website In documentation for Helm chart replace command for Identity.Issuer.CrtExpiry

In documentation for Helm chart replace command for Identity.Issuer.CrtExpiry

Open KIVagant opened this issue 4 years ago • 3 comments

Bug Report

What is the issue?

https://linkerd.io/2/tasks/install-helm/#helm-install-procedure and https://linkerd.io/2/tasks/generate-certificates/

# set expiry date one year from now, in Mac:
exp=$(date -v+8760H +"%Y-%m-%dT%H:%M:%SZ")
# in Linux:
exp=$(date -d '+8760 hour' +"%Y-%m-%dT%H:%M:%SZ")

The command does not look perfect, because with each call it generates a new value and does not correspond to the expiration date in CrtPEM as it is required in values.yaml:

    # must match the expiry date in CrtPEM
    CrtExpiry:

Possible solution

I suggest to replace it with something like this:

date -d"$(cat issuer.crt | openssl x509 -noout -enddate | sed 's/notAfter=//')" +"%Y-%m-%dT%H:%M:%SZ"
2020-09-05T09:11:25Z

# which is equal to
cat issuer.crt | openssl x509 -noout -enddate | sed 's/notAfter=//'
Sep  5 09:11:25 2020 GMT

# versus
date -d '+8760 hour' +"%Y-%m-%dT%H:%M:%SZ
2020-09-05T11:03:18Z

Not sure about the syntax for OSX.

Sep 06 '19 10:09 KIVagant

website website copied to clipboard

In documentation for Helm chart replace command for Identity.Issuer.CrtExpiry

Bug Report

What is the issue?

Possible solution

website
website copied to clipboard