From b39b0c46636d5db65632b18b13a46f6b1846bbda Mon Sep 17 00:00:00 2001 From: Paul Wyborn Date: Mon, 20 Nov 2023 12:27:17 +0000 Subject: [PATCH 1/2] Update rotate-user-aws-credentials.html.md.erb --- runbooks/source/rotate-user-aws-credentials.html.md.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runbooks/source/rotate-user-aws-credentials.html.md.erb b/runbooks/source/rotate-user-aws-credentials.html.md.erb index 947a6853..204e76f7 100644 --- a/runbooks/source/rotate-user-aws-credentials.html.md.erb +++ b/runbooks/source/rotate-user-aws-credentials.html.md.erb @@ -1,7 +1,7 @@ --- title: Rotate User Credentials weight: 100 -last_reviewed_on: 2023-09-27 +last_reviewed_on: 2023-11-20 review_in: 6 months --- From 34c0d260bb5d690589bfd49bd7ff98a5a4bfd277 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 20 Nov 2023 12:28:07 +0000 Subject: [PATCH 2/2] Commit changes made by code formatters --- runbooks/source/rotate-user-aws-credentials.html.md.erb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/runbooks/source/rotate-user-aws-credentials.html.md.erb b/runbooks/source/rotate-user-aws-credentials.html.md.erb index 204e76f7..f2bab593 100644 --- a/runbooks/source/rotate-user-aws-credentials.html.md.erb +++ b/runbooks/source/rotate-user-aws-credentials.html.md.erb @@ -34,7 +34,6 @@ make tools-shell If the changes involve applying "pingdom_check", set the environment variables for pingdom. The values are stored as secrets in `manager` cluster - `concourse-main` namespace. - ## Target the live cluster ```bash @@ -171,7 +170,7 @@ If this looks like it's going to do the right thing, enter 'yes' to confirm. At this point, a new set of AWS credentials should have been created for the existing IAM user, and the kubernetes secret should contain the new access key and secret. -Note: It is possible that applications might experience downtime if, for example, a pod which was launched with the old password drops the connection to AWS and tries to open a new one (which will fail, because the password is no longer valid). +Note: It is possible that applications might experience downtime if, for example, a pod which was launched with the old password drops the connection to AWS and tries to open a new one (which will fail, because the password is no longer valid). To make pods pick up the new password, perform a _manual_ rollout on every relevant deployment: ```bash kubectl rollout restart "deployment/{deployment}" -namespace="{namespace}"