kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Change deprecated `kubectl update` to `replace` (#4307)

reviewable/pr4532/r1
Saksham Sharma 2017-07-27 14:36:59 -07:00 committed by Andrew Chen
parent 15d9cfbd92
commit 63167903a5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/tasks/administer-cluster/encrypt-data.md
View File

@ -148,7 +148,7 @@ program to retrieve the contents of your secret.
Since secrets are encrypted on write, performing an update on a secret will encrypt that content. Since secrets are encrypted on write, performing an update on a secret will encrypt that content.
``` ```
kubectl get secrets -o json | kubectl update -f - kubectl get secrets -o json | kubectl replace -f -
``` ```
The command above reads all secrets and then updates them to apply server side encryption. The command above reads all secrets and then updates them to apply server side encryption.
@ -165,7 +165,7 @@ the presence of a highly available deployment where multiple `kube-apiserver` pr
2. Restart all `kube-apiserver` processes to ensure each server can decrypt using the new key 2. Restart all `kube-apiserver` processes to ensure each server can decrypt using the new key
3. Make the new key the first entry in the `keys` array so that it is used for encryption in the config 3. Make the new key the first entry in the `keys` array so that it is used for encryption in the config
4. Restart all `kube-apiserver` processes to ensure each server now encrypts using the new key 4. Restart all `kube-apiserver` processes to ensure each server now encrypts using the new key
5. Run `kubectl get secrets -o json | kubectl update -f -` to update all secrets 5. Run `kubectl get secrets -o json | kubectl replace -f -` to encrypt all existing secrets with the new key
6. Remove the old decryption key from the config after you back up etcd with the new key in use and update all secrets 6. Remove the old decryption key from the config after you back up etcd with the new key in use and update all secrets
With a single `kube-apiserver`, step 2 may be skipped With a single `kube-apiserver`, step 2 may be skipped
@ -189,7 +189,7 @@ resources:
secret: <BASE 64 ENCODED SECRET> secret: <BASE 64 ENCODED SECRET>
``` ```
and restart all `kube-apiserver` processes. Then run the command `kubectl get secrets -o json | kubectl update -f -` and restart all `kube-apiserver` processes. Then run the command `kubectl get secrets -o json | kubectl replace -f -`
to force all secrets to be decrypted. to force all secrets to be decrypted.
{% endcapture %} {% endcapture %}