diff --git a/cmd/kubeadm/app/apis/kubeadm/types.go b/cmd/kubeadm/app/apis/kubeadm/types.go index 4257dadfa7c..19074702338 100644 --- a/cmd/kubeadm/app/apis/kubeadm/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/types.go @@ -373,8 +373,7 @@ type BootstrapTokenDiscovery struct { // pinning, which can be unsafe. Each hash is specified as ":", // where the only currently supported type is "sha256". This is a hex-encoded // SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - // ASN.1. These hashes can be calculated using, for example, OpenSSL: - // openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + // ASN.1. These hashes can be calculated using, for example, OpenSSL. CACertHashes []string // UnsafeSkipCAVerification allows token-based discovery diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go index ce3dceb8a2f..61097572c4c 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go @@ -362,8 +362,7 @@ type BootstrapTokenDiscovery struct { // pinning, which can be unsafe. Each hash is specified as ":", // where the only currently supported type is "sha256". This is a hex-encoded // SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - // ASN.1. These hashes can be calculated using, for example, OpenSSL: - // openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + // ASN.1. These hashes can be calculated using, for example, OpenSSL. CACertHashes []string `json:"caCertHashes,omitempty"` // UnsafeSkipCAVerification allows token-based discovery diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go index d13af5bd15d..a9261d06731 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go @@ -364,8 +364,7 @@ type BootstrapTokenDiscovery struct { // pinning, which can be unsafe. Each hash is specified as ":", // where the only currently supported type is "sha256". This is a hex-encoded // SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - // ASN.1. These hashes can be calculated using, for example, OpenSSL: - // openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + // ASN.1. These hashes can be calculated using, for example, OpenSSL. CACertHashes []string `json:"caCertHashes,omitempty"` // UnsafeSkipCAVerification allows token-based discovery diff --git a/cmd/kubeadm/app/util/pubkeypin/pubkeypin_test.go b/cmd/kubeadm/app/util/pubkeypin/pubkeypin_test.go index a5a0d57a45f..8ca2c6cf776 100644 --- a/cmd/kubeadm/app/util/pubkeypin/pubkeypin_test.go +++ b/cmd/kubeadm/app/util/pubkeypin/pubkeypin_test.go @@ -47,8 +47,7 @@ c1vuFqTnJBPcb7W//R/GI2Paicm1cmns9NLnPR35exHxFTy+D1yxmGokpoPMdife aH+sfuxT8xeTPb3kjzF9eJTlnEquUDLM -----END CERTIFICATE-----` -// expectedHash can be verified using the openssl CLI: -// openssl x509 -pubkey -in test.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex +// expectedHash can be verified using the openssl CLI. const expectedHash = `sha256:345959acb2c3b2feb87d281961c893f62a314207ef02599f1cc4a5fb255480b3` // testCert2PEM is a second test cert generated the same way as testCertPEM