rollback base64 -w 0 command to doesn't create end of lines

IgorEulalio · Oct 10, 2022 · ff69101 · ff69101
1 parent 7f1d0d1
commit ff69101
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/admission-webhook/deploy/create-signed-cert.sh b/admission-webhook/deploy/create-signed-cert.sh
@@ -109,8 +109,6 @@ fi
 
 echo $SERVER_CSR
 
-cat $SERVER_CSR | base64 
-
 # create server cert/key CSR and send to k8s API
 CSR_CONTENTS=$(cat <<EOF
 apiVersion: certificates.k8s.io/v1
@@ -120,7 +118,7 @@ metadata:
 spec:
  groups:
  - system:authenticated
- request: $(cat "$SERVER_CSR" | base64)
+ request: $(cat "$SERVER_CSR" | base64 -w 0)
  signerName: beta.eks.amazonaws.com/app-serving
  usages:
  - digital signature
@@ -147,6 +145,6 @@ if ! $DRY_RUN; then
  }
  SERVER_CERT_CONTENTS=$(wait_for verify_cert_signed "after approving CSR $CSR_NAME, the signed certificate did not appear on the resource")
 
- gen_server_cert() { echo "$SERVER_CERT_CONTENTS" | openssl base64 -d -A -out "$SERVER_CERT"; }
+ gen_server_cert() { echo "$SERVER_CERT_CONTENTS" | openssl base64 -w 0 -d -A -out "$SERVER_CERT"; }
  gen_file gen_server_cert "$SERVER_CERT"
 fi
diff --git a/admission-webhook/deploy/deploy-gmsa-webhook.sh b/admission-webhook/deploy/deploy-gmsa-webhook.sh
@@ -151,7 +151,7 @@ main() {
  # the TLS certificate might not have been generated yet if it's a dry run
  local TLS_CERTIFICATE
  if [ -r "$SERVER_CERT" ]; then
- TLS_CERTIFICATE=$(cat "$SERVER_CERT" | base64)
+ TLS_CERTIFICATE=$(cat "$SERVER_CERT" | base64 -w 0)
  elif $DRY_RUN; then
  TLS_CERTIFICATE='TBD'
  else
@@ -172,7 +172,7 @@ main() {
 
  if [ -f "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" ]; then
  info 'using pod based authentication'
- BUNDLE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 | tr -d '\n')
+ BUNDLE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 -w 0 | tr -d '\n')
  else
  info 'using config file authentication'
  BUNDLE=$($KUBECTL config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}')
@@ -182,7 +182,7 @@ main() {
  fatal_error "Not able to determine CA bundle for depoloyment"
  fi
 
- TLS_PRIVATE_KEY=$(cat "$SERVER_KEY" | base64) \
+ TLS_PRIVATE_KEY=$(cat "$SERVER_KEY" | base64 -w 0) \
  TLS_CERTIFICATE="$TLS_CERTIFICATE" \
  CA_BUNDLE="$BUNDLE" \
  RBAC_ROLE_NAME="$NAMESPACE-$NAME-rbac-role" \