kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #25619 from zwindler/patch-1 

fix: errors in base64 and sed commands
pull/26480/head
Kubernetes Prow Robot 2021-02-12 01:10:47 -08:00 committed by GitHub
parent 9afb531553 75c599829d
commit e512e4ef78
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/en/docs/tasks/tls/manual-rotation-of-ca-certificates.md
View File

@ -51,12 +51,12 @@ Configurations with a single API server will experience unavailability while the
If any pods are started before new CA is used by API servers, they will get this update and trust both old and new CAs. If any pods are started before new CA is used by API servers, they will get this update and trust both old and new CAs.
```shell ```shell
base64_encoded_ca="$(base64 <path to file containing both old and new CAs>)" base64_encoded_ca="$(base64 -w0 <path to file containing both old and new CAs>)"
for namespace in $(kubectl get ns --no-headers | awk '{print $1}'); do for namespace in $(kubectl get ns --no-headers | awk '{print $1}'); do
for token in $(kubectl get secrets --namespace "$namespace" --field-selector type=kubernetes.io/service-account-token -o name); do for token in $(kubectl get secrets --namespace "$namespace" --field-selector type=kubernetes.io/service-account-token -o name); do
kubectl get $token --namespace "$namespace" -o yaml | \ kubectl get $token --namespace "$namespace" -o yaml | \
/bin/sed "s/\(ca.crt:\).*/\1 ${base64_encoded_ca}" | \ /bin/sed "s/\(ca.crt:\).*/\1 ${base64_encoded_ca}/" | \
kubectl apply -f - kubectl apply -f -
done done
done done
@ -132,10 +132,10 @@ Configurations with a single API server will experience unavailability while the
1. If your cluster is using bootstrap tokens to join nodes, update the ConfigMap `cluster-info` in the `kube-public` namespace with new CA. 1. If your cluster is using bootstrap tokens to join nodes, update the ConfigMap `cluster-info` in the `kube-public` namespace with new CA.
```shell ```shell
base64_encoded_ca="$(base64 /etc/kubernetes/pki/ca.crt)" base64_encoded_ca="$(base64 -w0 /etc/kubernetes/pki/ca.crt)"
kubectl get cm/cluster-info --namespace kube-public -o yaml | \ kubectl get cm/cluster-info --namespace kube-public -o yaml | \
/bin/sed "s/\(certificate-authority-data:\).*/\1 ${base64_encoded_ca}" | \ /bin/sed "s/\(certificate-authority-data:\).*/\1 ${base64_encoded_ca}/" | \
kubectl apply -f - kubectl apply -f -
``` ```