From f0a86796f03be5af375afd74e09765b12fc69148 Mon Sep 17 00:00:00 2001
From: Jesse Stuart <hi@jessestuart.com>
Date: Sun, 11 Mar 2018 06:27:11 -0400
Subject: [PATCH] docs: Add missing argument in `kubeadm` workaround script.

One of the `sed` commands for updating the kubeadm systemd
file (`/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`)
was missing a `-i` reference to the file itself, causing it
to hang indefinitely if ran as declared.

I also wrapped this second `sed` in an `if grep ...` check,
in order to make the operation idempotent.
---
 docs/kube-prometheus-on-kubeadm.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/kube-prometheus-on-kubeadm.md b/docs/kube-prometheus-on-kubeadm.md
index e1fe2da9..78a499e0 100644
--- a/docs/kube-prometheus-on-kubeadm.md
+++ b/docs/kube-prometheus-on-kubeadm.md
@@ -50,9 +50,12 @@ In addition, we will be using `node-exporter` to monitor the `cAdvisor` service
 
 Again, we need to expose the `cadvisor` that is installed and managed by the `kubelet` daemon and allow webhook token authentication. To do so, we do the following on all the masters and nodes:
 
-```
-sed -e "/cadvisor-port=0/d" -i /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
-sed -e "s/--authorization-mode=Webhook/--authentication-token-webhook=true --authorization-mode=Webhook/"
+```bash
+KUBEADM_SYSTEMD_CONF=/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+sed -e "/cadvisor-port=0/d" -i "$KUBEADM_SYSTEMD_CONF"
+if ! grep -q "authentication-token-webhook=true" "$KUBEADM_SYSTEMD_CONF"; then
+  sed -e "s/--authorization-mode=Webhook/--authentication-token-webhook=true --authorization-mode=Webhook/" -i "$KUBEADM_SYSTEMD_CONF"
+fi
 systemctl daemon-reload
 systemctl restart kubelet
 ```
-- 
GitLab