Skip to main content
Version: v2.11.x LTS

zwe migrate for kubernetes

zwe migrate for kubernetes

zwe > migrate > for > kubernetes

zwe migrate for kubernetes [parameter [parameter]...]

Description

Migrate your YAML configuration on z/OS for Kubernetes.

This script will create zowe-config ConfigMap and zowe-certificates-secret Secret for Kubernetes deployment.

To manually create zowe-config ConfigMap, the data section should contain a key zowe.yaml with string value of your zowe.yaml used on z/OS.

To manually create zowe-certificates-secret Secret, you need 2 entries under data section:

  • keystore.p12: which is base64 encoded PKCS#12 keystore,
  • truststore.p12: which is base64 encoded PKCS#12 truststore.

And 3 entries under stringData section:

  • keystore.key: is the PEM format of certificate private key,
  • keystore.cer: is the PEM format of the certificate,
  • ca.cer: is the PEM format of the certificate authority.

In order to make certificates working in Kubernetes, the certificate you are using should have these domains defined in certificate Subject Alt Name (SAN):

  • your external domains to access Zowe APIML Gateway Service running in Kubernetes cluster,
  • *.<k8s-namespace>.svc.<k8s-cluster-name>
  • *.discovery-service.<k8s-namespace>.svc.<k8s-cluster-name>
  • *.gateway-service.<k8s-namespace>.svc.<k8s-cluster-name>
  • *.<k8s-namespace>.pod.<k8s-cluster-name>

<k8s-namespace> is the Kubernetes Namespace you installed Zowe into. And <k8s-cluster-name> is the Kubernetes cluster name, which usually should be cluster.local.

Without the additional domains in SAN, you may see warnings/errors related to certificate validation.

If you cannot add those domains into certificate Subject Alt Name (SAN), you can change zowe.verifyCertificates to NONSTRICT mode. Zowe components will not validate domain names but will continue to validate certificate chain, validity and whether it's trusted in Zowe truststore.

IMPORTANT: It's not recommended to disable zowe.verifyCertificates.

NOTES: With below conditions, this migration script will re-generate a new set of certificate for you with proper domain names listed above.

  • you use zwe init command to initialize Zowe,
  • use PKCS#12 format keystore by defining zowe.setup.certificate.type: PKCS12
  • did not define zowe.setup.certificate.pkcs12.import.keystore and let zwe command to generate PKCS12 keystore for you
  • enabled STRICT mode zowe.verifyCertificates.

Parameters

Full nameAliasTypeRequiredHelp message
--domains-dstringnoDomain list of certificate Subject Alternative Name (SAN).
--external-portstringnoPort number to access APIML Gateway running in Kubernetes.
--k8s-namespacestringnoKubernetes namespace.
--k8s-cluster-namestringnoKubernetes cluster name.
--alias-astringnoCertificate alias name.
--password-pstringnoPassword of the certificate keystore.

Inherited from parent command

Full nameAliasTypeRequiredHelp message
--help-hbooleannoDisplay this help.
--debug,--verbose-vbooleannoEnable verbose mode.
--trace-vvbooleannoEnable trace level debug mode.
--silent-sbooleannoDo not display messages to standard output.
--log-dir,--log-lstringnoWrite logs to this directory.
--config-cstringnoPath to Zowe configuration zowe.yaml file.
--configmgrbooleannoEnable use of configmgr capabilities.

Errors

Inherited from parent command

Error codeExit codeError message
100If the user pass --help or -h parameter, the zwe command always exits with 100 code.
ZWEL0101E101ZWE_zowe_runtimeDirectory is not defined.
ZWEL0102E102Invalid parameter %s.
ZWEL0103E103Invalid type of parameter %s.
ZWEL0104E104Invalid command %s.
ZWEL0105E105The Zowe YAML config file is associated to Zowe runtime "%s", which is not same as where zwe command is located.
ZWEL0106E106%s parameter is required.
ZWEL0107E107No handler defined for command %s.
ZWEL0108E108Zowe YAML config file is required.
ZWEL0109E109The Zowe YAML config file specified does not exist.
ZWEL0110E110Doesn't have write permission on %s directory.
ZWEL0111E111Command aborts with error.
ZWEL0112E112Zowe runtime environment must be prepared first with "zwe internal start prepare" command.
ZWEL0114E114Reached max retries on allocating random number.
ZWEL0120E120This command must run on a z/OS system.
ZWEL0121E121Cannot find node. Please define NODE_HOME environment variable.
ZWEL0122E122Cannot find java. Please define JAVA_HOME environment variable.
ZWEL0123E123This function is only available in Zowe Containerization deployment.
ZWEL0131E131Cannot find key %s defined in file %s.
ZWEL0132E132No manifest file found in component %s.
ZWEL0133E133Data set %s already exists.
ZWEL0134E134Failed to find SMS status of data set %s.
ZWEL0135E135Failed to find volume of data set %s.
ZWEL0136E136Failed to APF authorize data set %s.
ZWEL0137E137z/OSMF root certificate authority is not provided (or cannot be detected) with trusting z/OSMF option enabled.
ZWEL0138E138Failed to update key %s of file %s.
ZWEL0139E139Failed to create directory %s.
ZWEL0140E140Failed to translate Zowe configuration (%s).
ZWEL0142E142Failed to refresh APIML static registrations.
ZWEL0172EComponent %s has %s defined but the file is missing.
ZWEL0200EFailed to copy USS file %s to MVS data set %s.
ZWEL0201EFile %s does not exist.
ZWEL0202EUnable to find samplib key for %s.
ZWEL0203EEnv value in key-value pair %s has not been defined.
ZWEL0316ECommand requires zowe.useConfigmgr=true to use.