website
website copied to clipboard
In documentation for Helm chart replace command for Identity.Issuer.CrtExpiry
Bug Report
What is the issue?
https://linkerd.io/2/tasks/install-helm/#helm-install-procedure and https://linkerd.io/2/tasks/generate-certificates/
# set expiry date one year from now, in Mac:
exp=$(date -v+8760H +"%Y-%m-%dT%H:%M:%SZ")
# in Linux:
exp=$(date -d '+8760 hour' +"%Y-%m-%dT%H:%M:%SZ")
The command does not look perfect, because with each call it generates a new value and does not correspond to the expiration date in CrtPEM as it is required in values.yaml
:
# must match the expiry date in CrtPEM
CrtExpiry:
Possible solution
I suggest to replace it with something like this:
date -d"$(cat issuer.crt | openssl x509 -noout -enddate | sed 's/notAfter=//')" +"%Y-%m-%dT%H:%M:%SZ"
2020-09-05T09:11:25Z
# which is equal to
cat issuer.crt | openssl x509 -noout -enddate | sed 's/notAfter=//'
Sep 5 09:11:25 2020 GMT
# versus
date -d '+8760 hour' +"%Y-%m-%dT%H:%M:%SZ
2020-09-05T11:03:18Z
Not sure about the syntax for OSX.