docs: Update IPsec key rotation command

The previous command relies on awk(1) which could behave differently on Linux and macOS. This patch uses `kubectl -o go-template` to remove dependency on awk(1), makes sure key rotation operation works properly on both platform. Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
tklauser · Oct 16, 2023 · 42ef7f3 · 42ef7f3
1 parent 1761088
commit 42ef7f3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Documentation/security/network/encryption-ipsec.rst b/Documentation/security/network/encryption-ipsec.rst
@@ -166,7 +166,7 @@ To replace cilium-ipsec-keys secret with a new key:
 
 .. code-block:: shell-session
 
-    KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o yaml | awk '/^\s*keys:/ {print $2}' | base64 -d | awk '{print $1}')
+    KEYID=$(kubectl get secret -n kube-system cilium-ipsec-keys -o go-template --template={{.data.keys}} | base64 -d | cut -c 1)
     if [[ $KEYID -ge 15 ]]; then KEYID=0; fi
     data=$(echo "{\"stringData\":{\"keys\":\"$((($KEYID+1))) "rfc4106\(gcm\(aes\)\)" $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null| xxd -p -c 64)) 128\"}}")
     kubectl patch secret -n kube-system cilium-ipsec-keys -p="${data}" -v=1