Help Center/ Ubiquitous Cloud Native Service/ FAQs/ On-Premises Clusters/ How Do I Update the CA/TLS Certificate of an On-Premises Cluster?
Updated on 2024-09-11 GMT+08:00

How Do I Update the CA/TLS Certificate of an On-Premises Cluster?

Prerequisites

  • All components in the on-premises cluster are running normally.
  • Each node in the on-premises cluster is in the ready state.

Procedure

  1. Download ucs-ctl and save it to the /root/ucs directory on any management and control node in the on-premises cluster.
  2. Record the passwords of all nodes in a table and save the table to the /root/ucs/update_cert.csv directory on the node where the binary tool is located. For details about the format, see Table 1.

    Table 1 Table template

    Field

    Description

    Node IP

    Node IP address, which is mandatory.

    Node Role

    Node role, which is mandatory. The options are master and node.

    User

    User name for logging in to the node, which is mandatory.

    Password

    Password for logging in to the node, which is optional.

    Auth Type

    Node authentication type, which is optional. The options are password and key.

    Key Path

    Key path for logging in to the node, which is optional.

    Example:

    Node IP,Node Role,User,Password,Auth Type,Key Path

    192.168.0.145,master,root,xxx,password,

    192.168.0.225,master,root,xxx,password,

    192.168.0.68,master,root,xxx,password,

    192.168.0.89,node,root,xxx,password,

  3. Export environment variables.

    export CUSTOM_DOMAIN={ucs_endpoint},10.247.0.1

    ucs_endpoint indicates the server access address. You can run the following command to obtain it:

    cat /var/paas/srv/kubernetes/kubeconfig | grep server

  4. Update the certificate.

    cd /root/ucs

    ./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv

  5. Retry after a failure.

    ./ucs-ctl kcm update-cert {cluster_name} -c update_cert.csv -r

  6. Perform a rollback after a failure.

    ./ucs-ctl kcm rollback-cert {cluster_name} -c update_cert.csv