Skip to content

Instantly share code, notes, and snippets.

@naishe

naishe/get-kube-admin-kubecfg-certs-from-cluster-rkestate.md

Forked from superseb/get-kube-admin-kubecfg-certs-from-cluster-rkestate.md
Created April 4, 2023 15:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save naishe/7b2f4a8f9b8b2b6af830e6c3015d95cf to your computer and use it in GitHub Desktop.
Save naishe/7b2f4a8f9b8b2b6af830e6c3015d95cf to your computer and use it in GitHub Desktop.
Download ZIP
Get kube-admin kubeconfig and certificates from cluster.rkestate
Raw
get-kube-admin-kubecfg-certs-from-cluster-rkestate.md

Get kube-admin kubeconfig and certificates from cluster.rkestate

See how to retrieve cluster.rkestate from controlplane node here: https://gist.github.com/superseb/e9f2628d1033cb20e54f6ee268683a7a

Get kube-admin kubeconfig from cluster.rkestate

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".config' > kube-admin-kubeconfig.yml

Get keys

kube-admin.pem

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".certificatePEM' > kube-admin.pem

kube-admin-key.pem

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".keyPEM' > kube-admin-key.pem

kube-ca.pem

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-ca".certificatePEM' > kube-ca.pem

Test using curl

curl --cert kube-admin.pem --key kube-admin-key.pem --cacert kube-ca.pem https://localhost:6443

Extra: get kube-admin kubeconfig straight from controlplane node

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .currentState.certificatesBundle.\"kube-admin\".config' > kube-admin-kubecfg.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment