According to the Kubernetes documentation We are aware that the K8s certificates, which is used in the IFS middle tier, will expire in one year.
This is a concern because it may cause the environment to become inaccessible without any prior notification.
Therefore, we would like to know
• What the IFS recommended way is to check the expiry date of the K8s certificate.
• The IFS recommended method for renewing the certificate.
• Any other certificates related to the IFS middle tier that we should check?
IFS middlware server K8s certificates
+1
While I can’t give you a definitive answer on K8S, you should also monitor the main certificate expiration. You can find the expiration date from the browser on your IFS Cloud page.
Also see https://docs.ifs.com/techdocs/23r2/030_administration/120_monitoring/020_app_mon/100_app_mon_metrics/030_app_mon_metrics/140_certificate/ .
The main certificate is set in the beginning of your ifscloud-values.yaml -file , from a file on your management server. You do need to renew the file and install it using the ‘mtinstaller’ feature (which also runs as part of a normal delivery install).
Rebuilding the linux box also regenerates K8S certificates, as they are generated by the system. This needs to be done anyhow to update remote-bins with new versions, which is expected to occur at least yearly if not twice. If updates are not made, it is possible to reinstall the Kubernetes cluster by re-running the main.ps1 -script, specifically the
.\main.ps1 -resource 'KUBERNETES'
bit. See https://docs.ifs.com/techdocs/23r2/070_remote_deploy/010_installing_fresh_system/030_preparing_server/50_windows_managementserver/#install_or_reinstall_kubernetes_cluster .
Reinstalling Kubernetes requires the next steps as well, to get the config and reinstall IFS.
Note! mtinstaller should be used on installer.cmd to avoid unnecessary input on the database.
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.