After installing OpenShift you'll find a number of certificate authorities which are used to issue ingress, api certs. Even in a test environment you will want to configure your clients to trust them. This script will extract certs from the kubeconfig into files containing a single cert so you can more easily do so.
Last active
September 29, 2023 23:17
-
-
Save dlbewley/639bc786e3eb595362bf807225570abf to your computer and use it in GitHub Desktop.
Extract OpenShift CA Certificates from Install Generated Kubeconfig
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| cat $KUBECONFIG \ | |
| | yq e '.clusters[0].cluster."certificate-authority-data"' \ | |
| | base64 -d > kubeconfig-ca-data.pem | |
| split -p "-----BEGIN CERTIFICATE-----" kubeconfig-ca-data.pem cert- | |
| for c in cert-??; do | |
| subject=`openssl x509 -in $c -noout -subject | sed 's/^.*CN[[:space:]]*=[[:space:]]*\(.*\)/\1/'` | |
| echo $subject | |
| mv $c "${subject}.pem" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment