zwe migrate for kubernetes
zwe migrate for kubernetes
zwe > migrate > for > kubernetes
zwe migrate for kubernetes [parameter [parameter]...]
Description​
Migrate your YAML configuration on z/OS for Kubernetes.
This script will create zowe-config
ConfigMap
and zowe-certificates-secret
Secret
for Kubernetes deployment.
To manually create zowe-config
ConfigMap
, the data
section should contain
a key zowe.yaml
with string value of your zowe.yaml
used on z/OS.
To manually create zowe-certificates-secret
Secret
, you need 2 entries under
data
section:
keystore.p12
: which is base64 encoded PKCS#12 keystore,truststore.p12
: which is base64 encoded PKCS#12 truststore.
And 3 entries under stringData
section:
keystore.key
: is the PEM format of certificate private key,keystore.cer
: is the PEM format of the certificate,ca.cer
: is the PEM format of the certificate authority.
In order to make certificates working in Kubernetes, the certificate you are using should have these domains defined in certificate Subject Alt Name (SAN):
- your external domains to access Zowe APIML Gateway Service running in Kubernetes cluster,
*.[k8s-namespace].svc.[k8s-cluster-name]
*.discovery-service.[k8s-namespace].svc.[k8s-cluster-name]
*.gateway-service.[k8s-namespace].svc.[k8s-cluster-name]
*.[k8s-namespace].pod.[k8s-cluster-name]
[k8s-namespace]
is the Kubernetes Namespace you installed Zowe into. And
[k8s-cluster-name]
is the Kubernetes cluster name, which usually should be
cluster.local
.
Without the additional domains in SAN, you may see warnings/errors related to certificate validation.
If you cannot add those domains into certificate Subject Alt Name (SAN), you can change
zowe.verifyCertificates
to NONSTRICT
mode. Zowe components will not validate domain
names but will continue to validate certificate chain, validity and whether it's trusted
in Zowe truststore.
IMPORTANT: It's not recommended to disable zowe.verifyCertificates
.
NOTES: With below conditions, this migration script will re-generate a new set of certificate for you with proper domain names listed above.
- you use
zwe init
command to initialize Zowe, - use
PKCS#12
format keystore by definingzowe.setup.certificate.type: PKCS12
- did not define
zowe.setup.certificate.pkcs12.import.keystore
and letzwe
command to generate PKCS12 keystore for you - enabled
STRICT
modezowe.verifyCertificates
.
Parameters​
Full name | Alias | Type | Required | Help message |
---|---|---|---|---|
--domains | -d | string | no | Domain list of certificate Subject Alternative Name (SAN). |
--external-port | string | no | Port number to access APIML Gateway running in Kubernetes. | |
--k8s-namespace | string | no | Kubernetes namespace. | |
--k8s-cluster-name | string | no | Kubernetes cluster name. | |
--alias | -a | string | no | Certificate alias name. |
--password | -p | string | no | Password of the certificate keystore. |
Inherited from parent command​
Full name | Alias | Type | Required | Help message |
---|---|---|---|---|
--help | -h | boolean | no | Display this help. |
--debug,--verbose | -v | boolean | no | Enable verbose mode. |
--trace | -vv | boolean | no | Enable trace level debug mode. |
--silent | -s | boolean | no | Do not display messages to standard output. |
--log-dir,--log | -l | string | no | Write logs to this directory. |
--config | -c | string | no | Path to Zowe configuration zowe.yaml file. |
--configmgr | boolean | no | Enable use of configmgr capabilities. |
Errors​
Inherited from parent command​
Error code | Exit code | Error message |
---|---|---|
100 | If the user pass --help or -h parameter, the zwe command always exits with 100 code. | |
ZWEL0101E | 101 | ZWE_zowe_runtimeDirectory is not defined. |
ZWEL0102E | 102 | Invalid parameter %s. |
ZWEL0103E | 103 | Invalid type of parameter %s. |
ZWEL0104E | 104 | Invalid command %s. |
ZWEL0105E | 105 | The Zowe YAML config file is associated to Zowe runtime "%s", which is not same as where zwe command is located. |
ZWEL0106E | 106 | %s parameter is required. |
ZWEL0107E | 107 | No handler defined for command %s. |
ZWEL0108E | 108 | Zowe YAML config file is required. |
ZWEL0109E | 109 | The Zowe YAML config file specified does not exist. |
ZWEL0110E | 110 | Doesn't have write permission on %s directory. |
ZWEL0111E | 111 | Command aborts with error. |
ZWEL0112E | 112 | Zowe runtime environment must be prepared first with "zwe internal start prepare" command. |
ZWEL0114E | 114 | Reached max retries on allocating random number. |
ZWEL0120E | 120 | This command must run on a z/OS system. |
ZWEL0121E | 121 | Cannot find node. Please define NODE_HOME environment variable. |
ZWEL0122E | 122 | Cannot find java. Please define JAVA_HOME environment variable. |
ZWEL0123E | 123 | This function is only available in Zowe Containerization deployment. |
ZWEL0131E | 131 | Cannot find key %s defined in file %s. |
ZWEL0132E | 132 | No manifest file found in component %s. |
ZWEL0133E | 133 | Data set %s already exists. |
ZWEL0134E | 134 | Failed to find SMS status of data set %s. |
ZWEL0135E | 135 | Failed to find volume of data set %s. |
ZWEL0136E | 136 | Failed to APF authorize data set %s. |
ZWEL0137E | 137 | z/OSMF root certificate authority is not provided (or cannot be detected) with trusting z/OSMF option enabled. |
ZWEL0138E | 138 | Failed to update key %s of file %s. |
ZWEL0139E | 139 | Failed to create directory %s. |
ZWEL0140E | 140 | Failed to translate Zowe configuration (%s). |
ZWEL0142E | 142 | Failed to refresh APIML static registrations. |
ZWEL0172E | Component %s has %s defined but the file is missing. | |
ZWEL0200E | Failed to copy USS file %s to MVS data set %s. | |
ZWEL0201E | File %s does not exist. | |
ZWEL0202E | Unable to find samplib key for %s. | |
ZWEL0203E | Env value in key-value pair %s has not been defined. | |
ZWEL0316E | Command requires zowe.useConfigmgr=true to use. |