How Do I Update a CA/TLS Certificate in an On-Premises Cluster?
Prerequisites
- All components in the on-premises cluster are running properly.
- Each node in the on-premises cluster is in the ready state.
Procedure
- Download ucs-ctl and save it to the /root/ucs directory on any management and control node in the on-premises cluster.
- Record the passwords of all nodes in a table and save the table to the /root/ucs/update_cert.csv directory on the node where the binary tool is located. For details about the format, see Table 1.
Table 1 Table template Field
Description
Node IP
Node IP address, which is mandatory.
Node Role
Node role, which is mandatory. The options are master and node.
User
User name for logging in to the node, which is mandatory.
Password
Password for logging in to the node, which is optional.
Auth Type
Node authentication type, which is optional. The options are password and key.
Key Path
Key path for logging in to the node, which is optional.
An example is as follows:
Node IP,Node Role,User,Password,Auth Type,Key Path
192.168.0.145,master,root,xxx,password,
192.168.0.225,master,root,xxx,password,
192.168.0.68,master,root,xxx,password,
192.168.0.89,node,root,xxx,password,
- Export environment variables.
export CUSTOM_DOMAIN={ucs_endpoint},10.247.0.1
ucs_endpoint indicates the server access address. You can run the following command to obtain it:
cat /var/paas/srv/kubernetes/kubeconfig | grep server
- Update the certificate.
cd /root/ucs
./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv
- Retry after a failure.
./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv -r
- Perform a rollback after a failure.
./ucs-ctl kcm rollback-cert {cluster_name} -c update_cert.csv
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
