1.3.4.9. 不支持为置备的集群进行自动 secret 更新
当更改您的云供应商访问密钥时,置备的集群访问密钥不会在命名空间中更新。当凭证在托管受管集群的云供应商过期并尝试删除受管集群时,需要此项。如果发生了这种情况,请为您的云供应商运行以下命令来更新访问密钥:
Amazon Web Services (AWS)
oc patch secret {CLUSTER-NAME}-aws-creds -n {CLUSTER-NAME} --type json -p='[{"op": "add", "path": "/stringData", "value":{"aws_access_key_id": "{YOUR-NEW-ACCESS-KEY-ID}","aws_secret_access_key":"{YOUR-NEW-aws_secret_access_key}"} }]'
Google Cloud Platform (GCP)
在试图销毁集群时如果出现多个重复的
Invalid JWT Signature
日志错误信息,则代表发生了这个问题。如果您的日志包含此消息,请获取新的 Google Cloud Provider 服务帐户 JSON 密钥并输入以下命令:oc set data secret/<CLUSTER-NAME>-gcp-creds -n <CLUSTER-NAME> --from-file=osServiceAccount.json=$HOME/.gcp/osServiceAccount.json
将
CLUSTER-NAME
替换为集群的名称。将文件
$HOME/.gcp/osServiceAccount.json
替换为包含新 Google Cloud Provider 服务帐户 JSON 密钥的文件的路径。Microsoft Azure
oc set data secret/{CLUSTER-NAME}-azure-creds -n {CLUSTER-NAME} --from-file=osServiceAccount.json=$HOME/.azure/osServiceAccount.json
VMware vSphere
oc patch secret {CLUSTER-NAME}-vsphere-creds -n {CLUSTER-NAME} --type json -p='[{"op": "add", "path": "/stringData", "value":{"username": "{YOUR-NEW-VMware-username}","password":"{YOUR-NEW-VMware-password}"} }]'