Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

K8s: Simplify the update REC credential step #1147

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

K8s: Simplify the update REC credential step #1147

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 7 additions & 32 deletions content/operate/kubernetes/security/manage-rec-credentials.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,24 +64,12 @@ curl -k --request POST \

3. From outside the pod, update the REC credential secret.

3a. Save the existing username to a text file.

```sh
echo -n "<current_username>" > username
```

3b. Save the new password to a text file.

```sh
echo -n "<new_password>" > password
```

3c. Update the REC credential secret.

```sh
kubectl create secret generic <cluster_secret_name> \
--from-file=./username \
--from-file=./password --dry-run \
--save-config \
--dry-run=client \
--from-literal=username=<username> \
--from-literal=password=<password> \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using <new-password> placeholder. Previously we had this emphasized via the now-removed 3b section.

-o yaml | \
kubectl apply -f
```
Expand Down Expand Up @@ -119,27 +107,14 @@ curl -k --request DELETE \

4. Update the REC credential secret:

4a. Save the new username to a text file.

```sh
echo -n "<new_username>" > username
```

4b. Save the new password to a text file.

```sh
echo -n "<new_password>" > password
```

4c. Update the REC credential secret.

```sh
kubectl create secret generic <cluster_secret_name> \
--save-config \
--dry-run=client \
--from-file=./username --from-file=./password \
--from-literal=username=<username> \
--from-literal=password=<password> \
Comment on lines +114 to +115
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, consider <new_username> and <new_password>.

-o yaml | \
kubectl apply -f
kubectl apply -f
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The command is broken - it should end with kubectl apply -f - (the -f - indicates to read the input from stdin).
Same applies to the previous section with a similar command.

Copy link

@markotrapani markotrapani Feb 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching this, Zvi. The last line of both kubectl commands should read:
kubectl apply -f -

```

5. Wait five minutes for all the components to read the new password from the updated secret. If you proceed to the next step too soon, the account could get locked.
Expand Down