Using a ManagementSecretRotation CR to update the management CA
About this task
ManagementSecretRotation CR (Custom Resource) is an alternative
method for renewing the
management_CR-ca and its dependencies,
and then restarting the dependent pods. This option applies only to the
ManagementSecretRotationCR can only be used with a stand-alone deployment using a single data center. Do not attempt to use it with a two data center configuration or a Cloud Pak for Integration deployment.
ManagementSecretRotationCR (for example, operationcr.yaml) with contents similar to the following example:
apiVersion: management.apiconnect.ibm.com/v1beta1 kind: ManagementSecretRotation metadata: name: rotate-issuer spec: managementCluster: management_CR_name rotateCertificates: certificates: - management_CR-ca
management_CR_nameis the name of the management CR that the system was deployed with.
Apply the CR by running the following command:
kubectl create -f operationcr.yaml -n namespace
namespaceis the namespace where you installed the Management subsystem
- operationcr.yaml is the file the contains the CR
Applying the CR updates the
management_CR-ca, along with any certificates that are signed by it. To view a list of the updated certificates, run the following command and check the
statusblock of the CR:
kubectl get managementsecretrotation rotate-issuer -n namespace
In the command, replace
namespacewith the namespace where you installed the Management subsystem.