Currently EKS Anywhere does not support updating vSphere credential when upgrading cluster with eksctl anywhere upgrade
command. There are two ways to perform a vsphere credentials update:
- Manually update all vSphere credentials in related Secret objects, follow the steps below:
- Update
EKSA_VSPHERE_PASSWORD
environment variable to the new password and get the base64 encoded string of the password usingecho -n "<YOUR_PASSWORD>" | base64
- Update the following secrets in your vSphere cluster using
kubectl edit
command:{CLUSTER_NAME}-vsphere-credentials
undereksa-system
namespace - Updatepassword
field under data.{CLUSTER_NAME}-cloud-provider-vsphere-credentials
undereksa-system
namespace - Decode the string under data, in the decoded string (which is the template for Secret objectcloud-provider-vsphere-credential
underkube-system
namespace), update the{CLUSTER_NAME}.password
with the base64 encoding of new password, then encode the string and update data field with the encoded string.vsphere-credentials
undereksa-system
namespace - Updatepassword
,passwordCP
,passwordCSI
field under data.- If annotation
kubectl.kubernetes.io/last-applied-configuration
exists on any of the above Secret object, update password inkubectl.kubernetes.io/last-applied-configuration
field. {CLUSTER_NAME}-csi-vsphere-config
undereksa-system
namespace - If annotationkubectl.kubernetes.io/last-applied-configuration
exists on the secret object, update password inkubectl.kubernetes.io/last-applied-configuration
field.
- Only update Secret
vsphere-credentials
undereksa-system
namespace then trigger a full EKS-A CAPI cluster upgrade by modifying the cluster spec:
- Update
EKSA_VSPHERE_PASSWORD
environment variable to the new password and get the base64 encoded string of the password usingecho -n "<YOUR_PASSWORD>" | base64
- Update secret
vsphere-credentials
undereksa-system
namespace - Updatepassword
,passwordCP
,passwordCSI
field under data and inkubectl.kubernetes.io/last-applied-configuration
if annotation exists. - Modify any field in the cluster config file and then run
eksctl anywhere upgrade cluster -f <cluster-config-file>
to trigger a full cluster upgrade. This will automatically apply the new credentials to all related secrets.