V2S CORPORATION

Tag Archives: kubernetes

One of the recurring tasks that we must do as administrators of VMware TKGI systems is to verify when the SSL certificates used by TKGI will expired. We certainly don\’t want to find out that a certificate has expired when our client informs us that their applications are not working!

It is advisable to do this verification at least at the beginning of the year and put reminders in our calendars to be able to rotate the SSL certificates before they expire.

Pivotal (acquired by VMware) has a good documentation on how to obtain all certificates with their expiration dates:

https://community.pivotal.io/s/article/How-to-get-expiry-date-of-all-CA-s-certificates-in-PKS-deployment-and-clusters?language=en_US 

But we love to automate everything and avoid any human error during these types of tasks. Also not having to repeat tasks that can be instrumented and automated using different tools available.

For this we have created a script that integrates the instructions described by Pivotal but also automates them and generates a report of the certificates.

Let\’s see how it works!  First, let\’s see the prerequisites that we must meet so that our Docker container works without problems: 

1.The first thing we have to do is clone this repository:

 https://github.com/albertollamaso/vmware_pks_cert_exp_automate

2. We need to put the values of our BOSH server in the env.sh file (see example below)

  • BOSH_CLIENT=ops_manager
  • BOSH_CLIENT_SECRET=ipScR7YcCdtHnc60KfHtjnwHqHh2inHl
  • BOSH_CA_CERT=root_ca_certificate
  • BOSH_ENVIRONMENT=10.1.12.15

3. Add the content of the BOSH CA Certficate to the file: root_ca_certificate

4. Inside the Dockefile file we have these two variables that can be configured to our liking:

CRITICAL_DAYS = 7 (If certificate is going to expire before this number of days and it is considered as critical)

WARNING_DAYS = 30 (If certificate is going to expire before this number of days and it is considered as a warning)

That\’s it, once we have all this information and we replace it with our BOSH environment (PKS / TKGI) we can create our Docker image and run it with the following commands as an example:

docker build -t pkscerts .

docker run -it pkscerts

Let\’s see it in action in https://asciinema.org/a/oMRQvb3NOyjEk4Nobrkfes3FP 

I love automated tasks, and I strongly believe that companies that incorporate automated practices get more done, plain, simple, avoid human errors and misconfigured systems. I hope this post and the developed scripts here can be used in your VMware PKS and TKGI environments. It also serves as a source of inspiration to begin to automate some other tasks that are always repetitive during the TKGI administration process.

Written by Alberto Llamas

\"\"

COMPARTE ESTE POST

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on print
Share on email
\"\"

Fundada en 2006, V2S Corporation es una multinacional de Servicios de Infraestructura y Aplicaciones para todos los sectores e industrias.
Somos expertos en soluciones innovadoras de Virtualización como respuesta a los retos actuales de Transformación Digital.
Nuestras soluciones personalizadas y el conocimiento de los distintos sectores son nuestros principales diferenciadores. Llevamos años auditando, diseñando, implementando y gestionando las soluciones de virtualización más avanzadas. Nuestros servicios se enmarcan dentro del profesionalismo, la precisión, la innovación y la calidad.
V2S Corporation opera globalmente desarrollando proyectos en distintos países. Tenemos oficinas y personal en Europa, África y América Latina. Aunque nuestras operaciones están muy extendidas, nuestro enfoque es operar como una empresa multinacional global centrada en la calidad del servicio. La misma metodología y enfoque están presentes allí donde ofrecemos nuestros servicios adaptándonos al mismo tiempo, a los retos locales.


Saber más

Habla con nuestros expertos

1/1