How to update the Kube Config for the Kubernetes MP RunAs Account by using PowerShell

Currently the config UI for the MP does not support updating the kube config file directly, however you can do this by using PowerShell. This article shows how to update the kube config file for the RunAs account for the Kubernetes MP.

In some cases you will need to update the kube config file used in the Kubernetes Management Pack, the steps below outline how we can achieve this by using PowerShell. At the end of this article you can find a full example script.

Steps Covered

  1. Retrieve the SCOM RunAs Account:

    • The script fetches the SCOM RunAs account, for example "Kubernetes Cluster [MicroK8S]". Make sure you replace the square braces ( [ and ]) in the name with an asterisk ( * ) otherwise it will not find the RunAs account. 
      The screenshot below shows the RunAs account in the SCOM Console
  2. Read the Kube Config File:

    • The script reads the kube config file from the specified path. It ensures that the file exists and is read correctly, handling any errors if the file is not found or is empty.
  3. Convert Kube Config Content to SecureString:

    • The content of the kube config file is converted into a SecureString format to ensure secure handling of sensitive information.
  4. Update the SCOM RunAs Account:

    • The script updates the SCOM RunAs account with the new kube config data. It includes error handling to manage any issues that might arise during the update process.


#Script for updating the kube config file used in the Kubernetes Management Pack

# Step 1: Retrieve the RunAs account
$RunAsAccountName = "Kubernetes Cluster *MicroK8S*"
$RunAsAccount = Get-SCOMRunAsAccount -Name $RunAsAccountName

# Check if the RunAs account is retrieved successfully
if ($null -eq $RunAsAccount) {
    Write-Host "RunAs account not found: $RunAsAccountName" -ForegroundColor Red
    exit
}

Write-Host "RunAs account found: $RunAsAccountName"

# Step 2: Read the kube config file
$KubeConfigFilePath = "C:\pathToKubeConfigFile\config"
if (-Not (Test-Path -Path $KubeConfigFilePath)) {
    Write-Host "Kube config file not found: $KubeConfigFilePath" -ForegroundColor Red
    exit
}

$KubeConfigFile = Get-Content -Path $KubeConfigFilePath -Raw

# Check if the kube config file is read successfully
if ($null -eq $KubeConfigFile -or $KubeConfigFile.Length -eq 0) {
    Write-Host "Failed to read kube config file or the file is empty: $KubeConfigFilePath" -ForegroundColor Red
    exit
}

Write-Host "Kube config file read successfully"

# Step 3: Convert kube config file content to SecureString
$SecureString = ConvertTo-SecureString -String $KubeConfigFile -AsPlainText -Force

# Step 4: Update the RunAs account with the new kube config
$RunAsAccount.Data = $SecureString
try {
    $RunAsAccount.Update()
    Write-Host "RunAs account updated successfully"
} catch {
    Write-Host "Failed to update RunAs account: $_" -ForegroundColor Red
}

 

You can also use the script below (which does the same as the script above) if you do not want any error checking:

$RunAsAccount = Get-SCOMRunAsAccount -Name "Kubernetes Cluster *MicroK8S*"
$KubeConfigFile = Get-Content -path "C:\pathToKubeConfigFile\config" -raw
$SecureString = ConvertTo-SecureString -String $KubeConfigFile -AsPlainText -Force
$runasAccount.Data = $SecureString
$runasAccount.Update()