helm list
Common tasks
The sections provides information about common tasks that users and administrators may need to perform to manage SD Elements.
Helm
-
List all deployed charts:
Kubernetes
-
List all SD Elements Pods:
$ kubectl get pods sde-1578433057-broker-b698dfcfb-55rnk 1/1 Running 1 6d sde-1578433057-cache-84fd48b88-4qsgl 1/1 Running 1 6d sde-1578433057-database-5c5fdf76d-jqzm6 1/1 Running 1 6d sde-1578433057-mail-6977f6dfd-ln55j 1/1 Running 1 6d sde-1578433057-web-6c4d548c7d-bzjw9 1/1 Running 1 6d sde-1578433057-worker-10-7ddc88d5c-qlwdf 1/1 Running 5 6d sde-1578433057-worker-15-sde-medium-c9bff4dbd-spkmc 1/1 Running 1 6d sde-1578433057-worker-17-6754875844-gfkwk 1/1 Running 3 6d sde-1578433057-worker-18-sde-low-6dfcf68c4d-98t54 1/1 Running 1 6d
-
Retreive pod logs:
# Syntax kubectl logs pod/<POD_NAME> # Example kubectl logs pod/sde-1578433057-broker-b698dfcfb-55rnk
-
Retrieve superuser login username:
kubectl describe pods | grep 'SDE_SUPERUSER:' | sort -u
-
Retrieve superuser login password:
# Syntax kubectl get secrets "<HELM_RELEASE_NAME>-sde-secrets" --output jsonpath='{.data.SDE_SUPERUSER_PASSWORD}' | base64 -d # Example kubectl get secrets "prod-sde-secrets" --output jsonpath='{.data.SDE_SUPERUSER_PASSWORD}' | base64 -d
Change a container SSL certificate to a trusted certificate
These instructions apply to the certificate that web browsers use to validate a web connection.
-
Server certificate and key can be configured in one of two ways. Either added directly as a blob or specified via file path:
-
For blob configuration, add the following lines to your
values.custom.yaml
file.web: tlsCertificate: |- -----BEGIN CERTIFICATE----- MIIDrTCCApWgAwIBAgIUNX3roNLr4fQUU8WHb6PZ7T0nZ4QwDQYJKoZIhvcNAQEL Q/h3yKGvAgMBAAECggEAS ... <truncated> ... x63/q64+Krh5DnBp4A1hGW oSBpwdj8tcY/x3awRg08fWemTK/URa0RmLNutZLBz9wa -----END CERTIFICATE----- tlsKey: |- -----BEGIN PRIVATE KEY----- MIIDrTCCApWgAwIBAgIUNX3roNLr4fQUU8WHb6PZ7T0nZ4QwDQYJKoZIhvcNAQEL Q/h3yKGvAgMBAAECggEAS ... <truncated> ... 63/q64+KrhE5DnBp4A1hGW oSBpwdj8tcY/x3awRg08fWemTK/URa0RmLNutZLB=== -----END PRIVATE KEY----- tlsCiphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" tlsProtocols: "TLSv1 TLSv1.1 TLSv1.2
-
For file path configuration, add the following lines to your
values.custom.yaml
file.web: tlsCertificatePath: <path_to_file/certificate.pem> tlsKeyPath: <path_to_file/key.pem> tlsCiphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" tlsProtocols: "TLSv1 TLSv1.1 TLSv1.2
-
-
Upgrade
helm
as described here.
Third-party integration TLS/SSL certificates
SD Elements containers have a list of trusted Certificate Authorities built into their operating systems. Since these containers do not run as root, the list cannot be updated. If the certificate used by your integration server isn’t backed by a root Certificate Authority already in the certificate store, select the option to not validate TLS in your integration connection (LDAP synchronization or global issue tracker).