Common tasks

The sections provides information about common tasks that users and administrators may need to perform to manage SD Elements.

Helm

  • List all deployed charts:

    helm list

Kubernetes

  • List all SD Elements Pods:

    $ kubectl get pods
    sde-1578433057-broker-b698dfcfb-55rnk                 1/1     Running       1          6d
    sde-1578433057-cache-84fd48b88-4qsgl                  1/1     Running       1          6d
    sde-1578433057-database-5c5fdf76d-jqzm6               1/1     Running       1          6d
    sde-1578433057-mail-6977f6dfd-ln55j                   1/1     Running       1          6d
    sde-1578433057-web-6c4d548c7d-bzjw9                   1/1     Running       1          6d
    sde-1578433057-worker-10-7ddc88d5c-qlwdf              1/1     Running       5          6d
    sde-1578433057-worker-15-sde-medium-c9bff4dbd-spkmc   1/1     Running       1          6d
    sde-1578433057-worker-17-6754875844-gfkwk             1/1     Running       3          6d
    sde-1578433057-worker-18-sde-low-6dfcf68c4d-98t54     1/1     Running       1          6d
  • Retreive pod logs:

    # Syntax
    kubectl logs pod/<POD_NAME>
    # Example
    kubectl logs pod/sde-1578433057-broker-b698dfcfb-55rnk
  • Retrieve superuser login username:

    kubectl describe pods | grep 'SDE_SUPERUSER:' | sort -u
  • Retrieve superuser login password:

    # Syntax
    kubectl get secrets "<HELM_RELEASE_NAME>-sde-secrets" --output jsonpath='{.data.SDE_SUPERUSER_PASSWORD}' | base64 -d
    # Example
    kubectl get secrets "prod-sde-secrets" --output jsonpath='{.data.SDE_SUPERUSER_PASSWORD}' | base64 -d

Change a container SSL certificate to a trusted certificate

These instructions apply to the certificate that web browsers use to validate a web connection.

Steps:
  • Server certificate and key can be configured in one of two ways. Either added directly as a blob or specified via file path:

    1. For blob configuration, add the following lines to your values.custom.yaml file.

      web:
        tlsCertificate: |-
          -----BEGIN CERTIFICATE-----
          MIIDrTCCApWgAwIBAgIUNX3roNLr4fQUU8WHb6PZ7T0nZ4QwDQYJKoZIhvcNAQEL
          Q/h3yKGvAgMBAAECggEAS ... <truncated> ... x63/q64+Krh5DnBp4A1hGW
          oSBpwdj8tcY/x3awRg08fWemTK/URa0RmLNutZLBz9wa
          -----END CERTIFICATE-----
        tlsKey: |-
          -----BEGIN PRIVATE KEY-----
          MIIDrTCCApWgAwIBAgIUNX3roNLr4fQUU8WHb6PZ7T0nZ4QwDQYJKoZIhvcNAQEL
          Q/h3yKGvAgMBAAECggEAS ... <truncated> ... 63/q64+KrhE5DnBp4A1hGW
          oSBpwdj8tcY/x3awRg08fWemTK/URa0RmLNutZLB===
          -----END PRIVATE KEY-----
        tlsCiphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
        tlsProtocols: "TLSv1 TLSv1.1 TLSv1.2
    2. For file path configuration, add the following lines to your values.custom.yaml file.

      web:
        tlsCertificatePath: <path_to_file/certificate.pem>
        tlsKeyPath: <path_to_file/key.pem>
        tlsCiphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
        tlsProtocols: "TLSv1 TLSv1.1 TLSv1.2
  • Upgrade helm as described here.

Third-party integration TLS/SSL certificates

SD Elements containers have a list of trusted Certificate Authorities built into their operating systems. Since these containers do not run as root, the list cannot be updated. If the certificate used by your integration server isn’t backed by a root Certificate Authority already in the certificate store, select the option to not validate TLS in your integration connection (LDAP synchronization or global issue tracker).

results matching ""

    No results matching ""