incfly · June 3, 2019 22:41
diff --git a/istio-root-checker.sh b/istio-root-checker.sh
 #!/bin/bash

 rootcert() {
  echo "Fetching root cert from istio-system namespace..."
  kubectl get secret -n istio-system istio-ca-secret -o yaml | awk '/ca-cert/ {print $2}' | base64 --decode > ca.cert
  if [[ ! -f ./ca.cert ]]; then
    echo "failed to get cacert, check the istio installation namespace."
    return
  fi

  rootDate=$(openssl x509 -in ca.cert -noout -enddate | cut -f2 -d'=')
  rootSec=$(date -d "${rootDate}" '+%s')
  nowSec=`date '+%s'`
  remainDays=$(echo "(${rootSec} - ${nowSec}) / (3600 * 24)" | bc)

  cat << EOF
 Your Root Cert will expire after
   ${rootDate}
 Current time is
  $(date)


 ===YOU HAVE ${remainDays} DAYS BEFORE THE ROOT CERT EXPIRED!=====

 EOF
 }

 rootcert
	#!/bin/bash

	rootcert() {
	echo "Fetching root cert from istio-system namespace..."
	kubectl get secret -n istio-system istio-ca-secret -o yaml \| awk '/ca-cert/ {print $2}' \| base64 --decode > ca.cert
	if [[ ! -f ./ca.cert ]]; then
	echo "failed to get cacert, check the istio installation namespace."
	return
	fi

	rootDate=$(openssl x509 -in ca.cert -noout -enddate \| cut -f2 -d'=')
	rootSec=$(date -d "${rootDate}" '+%s')
	nowSec=`date '+%s'`
	remainDays=$(echo "(${rootSec} - ${nowSec}) / (3600 * 24)" \| bc)

	cat << EOF
	Your Root Cert will expire after
	${rootDate}
	Current time is
	$(date)


	===YOU HAVE ${remainDays} DAYS BEFORE THE ROOT CERT EXPIRED!=====

	EOF
	}

	rootcert