If the vCenter certificate is replaced, the following steps will restore full operation to TCA.
https://kb.vmware.com/s/article/90496
While updating the vCenter thumbprint as per the KB, we were getting the below error in one of the management cluster.
error: vcenterprimes.telco.vmware.com "<vcenterprime name>" could not be patched: Internal error occurred: failed calling webhook "vvcenterprime.kb.io": Post "https://tca-kubecluster-operator-webhook-service.tca-system.svc:443/validate-telco-vmware-com-v1alpha1-vcenterprime?timeout=10s": context deadline exceeded
You can run `kubectl replace -f /tmp/kubectl-edit-3081971818.yaml` to try this update again.
Cause
This was caused by the known Antrea/coreDNS issue (if your environment uses Antrea)
Resolution
- Perform a rollout restart of antrea using the below command.
kubectl rollout restart -n kube-system daemonset antrea-agent
- Delete the coredns and let it come back up
kubectl delete pod -n kube-system <coredns_podname>
- Once this is complete, Antrea/coreDNS will have the correct FQDN/IP mappings and name resolutions can complete successfully. Then we will be able to update the vCenter thumbprint.
- Follow the KB: https://kb.vmware.com/s/article/90496 to update the thumbprint again.
