Remote CLI (remainder)

Story: 2011399
Task: 52686

Change-Id: I4284c92edbec39acd4ad68b49632633546ae2b41
Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>

doc/source/security/kubernetes/configure-kubernetes-client-access.rst

@@ -120,33 +120,21 @@ Kubernetes Remote Client Access using the Host Directly
         % sudo apt-get update
         % sudo apt-get install -y kubectl
 
-#.  Optional: Contact your system administrator for the |prod| Kubernetes
-    cluster's public root |CA| certificate. Copy this certificate to your system
-    as ``k8s-ca.crt``. This step is strongly recommended, but it still possible
-    to connect to the Kubernetes cluster without this certificate.
+#.  Contact your system administrator for the |prod| system-local-ca |CA|
+    certificate. Copy this certificate to your system as ``stx-ca.crt``.
 
 #.  Create an empty Kubernetes configuration file (the default path is
-    ``~/.kube/config``). Execute the commands below to update this file. Use the
-    |OAM| IP address and the Kubernetes |CA| certificate acquired in the
+    ``~/.kube/config``). Run the commands below to update this file. Use the
+    |OAM| IP address and the system-local-ca |CA| certificate acquired in the
     previous step. If the |OAM| IP is IPv6, use the IP enclosed in brackets
-    (example: "[fd00::a14:803]"). In the example below, the user is
-    "admin-user", change it to the name of user you want to authenticate.
+    (example: ``[fd00::a14:803]``). In the example below, the user is
+    ``admin-user``. Change it to the name of user you want to authenticate.
 
     .. code-block:: none
 
         $ MYUSER="admin-user"
         $ kubectl config set-cluster wrcpcluster --server=https://<OAM_IP>:6443
-        $ kubectl config set clusters.wrcpcluster.certificate-authority-data $(base64 -w0 k8s-ca.crt)
-        $ kubectl config set-context ${MYUSER}@wrcpcluster --cluster=wrcpcluster --user ${MYUSER}
-        $ kubectl config use-context ${MYUSER}@wrcpcluster
-
-    If you don't have the Kubernetes |CA| certificate, execute the following
-    commands instead.
-
-    .. code-block:: none
-
-        $ MYUSER="admin-user"
-        $ kubectl config set-cluster wrcpcluster --server=https://<OAM_IP>:6443 --insecure-skip-tls-verify
+        $ kubectl config set clusters.wrcpcluster.certificate-authority-data $(base64 -w0 stx-ca.crt)
         $ kubectl config set-context ${MYUSER}@wrcpcluster --cluster=wrcpcluster --user ${MYUSER}
         $ kubectl config use-context ${MYUSER}@wrcpcluster
 

doc/source/security/kubernetes/create-first-system-administrator-1775e1b20941.rst

@@ -124,9 +124,9 @@ it can create subsequent system administrators and end users.
         $ USERNAME="joefulladmin"
         $ USERPASSWORD="<password>"
         $ PROJECTNAME="admin"
-        $ PROJECTID=`openstack project list | grep ${PROJECTNAME} | awk '{print $2}'\`
+        $ PROJECTID=$(openstack project list | grep "${PROJECTNAME}" | awk '{print $2}')
         $ openstack user create --password "${USERPASSWORD}" --project ${PROJECTID} "${USERNAME}"
-        $ openstack role add --project ${PROJECTNAME} --user ${USERNAME}_member_
+        $ openstack role add --project ${PROJECTNAME} --user ${USERNAME} member
 
      #.   Add full |prod| authorization privileges to the first system
           administrator's keystone user account.

doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst

@@ -129,15 +129,6 @@ CLIs and Clients for an admin user with cluster-admin clusterrole.
             ~(keystone_admin)]$ kubectl get secret system-local-ca -n cert-manager -o=jsonpath='{.data.ca\.crt}' | base64 --decode > /home/sysadmin/stx.ca.crt
             ~(keystone_admin)]$ scp /home/sysadmin/stx.ca.crt <remote_workstation_user>@<remote_workstation_IP>:~/stx.ca.crt
 
-    #.  Optional: copy the Kubernetes |CA| certificate
-        ``/etc/kubernetes/pki/ca.crt`` from the active controller to the remote
-        workstation. This step is strongly recommended, but it still possible
-        to connect to the Kubernetes cluster without this certificate.
-
-        .. code-block:: none
-
-            ~(keystone_admin)]$ scp /etc/kubernetes/pki/ca.crt <remote_workstation_user>@<remote_workstation_IP>:~/k8s-ca.crt
-
 #.  In the remote workstation, do the actions listed below.
 
     #.  Create a working directory that will be mounted by the container
@@ -294,27 +285,16 @@ CLIs and Clients for an admin user with cluster-admin clusterrole.
 
     #.  Update the contents in the admin-kubeconfig file using the
         :command:`kubectl` command from the container. Use the |OAM| IP address
-        and the Kubernetes |CA| certificate acquired in the steps above. If the
-        |OAM| IP is IPv6, use the IP enclosed in brackets (example:
-        "[fd00::a14:803]").
+        and the |prod| system-local-ca certificate acquired in the steps above.
+        If the |OAM| IP is IPv6, use the IP enclosed in brackets (example:
+        ``[fd00::a14:803]``).
 
         .. code-block:: none
 
             $ cd $HOME/remote_cli_wd
             $ source remote_client_platform.sh
             $ kubectl config set-cluster wrcpcluster --server=https://<OAM_IP>:6443
-            $ kubectl config set clusters.wrcpcluster.certificate-authority-data $(base64 -w0 k8s-ca.crt)
-            $ kubectl config set-context ${MYUSER}@wrcpcluster --cluster=wrcpcluster --user ${MYUSER}
-            $ kubectl config use-context ${MYUSER}@wrcpcluster
-
-        If you don't have the Kubernetes |CA| certificate, execute the following
-        commands instead.
-
-        .. code-block:: none
-
-            $ cd $HOME/remote_cli_wd
-            $ source remote_client_platform.sh
-            $ kubectl config set-cluster wrcpcluster --server=https://<OAM_IP>:6443 --insecure-skip-tls-verify
+            $ kubectl config set clusters.wrcpcluster.certificate-authority-data $(base64 -w0 ~/stx.ca.crt)
             $ kubectl config set-context ${MYUSER}@wrcpcluster --cluster=wrcpcluster --user ${MYUSER}
             $ kubectl config use-context ${MYUSER}@wrcpcluster
 

doc/source/security/kubernetes/system-administrator-collect-system-information-for-user-8502c985343d.rst

@@ -62,16 +62,15 @@ The following data needs to be collected:
 
      .. code-block::
 
-        $ kubectl get secret system-local-ca -n cert-manager -o=jsonpath='{.data.tls\.crt}' | base64 --decode > ~/stx-remote-access-info/stx.ca.crt
+         $ kubectl get secret system-local-ca -n cert-manager -o=jsonpath='{.data.ca\.crt}' | base64 --decode > ~/stx-remote-access-info/stx.ca.crt
 
-#.   Get the kubernetes environment data for the |prod| system.
+#.   Get the Kubernetes environment data for the |prod| system.
 
      .. code-block::
 
          $ OAMIP=$(system oam-show | egrep "(oam_ip|oam_floating_ip)" | awk '{print $4}')
-
          $ touch ~/stx-remote-access-info/kubeconfig
-         $ kubectl config --kubeconfig ~/stx-remote-access-info/kubeconfig set-cluster stx-cluster --server=https://${OAMIP}:6443 --embed-certs --certificate-authority=/etc/kubernetes/pki/ca.crt
+         $ kubectl config --kubeconfig ~/stx-remote-access-info/kubeconfig set-cluster stx-cluster --server=https://${OAMIP}:6443 --embed-certs --certificate-authority=~/stx-remote-access-info/stx.ca.crt
          $ kubectl config --kubeconfig ~/stx-remote-access-info/kubeconfig set-context YOURUSERNAMEHERE@stx-cluster --cluster=stx-cluster --user YOURUSERNAMEHERE
          $ kubectl config --kubeconfig ~/stx-remote-access-info/kubeconfig use-context YOURUSERNAMEHERE@stx-cluster