From 63167903a5a79745650d7efafb0c40b1fa37072a Mon Sep 17 00:00:00 2001 From: Saksham Sharma Date: Thu, 27 Jul 2017 14:36:59 -0700 Subject: [PATCH] Change deprecated `kubectl update` to `replace` (#4307) --- docs/tasks/administer-cluster/encrypt-data.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/tasks/administer-cluster/encrypt-data.md b/docs/tasks/administer-cluster/encrypt-data.md index 92bfbd6dc8..5f096631a3 100644 --- a/docs/tasks/administer-cluster/encrypt-data.md +++ b/docs/tasks/administer-cluster/encrypt-data.md @@ -148,7 +148,7 @@ program to retrieve the contents of your secret. Since secrets are encrypted on write, performing an update on a secret will encrypt that content. ``` -kubectl get secrets -o json | kubectl update -f - +kubectl get secrets -o json | kubectl replace -f - ``` The command above reads all secrets and then updates them to apply server side encryption. @@ -165,7 +165,7 @@ the presence of a highly available deployment where multiple `kube-apiserver` pr 2. Restart all `kube-apiserver` processes to ensure each server can decrypt using the new key 3. Make the new key the first entry in the `keys` array so that it is used for encryption in the config 4. Restart all `kube-apiserver` processes to ensure each server now encrypts using the new key -5. Run `kubectl get secrets -o json | kubectl update -f -` to update all secrets +5. Run `kubectl get secrets -o json | kubectl replace -f -` to encrypt all existing secrets with the new key 6. Remove the old decryption key from the config after you back up etcd with the new key in use and update all secrets With a single `kube-apiserver`, step 2 may be skipped @@ -189,7 +189,7 @@ resources: secret: ``` -and restart all `kube-apiserver` processes. Then run the command `kubectl get secrets -o json | kubectl update -f -` +and restart all `kube-apiserver` processes. Then run the command `kubectl get secrets -o json | kubectl replace -f -` to force all secrets to be decrypted. {% endcapture %}