Updating Monitoring namespace for certificate rotation

You must manually update the Monitoring namespace to ensure seamless certificate rotation and synchronization across namespaces.

Verify that you have kubectl installed and configured to point to the cluster that requires fixing.

Copy the below script to a new file and save it as update-monitoring-namespace-cacert.sh

export SOURCE_NAMESPACE="<CONTROL_PLANE_NAMESPACE>"
export SOURCE_CONFIGMAP="cdp-pvc-truststore"
export SOURCE_KEY="JKS"
export TARGET_NAMESPACE="<MONITORING_PLATFORM_NAMESPACE>"
export TARGET_CONFIGMAP="monitoring-sdx-ca-certs"
export TARGET_KEY="cacerts"
                                
# Store the data in a variable
DATA=$(kubectl get configmap $SOURCE_CONFIGMAP -n 
$SOURCE_NAMESPACE -o jsonpath="{.binaryData.$SOURCE_KEY}")

# Update the target configmap using the variable
kubectl patch configmap $TARGET_CONFIGMAP -n $TARGET_NAMESPACE \
--type='json' -p="[{\"op\": \"replace\", \"path\": \"/binaryData/$TARGET_KEY\", 
\"value\":\"$DATA\"}]"

Edit the script by replacing <CONTROL_PLANE_NAMESPACE> with the name of the Cloudera Control Plane namespace.
Edit the script by replacing <MONITORING_PLATFORM_NAMESPACE> with the Monitoring platform namespace for the problematic environment. This is the namespace where the monitoring-cm-health-exporter is located.

note
Use the full name. For example, afm-cdp-155-<hash>-monitoring-platform
1. Log in to the Monitoring dashboard
2. Click the Namespace drop-down
3. Copy the Monitoring platform namespace
Save and run the script update-monitoring-namespace-cacert.sh

Verify recovery:

The monitoring-cm-health-exporter should recover the next time it restarts.
Alternatively, you can terminate the problematic pod to force it to recover immediately. Run the command kubectl rollout restart deployment monitoring-cm-health-exporter -n <monitoring_namespace>