Merge pull request #25619 from zwindler/patch-1

fix: errors in base64 and sed commands
2021-02-12 01:10:47 -08:00 · 2021-02-12 01:10:47 -08:00 · e512e4ef78
parent 9afb531553 75c599829d
commit e512e4ef78
1 changed files with 4 additions and 4 deletions
--- a/content/en/docs/tasks/tls/manual-rotation-of-ca-certificates.md
+++ b/content/en/docs/tasks/tls/manual-rotation-of-ca-certificates.md
@ -51,12 +51,12 @@ Configurations with a single API server will experience unavailability while the
   If any pods are started before new CA is used by API servers, they will get this update and trust both old and new CAs.

   ```shell
-   base64_encoded_ca="$(base64 <path to file containing both old and new CAs>)"
+   base64_encoded_ca="$(base64 -w0 <path to file containing both old and new CAs>)"

   for namespace in $(kubectl get ns --no-headers | awk '{print $1}'); do
       for token in $(kubectl get secrets --namespace "$namespace" --field-selector type=kubernetes.io/service-account-token -o name); do
           kubectl get $token --namespace "$namespace" -o yaml | \
-             /bin/sed "s/\(ca.crt:\).*/\1 ${base64_encoded_ca}" | \
+             /bin/sed "s/\(ca.crt:\).*/\1 ${base64_encoded_ca}/" | \
             kubectl apply -f -
       done
   done
@ -132,10 +132,10 @@ Configurations with a single API server will experience unavailability while the
 1. If your cluster is using bootstrap tokens to join nodes, update the ConfigMap `cluster-info` in the `kube-public` namespace with new CA.

   ```shell
-   base64_encoded_ca="$(base64 /etc/kubernetes/pki/ca.crt)"
+   base64_encoded_ca="$(base64 -w0 /etc/kubernetes/pki/ca.crt)"

   kubectl get cm/cluster-info --namespace kube-public -o yaml | \
-       /bin/sed "s/\(certificate-authority-data:\).*/\1 ${base64_encoded_ca}" | \
+       /bin/sed "s/\(certificate-authority-data:\).*/\1 ${base64_encoded_ca}/" | \
       kubectl apply -f -
   ```