Skip to Main Content
Cloud Management and AIOps
Hide about this portal


This is an IBM Automation portal for Cloud Management, Technology Cost Management, Network Automation and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace IBM Turbonomic ARM
Created by Guest
Created on Jul 26, 2022

Update kubernetes certificate when an instance is upgraded (OVA only issue)

See this idea on ideas.ibm.com

I recently had an issue with a large financial customer where I made a license change and it caused the instance to show that none of the targets were validated any longer. After some troubleshooting, I found a certificate had expired. We worked with support to get it renewed and the instance came back up with all targets validated. When I asked how we could keep the certificate from expiring and taking down a production instance, the only answer was to figure out when it expires and mark it on your calendar to renew it before that date, as there is a script to run that renews it. In discussion with support, they agreed that this is not ideal and that it should be part of the upgrade process. When an instance is upgraded this script should run. Most everyone upgrades at least every year, so this should prevent what happened to me from happening with other customers. Cisco TAC SR 693934805
Idea priority Medium
  • Guest
    Reply
    |
    Jul 18, 2023

    This idea should definitely be implemented. My internal Kubernetes certs had expired, but I did not know it until I tried to do some RightSizing on a weekend. I had a limited change window, and support was unable to get Turbo working in time for me to do the RightSizing. I had put a lot of time and effort into negotiating the RightSizing and timing with the application team, and even though I worked for 7 hours on a Saturday, I wasn't able to accomplish anything. I can't try again until September due to the app team's schedule; so this issue really messed things up for me.

  • Guest
    Reply
    |
    Sep 21, 2022

    We had a meeting today with Billy and Jet to discuss incorporating the certificate renewal script into the online/offline upgrades. Billy has mentioned that the OVA upgrades are intended for upgrading Turbo components only and we should not add the certificate renewal to the Turbo upgrade script.

    However, Jet has mentioned that he has encountered some issues with the kubeNodeCertUpdate.sh, where he has to reach out to Support because the cert update script did not move the files to the right location. As a next step, Jet is going to share the details of the cert update script issue and include info on the steps that Support used to solve the problems. Once we are clear on the issues, the kubeNodeCertUpdate.sh can be enhanced address those problems.

  • Guest
    Reply
    |
    Sep 2, 2022

    Hi Mitchell:
    The k8s certificate renewal script is here: https://github.com/turbonomic/t8c-install/blob/master/bin/kubeNodeCertUpdate.sh

    In my opinion the script above should be included as part of doing online or offline upgrades using the scripts below:

    Online: https://github.com/turbonomic/t8c-install/blob/master/bin/onlineUpgrade.sh

    Offline: https://github.com/turbonomic/t8c-install/blob/master/bin/offlineUpdate.sh

    A further nice to have would be for the MariaDB upgrade to be included in the upgrade scripts above as well to have the MariaDB upgraded in the OVA when it is needed which that script is here:
    https://github.com/turbonomic/t8c-install/blob/master/bin/mariadbUpgrade.sh

    Thanks,

  • Guest
    Reply
    |
    Sep 2, 2022

    Russ and Jason - Can you attach a copy of the script please?

  • Guest
    Reply
    |
    Aug 25, 2022

    Hi Mitchell, this is only for the OVA when doing upgrades since it is a Turbo created single node cluster in the OVA. Deployments into k8s have their own certificates in the cluster that Turbo won't need to manage during upgrades as we don't deploy them in that case.

  • Guest
    Reply
    |
    Aug 25, 2022

    Thanks Jason for clarifying. Yes, I think it makes sense to proactively check for certificate expiry. You mentioned about the OVA in the comments, do we also to have the same check for K8S deployments as well? Wanted to see if this is a generic issue or only for OVA deployments.

  • Guest
    Reply
    |
    Aug 15, 2022

    Hi Mitchell, yes there was a misunderstanding between what I wrote and you interpreted as. It is as the guest replied below.

  • Guest
    Reply
    |
    Aug 9, 2022

    Hi Mitchell, this is only related to the kubernetes certificate expiring every year and there is no warning before it expires. Currently the only check for this is the upgrade-precheck script. This Idea is to have the k8s certificate renewal process in the OVA done as part of upgrades to prevent this from happening going forward and causing the instance to be down without warning

  • Guest
    Reply
    |
    Aug 8, 2022

    We have a health check feature where the UI alerts the user when the targets are not validating. It is also available via Turbo API so that user can check the target validation status in an automated fashion. Any reason why the customer is not using this feature?