Annotations used in Sterling Intelligent Promising Operator
Set the following annotations in the SIPEnvironment custom resource to enable or disable features such as skipping IBM entitlement key check, importing new certificates, and more.
| Key | Allowed Value | Description |
|---|---|---|
apps.sip.ibm.com/skip-ibm-entitlement-key-check |
yes | Set this annotation to skip checking of IBM entitlement key. This ensure that your IBM entitlement key is valid to install the Sterling Intelligent Promising Operator. |
|
|
true | Set this annotation to true to rebuild a truststore to import the new certificates. For more information, see Conditions to rebuild a truststore. |
apps.sip.ibm.com/ireplica-management |
MANUAL | Set this annotation if you want the replicas to be monitored manually and not by the Operator. |
apps.sip.ibm.com/validate-external-services-connections |
true | Set this annotation for a job to trigger and check the middleware connection. |
apps.sip.ibm.com/restart |
true | Set this annotation to restart a failed job. |
apps.sip.ibm.com/skip-external-services-connection-validation |
cassandra, kafka, elasticsearch, log-kafka | Set this annotation to skip checking an external connection. You can set multiple middleware instances separated by commas as shown in the allowed values. |
Conditions to rebuild a truststore
A trust store rebuild is required only under the following conditions:
- Certificate expiry: One or more certificates in the truststore are expired and needs an update.
- Certificate rotation: Middleware services such as Kafka, Cassandra, Elasticsearch, rotate the certificates as part of a security policy.
- Addition of new services: New middleware services are introduced that require trusted certificates to be included.
- Change in trust policies: An organization updates its security policies, requiring new root or intermediate certificates.