From 63489e9220549dd621dd81f8b049c0af8a640d90 Mon Sep 17 00:00:00 2001
From: dkeightley <20566450+dkeightley@users.noreply.github.com>
Date: Tue, 16 Feb 2021 10:05:18 +1300
Subject: [PATCH 1/2] Remove dependency on jq in example

---
 .../v2.x/en/security/rancher-2.4/hardening-2.4/_index.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md b/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md
index 583080c10a..f01fe1150a 100644
--- a/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md
@@ -89,7 +89,7 @@ Create a bash script file called `account_update.sh`. Be sure to `chmod +x accou
 ``` 
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl patch serviceaccount default -n ${namespace} -p "$(cat account_update.yaml)"
 done
 ```

From ae2603de308acbb08a2c394e4f90880b1b88ce62 Mon Sep 17 00:00:00 2001
From: dkeightley <derek@rancher.com>
Date: Tue, 16 Feb 2021 10:18:30 +1300
Subject: [PATCH 2/2] Update other doc pages, add bash highlighting

---
 .../rancher-v2.3.5/benchmark-2.3.5/_index.md   | 18 +++++++++---------
 .../rancher-v2.3.5/hardening-2.3.5/_index.md   |  8 ++++----
 .../rancher-2.4/benchmark-2.4/_index.md        |  4 ++--
 .../rancher-2.4/hardening-2.4/_index.md        |  6 +++---
 .../rancher-2.5/1.5-benchmark-2.5/_index.md    | 18 +++++++++---------
 .../rancher-2.5/1.5-hardening-2.5/_index.md    |  8 ++++----
 .../rancher-2.5/1.6-benchmark-2.5/_index.md    |  2 +-
 .../rancher-2.5/1.6-hardening-2.5/_index.md    |  4 ++--
 8 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/benchmark-2.3.5/_index.md b/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/benchmark-2.3.5/_index.md
index 6d0734a8bc..c0fdc782ab 100644
--- a/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/benchmark-2.3.5/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/benchmark-2.3.5/_index.md
@@ -116,7 +116,7 @@ chmod 700 /var/lib/etcd
 
 **Audit Script:** 1.1.11.sh
 
-```
+```bash
 #!/bin/bash -e
 
 etcd_bin=${1}
@@ -158,7 +158,7 @@ chown etcd:etcd /var/lib/etcd
 
 **Audit Script:** 1.1.12.sh
 
-```
+```bash
 #!/bin/bash -e
 
 etcd_bin=${1}
@@ -352,7 +352,7 @@ chmod -R 600 /etc/kubernetes/ssl/certs/serverca
 
 **Audit Script:** 1.1.21.sh
 
-```
+```bash
 #!/bin/bash -e
 check_dir=${1:-/etc/kubernetes/ssl}
 
@@ -1089,7 +1089,7 @@ In this file, choose **aescbc**, **kms** or **secretbox** as the encryption prov
 
 **Audit Script:** 1.2.34.sh
 
-```
+```bash
 #!/bin/bash -e
 
 check_file=${1}
@@ -1493,7 +1493,7 @@ Create an audit policy file for your cluster.
 
 **Audit Script:** 3.2.1.sh
 
-```
+```bash
 #!/bin/bash -e
 
 api_server_bin=${1}
@@ -2058,7 +2058,7 @@ automountServiceAccountToken: false
 
 **Audit Script:** 5.1.5.sh
 
-```
+```bash
 #!/bin/bash
 
 export KUBECONFIG=${KUBECONFIG:-/root/.kube/config}
@@ -2192,7 +2192,7 @@ Follow the documentation and create `NetworkPolicy` objects as you need them.
 
 **Audit Script:** 5.3.2.sh
 
-```
+```bash
 #!/bin/bash -e
 
 export KUBECONFIG=${KUBECONFIG:-"/root/.kube/config"}
@@ -2203,7 +2203,7 @@ if [ $? -ne 0 ]; then
   exit 1
 fi
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   policy_count=$(kubectl get networkpolicy -n ${namespace} -o json | jq '.items | length')
   if [ ${policy_count} -eq 0 ]; then
     echo "fail: ${namespace}"
@@ -2238,7 +2238,7 @@ resources and that all new resources are created in a specific namespace.
 
 **Audit Script:** 5.6.4.sh
 
-```
+```bash
 #!/bin/bash -e
 
 export KUBECONFIG=${KUBECONFIG:-/root/.kube/config}
diff --git a/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/hardening-2.3.5/_index.md b/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/hardening-2.3.5/_index.md
index 1701e56ff3..10ab0ca1a2 100644
--- a/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/hardening-2.3.5/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.5/hardening-2.3.5/_index.md
@@ -84,10 +84,10 @@ automountServiceAccountToken: false
 
 Create a bash script file called `account_update.sh`. Be sure to `chmod +x account_update.sh` so the script has execute permissions.
 
-``` 
+```bash
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl patch serviceaccount default -n ${namespace} -p "$(cat account_update.yaml)"
 done
 ```
@@ -137,10 +137,10 @@ spec:
 Create a bash script file called `apply_networkPolicy_to_all_ns.sh`. Be sure to
 `chmod +x apply_networkPolicy_to_all_ns.sh` so the script has execute permissions.
 
-```
+```bash
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl apply -f default-allow-all.yaml -n ${namespace}
 done
 ```
diff --git a/content/rancher/v2.x/en/security/rancher-2.4/benchmark-2.4/_index.md b/content/rancher/v2.x/en/security/rancher-2.4/benchmark-2.4/_index.md
index 2f6baa6206..7ae4475a1a 100644
--- a/content/rancher/v2.x/en/security/rancher-2.4/benchmark-2.4/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.4/benchmark-2.4/_index.md
@@ -2192,7 +2192,7 @@ Follow the documentation and create `NetworkPolicy` objects as you need them.
 
 **Audit Script:** 5.3.2.sh
 
-```
+```bash
 #!/bin/bash -e
 
 export KUBECONFIG=${KUBECONFIG:-"/root/.kube/config"}
@@ -2203,7 +2203,7 @@ if [ $? -ne 0 ]; then
   exit 1
 fi
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   policy_count=$(kubectl get networkpolicy -n ${namespace} -o json | jq '.items | length')
   if [ ${policy_count} -eq 0 ]; then
     echo "fail: ${namespace}"
diff --git a/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md b/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md
index f01fe1150a..80e5f5c4d0 100644
--- a/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.4/hardening-2.4/_index.md
@@ -86,7 +86,7 @@ automountServiceAccountToken: false
 
 Create a bash script file called `account_update.sh`. Be sure to `chmod +x account_update.sh` so the script has execute permissions.
 
-``` 
+```bash
 #!/bin/bash -e
 
 for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
@@ -139,10 +139,10 @@ spec:
 Create a bash script file called `apply_networkPolicy_to_all_ns.sh`. Be sure to
 `chmod +x apply_networkPolicy_to_all_ns.sh` so the script has execute permissions.
 
-```
+```bash
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl apply -f default-allow-all.yaml -n ${namespace}
 done
 ```
diff --git a/content/rancher/v2.x/en/security/rancher-2.5/1.5-benchmark-2.5/_index.md b/content/rancher/v2.x/en/security/rancher-2.5/1.5-benchmark-2.5/_index.md
index 463446b78a..095823ce81 100644
--- a/content/rancher/v2.x/en/security/rancher-2.5/1.5-benchmark-2.5/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.5/1.5-benchmark-2.5/_index.md
@@ -114,7 +114,7 @@ chmod 700 /var/lib/etcd
 
 **Audit Script:** 1.1.11.sh
 
-```
+```bash
 #!/bin/bash -e
 
 etcd_bin=${1}
@@ -156,7 +156,7 @@ chown etcd:etcd /var/lib/etcd
 
 **Audit Script:** 1.1.12.sh
 
-```
+```bash
 #!/bin/bash -e
 
 etcd_bin=${1}
@@ -350,7 +350,7 @@ chmod -R 600 /etc/kubernetes/ssl/certs/serverca
 
 **Audit Script:** 1.1.21.sh
 
-```
+```bash
 #!/bin/bash -e
 check_dir=${1:-/etc/kubernetes/ssl}
 
@@ -1087,7 +1087,7 @@ In this file, choose **aescbc**, **kms** or **secretbox** as the encryption prov
 
 **Audit Script:** 1.2.34.sh
 
-```
+```bash
 #!/bin/bash -e
 
 check_file=${1}
@@ -1491,7 +1491,7 @@ Create an audit policy file for your cluster.
 
 **Audit Script:** 3.2.1.sh
 
-```
+```bash
 #!/bin/bash -e
 
 api_server_bin=${1}
@@ -2056,7 +2056,7 @@ automountServiceAccountToken: false
 
 **Audit Script:** 5.1.5.sh
 
-```
+```bash
 #!/bin/bash
 
 export KUBECONFIG=${KUBECONFIG:-/root/.kube/config}
@@ -2190,7 +2190,7 @@ Follow the documentation and create `NetworkPolicy` objects as you need them.
 
 **Audit Script:** 5.3.2.sh
 
-```
+```bash
 #!/bin/bash -e
 
 export KUBECONFIG=${KUBECONFIG:-"/root/.kube/config"}
@@ -2201,7 +2201,7 @@ if [ $? -ne 0 ]; then
   exit 1
 fi
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   policy_count=$(kubectl get networkpolicy -n ${namespace} -o json | jq '.items | length')
   if [ ${policy_count} -eq 0 ]; then
     echo "fail: ${namespace}"
@@ -2236,7 +2236,7 @@ resources and that all new resources are created in a specific namespace.
 
 **Audit Script:** 5.6.4.sh
 
-```
+```bash
 #!/bin/bash -e
 
 export KUBECONFIG=${KUBECONFIG:-/root/.kube/config}
diff --git a/content/rancher/v2.x/en/security/rancher-2.5/1.5-hardening-2.5/_index.md b/content/rancher/v2.x/en/security/rancher-2.5/1.5-hardening-2.5/_index.md
index dfa71d7d3f..434ec7ded6 100644
--- a/content/rancher/v2.x/en/security/rancher-2.5/1.5-hardening-2.5/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.5/1.5-hardening-2.5/_index.md
@@ -83,10 +83,10 @@ automountServiceAccountToken: false
 
 Create a bash script file called `account_update.sh`. Be sure to `chmod +x account_update.sh` so the script has execute permissions.
 
-```
+```bash
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl patch serviceaccount default -n ${namespace} -p "$(cat account_update.yaml)"
 done
 ```
@@ -136,10 +136,10 @@ spec:
 Create a bash script file called `apply_networkPolicy_to_all_ns.sh`. Be sure to
 `chmod +x apply_networkPolicy_to_all_ns.sh` so the script has execute permissions.
 
-```
+```bash
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl apply -f default-allow-all.yaml -n ${namespace}
 done
 ```
diff --git a/content/rancher/v2.x/en/security/rancher-2.5/1.6-benchmark-2.5/_index.md b/content/rancher/v2.x/en/security/rancher-2.5/1.6-benchmark-2.5/_index.md
index d7803779eb..93203b3d67 100644
--- a/content/rancher/v2.x/en/security/rancher-2.5/1.6-benchmark-2.5/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.5/1.6-benchmark-2.5/_index.md
@@ -3132,7 +3132,7 @@ handle_error() {
 
 trap 'handle_error' ERR
 
-for namespace in $(kubectl get namespaces --all-namespaces -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   policy_count=$(kubectl get networkpolicy -n ${namespace} -o json | jq '.items | length')
   if [[ ${policy_count} -eq 0 ]]; then
     echo "false"
diff --git a/content/rancher/v2.x/en/security/rancher-2.5/1.6-hardening-2.5/_index.md b/content/rancher/v2.x/en/security/rancher-2.5/1.6-hardening-2.5/_index.md
index efc9c393e6..c7604e3e1c 100644
--- a/content/rancher/v2.x/en/security/rancher-2.5/1.6-hardening-2.5/_index.md
+++ b/content/rancher/v2.x/en/security/rancher-2.5/1.6-hardening-2.5/_index.md
@@ -86,7 +86,7 @@ Create a bash script file called `account_update.sh`. Be sure to `chmod +x accou
 ```bash
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl patch serviceaccount default -n ${namespace} -p "$(cat account_update.yaml)"
 done
 ```
@@ -139,7 +139,7 @@ Create a bash script file called `apply_networkPolicy_to_all_ns.sh`. Be sure to
 ```bash
 #!/bin/bash -e
 
-for namespace in $(kubectl get namespaces -A -o json | jq -r '.items[].metadata.name'); do
+for namespace in $(kubectl get namespaces --no-headers --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'); do
   kubectl apply -f default-allow-all.yaml -n ${namespace}
 done
 ```