Kubectl View Cert Save

kubectl krew plugin to view certificate information stored in secrets

Project README

kubectl-view-cert

A kubectl plugin to view certificate information stored in secrets.

Installation

Use krew plugin manager to install:

kubectl krew install view-cert
kubectl view-cert --help

Usage

Output of kubectl view-cert command is json.

kubectl view-cert plugin supports standard kubectl flags.

Some specific flags have been added:

-A, --all-namespaces Query all objects in all API groups, both namespaced and non-namespaced

-E, --expired Show only expired certificates

-D, --expired-days-from-now int Show expired certificates at date in future (now plus number of days)

-S, --show-ca Show CA certificates

You can search for all certificates information stored in kubernetes.io/tls secrets.

If you use kubectx and kubens, you do not have to specify the context and the namespace. If you do not use kubectx or kubens, you have to add kubectl namespace and context flags to the command examples described in this documentation.

The following command allows browsing all certificates found in kubernetes.io/tls secrets from current namespace:

kubectl view-cert

If you want to browse all namespaces, you can do:

kubectl view-cert -A

If you want to see only expired certificates in all namespaces:

kubectl view-cert -A -E

If you want to see all certificates that will expire in 90 days in all namespaces:

kubectl view-cert -A -D 90

If you want to see all certificates with CA cert information in all namespaces:

kubectl view-cert -A -S

You can also use view-cert plugin with some arguments to browse a specific secret (secret name is the first argument). The secret will be parsed only if its type is kubernetes.io/tls. If secret type is not kubernetes.io/tls, a list of all secret keys is displayed:

kubectl view-cert mysecret

If you want to see information from a secret with a different type than kubernetes.io/tls it is possible by specifying a second argument: the secret key to read. The secret key must contain base64 pem encoded data.

kubectl view-cert mysecret mykey

By using the two argument described above, you can for example browse istio secrets like this:

kubectl view-cert istio.default cert-chain.pem

As all outputs are json, you can chain response with any jq command to narrow your search.

License

Apache 2.0. See LICENSE.

Open Source Agenda is not affiliated with "Kubectl View Cert" Project. README Source: lmolas/kubectl-view-cert

Stars

Open Issues

Last Commit

2 weeks ago

Repository

lmolas/kubectl-view-cert

License

Apache-2.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/kubectl-view-cert"><img src="https://www.opensourceagenda.com/projects/kubectl-view-cert/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022