Get kube-admin kubeconfig and certificates from cluster.rkestate

get-kube-admin-kubecfg-certs-from-cluster-rkestate.md

Get kube-admin kubeconfig and certificates from cluster.rkestate

See how to retrieve cluster.rkestate from controlplane node here: https://gist.github.com/superseb/e9f2628d1033cb20e54f6ee268683a7a

Get kube-admin kubeconfig from cluster.rkestate

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".config' > kube-admin-kubeconfig.yml

Get keys

kube-admin.pem

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".certificatePEM' > kube-admin.pem

kube-admin-key.pem

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".keyPEM' > kube-admin-key.pem

kube-ca.pem

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-ca".certificatePEM' > kube-ca.pem

Test using curl

curl --cert kube-admin.pem --key kube-admin-key.pem --cacert kube-ca.pem https://localhost:6443

Extra: get kube-admin kubeconfig straight from controlplane node

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .currentState.certificatesBundle.\"kube-admin\".config' > kube-admin-kubecfg.yaml

This saved me! Thank you, a lot!

thank you so much for this!