXR0ZxTW5GdlJuUmtRemhuVWtwc2VVSm5XamMwT0hWb2IzTlpaMFZtWmpkemN3cGtNVUozU3pBMFpuZENkbEJ4UkRKeFNIVjRhMkpTV2sxSlRrZ3hWeXNyYmpVelRWbFVjREJPZVVGdGJteDFSME5yZVdOd2EzRkVjMGhKYTNaalJFSlZDbmRYTDNWcFYxaHVkeTlsYlZobFFXSnVTRU53WlZRNVVHeGlVakp6VW10NGJVSk9Ta1pMUTBGRmMxZGlNRkJHVnpWSGNVUlZNRGRtVWtSVlRrRTNWRzRLWmtSSWRXeE5NWE12TUZoRVNGbzRVRVpEWWpsaFoweHhjemRGWjJOVGFuaFpOVVZMTkRWc0wzWjFPVW8wU0hWaWIweEdVVUZ4UjBWelVtMW1TblkwZHdwdWVtb3dhVE0zU0RsTE1YazRNblZNTWxkWVZVcDBjMjgyYUhkelRVa3llVzVFY0ZwWWFWTk9LMXAxU0hZeFptWlZiMVV3SzNkcVIwRm9TMk5qZGtFNENreFpNVmg0UnpSR2NGUnRlV1F6Y0ZaaGJqaFRMMFJEYWxsTVRtbEhSSEZ6UTFCM2NrUlViVFJoVm5Gd2JrdFdhSFpXZWpkRlRWRjBOazlqYVZVMmRUVUtUR1YzVXpOd01TOWxVa3gzZVdsemJEQnJNV3gwU25SdE5VUjBSa1V2WVZBMk5WUTBhekZDV0hCT2RVWnVUemRXYUU1aWJGTlJTVkJwYUdWeE4yVnRjZ296Y0ZkamIzTnpaMHN4UVVWa2MyOWtjV2hCV2pOVlNsZ3ZNWFJGTTI1a1p6Rm1Wa1oxVkVkVVJXSk9aa3BKUlVOQmQwVkJRV0ZPVkUxR1JYZElVVmxFQ2xaU01FOUNRbGxGUmt0VGFWTkVVWHBFZVV0VFpXbFVWVXQ2VVRsTFVsQk9ZbTVXVUUxQ09FZEJNVlZrU1hkUldVMUNZVUZHUzFOcFUwUlJla1I1UzFNS1pXbFVWVXQ2VVRsTFVsQk9ZbTVXVUUxQk9FZEJNVlZrUlhkRlFpOTNVVVpOUVUxQ1FXWTRkMFJSV1VwTGIxcEphSFpqVGtGUlJVNUNVVUZFWjJkSlFncEJTRTlOY0c5SmRsQnRVazU1Y1dWNWRtcG5PVmR2YjJzNWVXczFNRE5rYjNwMlJYSXhXblpqZVVOalpsbGphSGxZTkhWVFIyTnBlbFpFSzJ0TFVVRlZDa29yV2taak1VcFFMMHc0VVVOb2R6UlhWa1JCVjNOR1NqaFBaSFp2WkZsS2FtUmhhVVZ1UkVNNFVpdFZka1U1Ym14TGRuSmpkM0JtYUZKbVVXRXpjR3NLS3k5TGIweE9iRFZDYWtWSWJHcGFha2hEWlRGMVlURnJlRWRhWjBKNFZXNU1OSFpwVkc5QlpWRldWSFZwYm1STmNEZFVVMUJxU1ZseE9IRlBaREIyYWdwcGFtNVBWMjFHU0VGUVMxUkdSVFZpUTJwaWEwWnpZWGRxY0RkNE1qWk9VVzVWYml0M2FqUmxlbkl5TURFd1pDdGpNRmMzU1hoRWQzQlNORmxEV25oMUNuVjRXVGRNV0hOeGNrSXZOMjV0THpBMU5FWjRhVzg0UnpJMFpDczVTbkJqTVdoeWVYUnZNbVZITjNWRVRYRnJNRVZVY0d4NlpWVjBTSFZFTWxoNldGTUtVM04yTmpncllVMWxlRXA0VW05YVptRkpSVEV5Tm5KRlRERm9hRGRMVUdkRGFsbElhMDFhUmpKclVub3JSVWwwTlhodk1EQTNjVWgwZEdoa1NteEVkZ3BvTVZaclpIaFFSVTFaTlRVMFNVdFRRaXRzWmtGUWRWWmxlR0ppVEZKeVVGQmxPR0ZrU25rNWNYZ3lNWGhTYUU1dlRVaFhWSEpKYmpVMVZXZHdTekJ0Q21SYWRXTlBiakJXUkhSNVkwOW1Sa0V4VDFORFprSlpVV1pSYlU1TVJucExObE5vVTI4d01WbG1aVTF2Ymt0cEwwbDBXbGRrUzBsV2NVSkRWVTQyU2xZS04xQlFiVVF6VEhGRU0zWk1hMG9yWkM4M1RtcEZWbll5ZFd0UlExQkdUWGhDUTJOeUt6QndabGhaVUdKcFlrWm1hMlZ5WWpaMk5WTjFUWFZhWkdaVmVBcEdibVJHUVhGaE9HMUVXazlpTkRCRFVGcG9WMVpJYURGdWJTOU1WMEprVTNsV1dGcGhTVU5hTTNWMFJHMDVkeTl2Y0RWRmFFRlBTVlVyY0ZneFNEUlpDbHByYW5KU1RFeHBXVzl6UVZSTGNrZG5aemRoUW01WmNqUlVhbmNyV0U1elREaHhUSFZVUzBSTGMwNU5DaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMD0KaW1hZ2VSZXBvc2l0b3J5OiBhaXJnYXAtcmVwby1zZXJ2ZXItMi5pcHY2LmVuZy52bXdhcmUuY29tL3JlZ2lzdHJ5CmRlcGxveW1lbnQ6CiAgaG9zdE5ldHdvcms6IGZhbHNlCiAgbm9kZVNlbGVjdG9yOiBudWxsCiAgdG9sZXJhdGlvbnM6IFtdCiAgaHR0cFByb3h5OiBudWxsCiAgaHR0cHNQcm94eTogbnVsbAogIG5vUHJveHk6IG51bGwK
- Patch secret with new encoded output sting of STEP c.
# mk patch secret/tkr-source-controller-values -n tkg-system -p '{"data": {"values.yaml": "bmFtZXNwYWNlOiB0a2ctc3lzdGVtCmxlZ2FjeU5hbWVzcGFjZTogdGtyLXN5c3RlbQpib21JbWFnZVBhdGg6IGFpcmdhcC1yZXBvLXNlcnZlci0yLmlwdjYuZW5nLnZtd2FyZS5jb20vcmVnaXN0cnkvdGtyLWJvbQpib21NZXRhZGF0YUltYWdlUGF0aDogYWlyZ2FwLXJlcG8tc2VydmVyLTIuaXB2Ni5lbmcudm13YXJlLmNvbS9yZWdpc3RyeS90a3ItY29tcGF0aWJpbGl0eQp0a3JSZXBvSW1hZ2VQYXRoOiBhaXJnYXAtcmVwby1zZXJ2ZXItMi5pcHY2LmVuZy52bXdhcmUuY29tL3JlZ2lzdHJ5L3Rrci1yZXBvc2l0b3J5LXZzcGhlcmUtbm9ucGFyYXZpcnQKZGVmYXVsdENvbXBhdGlibGVUS1I6IHYxLjI0LjEwK3Ztd2FyZS4xLXRrZy4yCnNraXBWZXJpZnlSZWdpc3RyeUNlcnQ6IGZhbHNlCmluaXRpYWxEaXNjb3ZlckZyZXF1ZW5jeTogNjAKY29udGludW91c0Rpc2NvdmVyRnJlcXVlbmN5OiA2MDAKY2FDZXJ0czogTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVWjJWRU5EUVRaWFowRjNTVUpCWjBsVlZtSjRia1o0ZW10alpYTTJjMmRoVVUxUmFtbHRhR1IxYld0cmQwUlJXVXBMYjFwSmFIWmpUa0ZSUlU0S1FsRkJkMkpxUlV4TlFXdEhRVEZWUlVKb1RVTlJNRFI0UlVSQlQwSm5UbFpDUVdkTlFqQktiR0ZYY0hCaWJXTjRSVVJCVDBKblRsWkNRV05OUWpCS2JBcGhWM0J3WW0xamVFUjZRVTVDWjA1V1FrRnZUVUpzV2s1a01rWjVXbFJGVFUxQmIwZEJNVlZGUTNkM1JGWkZWa1JOVW5kM1IyZFpSRlpSVVVSRVFrNXdDbU5JV1RKTWJWWjFXbmsxTW1KWVpHaGpiVlYxV1RJNWRFMUNORmhFVkVsNVRVUm5lVTVxUVhsT1ZHY3hUMVp2V0VSVVRYbE5SR2Q1VFhwQmVVNVVaekVLVDFadmQySnFSVXhOUVd0SFFURlZSVUpvVFVOUk1EUjRSVVJCVDBKblRsWkNRV2ROUWpCS2JHRlhjSEJpYldONFJVUkJUMEpuVGxaQ1FXTk5RakJLYkFwaFYzQndZbTFqZUVSNlFVNUNaMDVXUWtGdlRVSnNXazVrTWtaNVdsUkZUVTFCYjBkQk1WVkZRM2QzUkZaRlZrUk5VbmQzUjJkWlJGWlJVVVJFUWs1d0NtTklXVEpNYlZaMVduazFNbUpZWkdoamJWVjFXVEk1ZEUxSlNVTkpha0ZPUW1kcmNXaHJhVWM1ZHpCQ1FWRkZSa0ZCVDBOQlp6aEJUVWxKUTBOblMwTUtRV2RGUVRaNGMyUlZjVkY1YlZCVU4zbHZjQ3RRYUZaVlRuQm5TVmhOUVZNd01FTlFXakZTWm5kTk0xTTBSRTExY0RKeFdXUmlOMkpPTVhwaFZreDZXQXBQYkdwb1FtTllObW8xUzFsbFduaEROaXR2VUVVNGVFMTRhMmQwTDIxRlprTnBSRXA0U1U5WGNXdDBjVkpqYmpaNFUzRXZVemd5ZFRkS1RUVlJaVVJhQ25KbmFYWXdjR2w1TlZCV1MwSTFMelU0UmxFdldYRnBhSFIwWVVWWVQzVjRZM0EyVjFKMGJWTnlUVmQ1ZW5KSGMwa3djRXhCVGt0SmVFZEVSVzV2YWpBS1NrTmFjRk5IU0U5b00yMXVjelZQVmk5R1JGaEhjalpoTDNOMVJteHZXR0ZxTW5GdlJuUmtRemhuVWtwc2VVSm5XamMwT0hWb2IzTlpaMFZtWmpkemN3cGtNVUozU3pBMFpuZENkbEJ4UkRKeFNIVjRhMkpTV2sxSlRrZ3hWeXNyYmpVelRWbFVjREJPZVVGdGJteDFSME5yZVdOd2EzRkVjMGhKYTNaalJFSlZDbmRYTDNWcFYxaHVkeTlsYlZobFFXSnVTRU53WlZRNVVHeGlVakp6VW10NGJVSk9Ta1pMUTBGRmMxZGlNRkJHVnpWSGNVUlZNRGRtVWtSVlRrRTNWRzRLWmtSSWRXeE5NWE12TUZoRVNGbzRVRVpEWWpsaFoweHhjemRGWjJOVGFuaFpOVVZMTkRWc0wzWjFPVW8wU0hWaWIweEdVVUZ4UjBWelVtMW1TblkwZHdwdWVtb3dhVE0zU0RsTE1YazRNblZNTWxkWVZVcDBjMjgyYUhkelRVa3llVzVFY0ZwWWFWTk9LMXAxU0hZeFptWlZiMVV3SzNkcVIwRm9TMk5qZGtFNENreFpNVmg0UnpSR2NGUnRlV1F6Y0ZaaGJqaFRMMFJEYWxsTVRtbEhSSEZ6UTFCM2NrUlViVFJoVm5Gd2JrdFdhSFpXZWpkRlRWRjBOazlqYVZVMmRUVUtUR1YzVXpOd01TOWxVa3gzZVdsemJEQnJNV3gwU25SdE5VUjBSa1V2WVZBMk5WUTBhekZDV0hCT2RVWnVUemRXYUU1aWJGTlJTVkJwYUdWeE4yVnRjZ296Y0ZkamIzTnpaMHN4UVVWa2MyOWtjV2hCV2pOVlNsZ3ZNWFJGTTI1a1p6Rm1Wa1oxVkVkVVJXSk9aa3BKUlVOQmQwVkJRV0ZPVkUxR1JYZElVVmxFQ2xaU01FOUNRbGxGUmt0VGFWTkVVWHBFZVV0VFpXbFVWVXQ2VVRsTFVsQk9ZbTVXVUUxQ09FZEJNVlZrU1hkUldVMUNZVUZHUzFOcFUwUlJla1I1UzFNS1pXbFVWVXQ2VVRsTFVsQk9ZbTVXVUUxQk9FZEJNVlZrUlhkRlFpOTNVVVpOUVUxQ1FXWTRkMFJSV1VwTGIxcEphSFpqVGtGUlJVNUNVVUZFWjJkSlFncEJTRTlOY0c5SmRsQnRVazU1Y1dWNWRtcG5PVmR2YjJzNWVXczFNRE5rYjNwMlJYSXhXblpqZVVOalpsbGphSGxZTkhWVFIyTnBlbFpFSzJ0TFVVRlZDa29yV2taak1VcFFMMHc0VVVOb2R6UlhWa1JCVjNOR1NqaFBaSFp2WkZsS2FtUmhhVVZ1UkVNNFVpdFZka1U1Ym14TGRuSmpkM0JtYUZKbVVXRXpjR3NLS3k5TGIweE9iRFZDYWtWSWJHcGFha2hEWlRGMVlURnJlRWRhWjBKNFZXNU1OSFpwVkc5QlpWRldWSFZwYm1STmNEZFVVMUJxU1ZseE9IRlBaREIyYWdwcGFtNVBWMjFHU0VGUVMxUkdSVFZpUTJwaWEwWnpZWGRxY0RkNE1qWk9VVzVWYml0M2FqUmxlbkl5TURFd1pDdGpNRmMzU1hoRWQzQlNORmxEV25oMUNuVjRXVGRNV0hOeGNrSXZOMjV0THpBMU5FWjRhVzg0UnpJMFpDczVTbkJqTVdoeWVYUnZNbVZITjNWRVRYRnJNRVZVY0d4NlpWVjBTSFZFTWxoNldGTUtVM04yTmpncllVMWxlRXA0VW05YVptRkpSVEV5Tm5KRlRERm9hRGRMVUdkRGFsbElhMDFhUmpKclVub3JSVWwwTlhodk1EQTNjVWgwZEdoa1NteEVkZ3BvTVZaclpIaFFSVTFaTlRVMFNVdFRRaXRzWmtGUWRWWmxlR0ppVEZKeVVGQmxPR0ZrU25rNWNYZ3lNWGhTYUU1dlRVaFhWSEpKYmpVMVZXZHdTekJ0Q21SYWRXTlBiakJXUkhSNVkwOW1Sa0V4VDFORFprSlpVV1pSYlU1TVJucExObE5vVTI4d01WbG1aVTF2Ymt0cEwwbDBXbGRrUzBsV2NVSkRWVTQyU2xZS04xQlFiVVF6VEhGRU0zWk1hMG9yWkM4M1RtcEZWbll5ZFd0UlExQkdUWGhDUTJOeUt6QndabGhaVUdKcFlrWm1hMlZ5WWpaMk5WTjFUWFZhWkdaVmVBcEdibVJHUVhGaE9HMUVXazlpTkRCRFVGcG9WMVpJYURGdWJTOU1WMEprVTNsV1dGcGhTVU5hTTNWMFJHMDVkeTl2Y0RWRmFFRlBTVlVyY0ZneFNEUlpDbHByYW5KU1RFeHBXVzl6UVZSTGNrZG5aemRoUW01WmNqUlVhbmNyV0U1elREaHhUSFZVUzBSTGMwNU5DaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMD0KaW1hZ2VSZXBvc2l0b3J5OiBhaXJnYXAtcmVwby1zZXJ2ZXItMi5pcHY2LmVuZy52bXdhcmUuY29tL3JlZ2lzdHJ5CmRlcGxveW1lbnQ6CiAgaG9zdE5ldHdvcms6IGZhbHNlCiAgbm9kZVNlbGVjdG9yOiBudWxsCiAgdG9sZXJhdGlvbnM6IFtdCiAgaHR0cFByb3h5OiBudWxsCiAgaHR0cHNQcm94eTogbnVsbAogIG5vUHJveHk6IG51bGwK"}}' secret/tkr-source-controller-values patched - Follow same steps to update secret
tkr-vsphere-resolver-values
- Decode secret data and save to a yaml file.
- Update management cluster configmaps.
- Update tkr-controller-config with new CA certificate content.
# mk edit cm tkr-controller-config -n tkg-system # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: caCerts: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- imageRepository: airgap-repo-server.example.com/registry ...Copy the new CA certificate content and overwrite the existing caCerts field.
Save it with ":wq".
Then restart tkr-source-controller-manager deployment and tkr-vsphere-resolver-webhook-manager deployment
# mk rollout restart deployment -n tkg-system tkr-source-controller-manager
# mk rollout restart deployment -n tkg-system tkr-vsphere-resolver-webhook-manager
- Update kapp-controller-config with new CA certificate content.
# mk edit cm kapp-controller-config -n tkg-system # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: caCerts: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- imageRepository: airgap-repo-server.example.com/registry ...Copy the new CA certificate content and overwrite existing caCerts field.
Save it with ":wq".
Then restart kapp-controller-manager deployment.
# mk rollout restart deployment -n tkg-system kapp-controller
- Update tkr-controller-config with new CA certificate content.
- Update tcakubenetescluster CR in TCA CP minikube.
# kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE ipv4-airgap-mgmt-admin@ipv4-airgap-mgmt ipv4-airgap-mgmt ipv4-airgap-mgmt-admin ipv4-mgmt-admin@ipv4-mgmt ipv4-mgmt ipv4-mgmt-admin * minikube minikube minikube default # kubectl config use-context minikube # if star is not on minikube in the last command # kubectl get tkc -A NAMESPACE NAME AGE ipv4-airgap-mgmt ipv4-airgap-mgmt 11d ipv4-mgmt ipv4-mgmt 13d # kubectl edit tkc -n ipv4-airgap-mgmt ipv4-airgap-mgmt ... telco.vmware.com/airgap-ca-cert: <cert-base64-content> telco.vmware.com/airgap-fqdn: airgap-repo-server.example.com ...Locate the airgap server CA certificate file content and update it with new CA certificate base64 encoding string.
Save it with ":wq".
