Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@miry

miry/01_extract_crt.rb

Last active September 3, 2023 06:32
Show Gist options
  • Star 26 You must be signed in to star a gist
  • Fork 8 You must be signed in to fork a gist
  • Save miry/9fbb8947510294c25285bda2a6e11900 to your computer and use it in GitHub Desktop.
Save miry/9fbb8947510294c25285bda2a6e11900 to your computer and use it in GitHub Desktop.
Download ZIP
Extract certificate from the kubernetes config.
Raw
01_extract_crt.rb
require 'optparse'
require 'yaml'
require 'base64'
options = {
config_path: File.join(ENV['HOME'], '.kube', 'config'),
write_dir: File.join(ENV['HOME'], '.kube')
}
OptionParser.new do |opts|
opts.banner = "Usage: extract_crt.rb [options]"
opts.on('-s', '--source FILE_PATH', 'Path to the kube config') { |v| options[:config_path] = v }
opts.on('-d', '--destination DIR', 'Path to directory where save key and certs') { |v| options[:write_dir] = v }
end.parse!
kube_path = options[:write_dir]
file_config = File.read options[:config_path]
config = YAML.load file_config
ca = Base64.decode64 config["clusters"][0]["cluster"]["certificate-authority-data"]
File.open(File.join(kube_path, 'ca.crt'), File::CREAT|File::TRUNC|File::RDWR, 0644) do |f|
f.write(ca)
end
client_crt = Base64.decode64 config["users"][0]["user"]["client-certificate-data"]
File.open(File.join(kube_path, 'kubecfg.crt'), File::CREAT|File::TRUNC|File::RDWR, 0644) do |f|
f.write(client_crt)
end
client_key = Base64.decode64 config["users"][0]["user"]["client-key-data"]
File.open(File.join(kube_path, 'kubecfg.key'), File::CREAT|File::TRUNC|File::RDWR, 0644) do |f|
f.write(client_key)
end
Raw
02_convert_to_p12.sh
#!/bin/bash
# Would ask for password to encrypt the key
openssl pkcs12 -export -clcerts -inkey ~/.kube/kubecfg.key -in ~/.kube/kubecfg.crt -out ~/.kube/kubecfg.p12 -name "kubernetes-client"
open ~/.kube/kubecfg.p12
@migounette
Copy link

A small update with the user part... thanks for your valuable inputs...

# Extract the Cluster Certificate Authorithy
$ kubectl config view --minify --raw --output 'jsonpath={..cluster.certificate-authority-data}' | base64 -d | openssl x509 -text -out -
...

# Extract the Client Certificate
$kubectl config view --minify --raw --output 'jsonpath={..user.client-certificate-data}' | base64 -d | openssl x509 -text -out -
...

# Extract the Client Private Key
$ kubectl config view --minify --raw --output 'jsonpath={..user.client-key-data}' | base64 -d
...

For Windows user

choco install base64
choco install openssl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment