How do I get the certificate authority certificate/key from a cluster created by kops?

About

Asked 29/6, 2017 at 8:35 Answered 3/7, 2017 at 13:11

Solved ssl ssl-certificate kubernetes certificate-authority kops

I've created a Kubernetes cluster on AWS with the kops tool. I need to get hold of its certificate authority certificate and key though, how do I export these files through kops?

I've tried the following, but it fails saying that yaml output format isn't supported for secrets:

kops --state s3://example.com get secret ca -o yaml

I'm also wondering how to specify which cluster to address, as kops is just using the default kubectl context. I'm using kops version 1.6.2.

Syracuse answered 29/6, 2017 at 8:35 Comment(1)

About the vote to close regarding the question not being about programming, the help center does state that 'software tools commonly used by programmers' is firmly within the scope of this site! I would argue that kops/kubernetes are commonly used by programmers. – Syracuse 29/6, 2017 at 9:37

I found out that kops stores the CA key and certificate in its S3 bucket, so you can download said files like so:

aws s3 cp s3://$BUCKET/$CLUSTER/pki/private/ca/$KEY.key ca.key
aws s3 cp s3://$BUCKET/$CLUSTER/pki/issued/ca/$CERT.crt ca.crt

You need to determine the S3 bucket used by kops (i.e. $BUCKET), the name of your cluster ($CLUSTER) and the filenames of the .key and .crt files will be random.

Syracuse answered 3/7, 2017 at 13:11 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags