Menu
I've created a Kubernetes cluster on AWS with the kops tool. I need to get hold of its certificate authority certificate and key though, how do I export these files through kops?
I've tried the following, but it fails saying that yaml output format isn't supported for secrets:
kops --state s3://example.com get secret ca -o yaml I'm also wondering how to specify which cluster to address, as kops is just using the default kubectl context. I'm using kops version 1.6.2.
759
Check certificate expiration The command shows expiration/residual time for the client certificates in the /etc/kubernetes/pki folder and for the client certificate embedded in the KUBECONFIG files used by kubeadm ( admin. conf , controller-manager. conf and scheduler. conf ).
Where certificates are stored. If you install Kubernetes with kubeadm, most certificates are stored in /etc/kubernetes/pki .
I found out that kops stores the CA key and certificate in its S3 bucket, so you can download said files like so:
aws s3 cp s3://$BUCKET/$CLUSTER/pki/private/ca/$KEY.key ca.key aws s3 cp s3://$BUCKET/$CLUSTER/pki/issued/ca/$CERT.crt ca.crt You need to determine the S3 bucket used by kops (i.e. $BUCKET), the name of your cluster ($CLUSTER) and the filenames of the .key and .crt files will be random.
63
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With