Improve docs page for updating vSphere creds (#9365)

aws · Mar 3, 2025 · d6c4914 · d6c4914
1 parent 383908d
commit d6c4914
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 18 deletions.
diff --git a/...content/en/docs/clustermgmt/cluster-upgrades/vsphere-and-cloudstack-upgrades.md b/...content/en/docs/clustermgmt/cluster-upgrades/vsphere-and-cloudstack-upgrades.md
@@ -395,8 +395,7 @@ The completed tasks are stored in the `generated` folder as a file named `<clust
 This feature is experimental. To enable this feature, export the following environment variable:<br/>
 `export CHECKPOINT_ENABLED=true`
 
-### Update vSphere credential
-{{% content "vsphere-credential-update.md" %}}
+
 
 ### Troubleshooting
 
@@ -408,4 +407,8 @@ Attempting to upgrade a cluster with more than 1 minor release will result in re
 Error: failed to upgrade cluster: validations failed
 ```
 
-For more errors you can see the [troubleshooting section]({{< relref "../../troubleshooting" >}}).
+For troubleshooting other common upgrade issues, see the [Troubleshooting]({{< relref "../../troubleshooting" >}}) documentation.
+
+### Update vSphere credentials
+
+To update the vSphere credentials used by EKS Anywhere, see the [Update vSphere credentials]({{< relref "./vsphere-credential-update" >}}) page.
diff --git a/docs/content/en/docs/clustermgmt/cluster-upgrades/vsphere-credential-update.md b/docs/content/en/docs/clustermgmt/cluster-upgrades/vsphere-credential-update.md
@@ -1,25 +1,55 @@
 ---
-toc_hide: true
+title: "Update vSphere credentials"
+linkTitle: "Update vSphere credentials"
+weight: 22
+date: 2017-01-05
+description: >
+  How to update vSphere credentials used by EKS Anywhere
 ---
 
-Currently EKS Anywhere does not support updating vSphere credential when upgrading cluster with `eksctl anywhere upgrade` command. There are two ways to perform a vsphere credentials update:
+EKS Anywhere does not currently support updating the vSphere credentials used by EKS Anywhere when upgrading clusters with the `eksctl anywhere upgrade` command. 
+
+It is recommended to use the script maintained with EKS Anywhere to update your vSphere credentials, which automates the steps covered in the [Update vSphere credentials manually]({{< relref "./vsphere-credential-update/#update-vsphere-credentials-manually" >}}) section.
+
+### Update vSphere credentials with script
+
+You can update all vSphere credentials in related Secret objects used by EKS Anywhere with the [vSphere credential update script](https://github.com/aws/eks-anywhere/blob/main/scripts/update_vsphere_credential.sh) in EKS Anywhere GitHub repository. The following steps should be run from your admin machine or the local machine where you host the kubeconfig file for your EKS Anywhere management or standalone cluster.
+
+1. Set environment variables on your local machine 
+
+- Set the `KUBECONFIG` environment variable on your local machine to the kubeconfig file for your EKS Anywhere management or standalone cluster. For example `mgmt/mgmt-eks-a-cluster.kubeconfig`.
+- Set the `EKSA_VSPHERE_USERNAME` and `EKSA_VSPHERE_PASSWORD` environment variables on your local machine with the new vSphere credentials.
+
+```bash
+export KUBECONFIG='<your-kubeconfig-file>'
+export EKSA_VSPHERE_USERNAME='<your-vsphere-username>'
+export EKSA_VSPHERE_PASSWORD='<your-vsphere-password>'
+```
+
+2. Download the script to your local machine
+
+```bash
+curl -OL https://raw.githubusercontent.com/aws/eks-anywhere/refs/heads/main/scripts/update_vsphere_credential.sh
+```
+
+3. Run the script from your local machine
+
+- Replace `CLUSTER_NAME` with the name of your EKS Anywhere cluster and `VSPHERE_SERVER_NAME` with the name of the vSphere server.
+
+```bash
+./update_vsphere_credential.sh CLUSTER_NAME VSPHERE_SERVER_NAME
+```
+
+>**_NOTE:_** If you are using the vSphere CSI in your cluster, you must manually update the vSphere password in the `{CLUSTER_NAME}-csi-vsphere-config` Secret under the `eksa-system` namespace. If the annotation `kubectl.kubernetes.io/last-applied-configuration` exists on the secret object, update password in the `kubectl.kubernetes.io/last-applied-configuration` field.
+
+### Update vSphere credentials manually
+
+Follow the steps below to manually update the vSphere credentials used by EKS Anywhere.
 
-1. Manually update all vSphere credentials in related Secret objects, follow the steps below:
 - Update `EKSA_VSPHERE_PASSWORD` environment variable to the new password and get the base64 encoded string of the password using `echo -n "<YOUR_PASSWORD>" | base64`
 - Update the following secrets in your vSphere cluster using `kubectl edit` command:
     - `{CLUSTER_NAME}-vsphere-credentials` under `eksa-system` namespace - Update `password` field under data.
     - `{CLUSTER_NAME}-cloud-provider-vsphere-credentials` under `eksa-system` namespace - Decode the string under data, in the decoded string (which is the template for Secret object `cloud-provider-vsphere-credential` under `kube-system` namespace), update the `{CLUSTER_NAME}.password` with the base64 encoding of new password, then encode the string and update data field with the encoded string.
     - `vsphere-credentials` under `eksa-system` namespace - Update `password`, `passwordCP`, `passwordCSI` field under data.
     - If annotation `kubectl.kubernetes.io/last-applied-configuration` exists on any of the above Secret object, update password in `kubectl.kubernetes.io/last-applied-configuration` field.
-    -  `{CLUSTER_NAME}-csi-vsphere-config` under `eksa-system` namespace - If annotation `kubectl.kubernetes.io/last-applied-configuration` exists on the secret object, update password in `kubectl.kubernetes.io/last-applied-configuration` field.
-
-2. Only update Secret `vsphere-credentials` under `eksa-system` namespace then trigger a full EKS-A CAPI cluster upgrade by modifying the cluster spec:
-- Update `EKSA_VSPHERE_PASSWORD` environment variable to the new password and get the base64 encoded string of the password using `echo -n "<YOUR_PASSWORD>" | base64`
-- Update secret `vsphere-credentials` under `eksa-system` namespace - Update `password`, `passwordCP`, `passwordCSI` field under data and in `kubectl.kubernetes.io/last-applied-configuration` if annotation exists.
-- Modify any field in the cluster config file and then run `eksctl anywhere upgrade cluster -f <cluster-config-file>` to trigger a full cluster upgrade. This will automatically apply the new credentials to all related secrets.
-
-3. Update all vSphere credentials in related Secret objects using [vSphere credential update script](https://github.com/aws/eks-anywhere/blob/main/scripts/update_vsphere_credential.sh) in EKS Anywhere github repository, follow the steps below:
-- Set `KUBECONFIG` environment variable to the kubeconfig file generated by EKS Anywhere.
-- Update `EKSA_VSPHERE_USERNAME` and `EKSA_VSPHERE_PASSWORD` as environment variables with the new credentials.
-- Save the script and run it by passing EKS Anywhere cluster name and the vSphere server name, `./update_vsphere_credential.sh CLUSTER_NAME VSPHERE_SERVER_NAME`.
-- >**_NOTE:_** The script does not update `{CLUSTER_NAME}-csi-vsphere-config`, if vSphere CSI is configured for your cluster, you must manually update password in `{CLUSTER_NAME}-csi-vsphere-config` under `eksa-system` namespace.
+    -  `{CLUSTER_NAME}-csi-vsphere-config` under `eksa-system` namespace - If annotation `kubectl.kubernetes.io/last-applied-configuration` exists on the secret object, update password in `kubectl.kubernetes.io/last-applied-configuration` field.