Reputation: 12352
How do I obtain Kubernetes CA Certificate?
I am setting up Vault in Kubernetes and enabling the Kubernetes Auth method. It needs the Kubernetes CA Certificate. How do I obtain that? I couldn't find much on duckduckgo's search results.
Running kubernetes inside Docker for mac on MacOS Mojave:
Thank you.
Upvotes: 7
Views: 13658
Answers (3)
Reputation: 316
Unfortunately, the "get secret" way is not working anymore (from the release 1.24 there aren't auto-generated secrets).
In GKE clusters, I've found this way to get the ca certificate:
kubectl get cm kube-root-ca.crt -o jsonpath="{['data']['ca\.crt']}"
Upvotes: 9
Reputation: 3832
This can be found in your kube-system (or any other) namespace by running the following on your default-token secret:
kubectl get secret <secret name> -n <namespace> -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
To find the secret name run kubectl get secret -n kube-system and find the secret that starts with default-token.
This will give you something like:
-----BEGIN CERTIFICATE-----
XXXXXXX
XXXX....
-----END CERTIFICATE-----
When you are entering this certificate, make sure to enter the BEGIN and END header and footer.
Upvotes: 9
Related Questions
- How to use Kubernetes SSL certificates
- Vault On GKE - x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
- Store KOPS CA key and certificate in Vault
- Error getting keypair for CA issuer: certificate is not a CA
- How do you add a certificate authority (CA) to k8s?
- Kubernetes - cert-manager - Hashicorp Vault - Ready status of certificate is blank
- Kubernetes - cert-manager - error while creating the issuer that uses Hashicorp Vault
- How to get Certificate running Kubernetes cert-manager
- Unable to authenticate user in Kubernetes using x509 certs
- CA Certificate and JWT tokens on kubernetes