K
Q

How do I get the certificate authority certificate/key from a cluster created by kops?

6/29/2017

I've created a Kubernetes cluster on AWS with the kops tool. I need to get hold of its certificate authority certificate and key though, how do I export these files through kops?

I've tried the following, but it fails saying that yaml output format isn't supported for secrets:

kops --state s3://example.com get secret ca -o yaml

I'm also wondering how to specify which cluster to address, as kops is just using the default kubectl context. I'm using kops version 1.6.2.

-- aknuds1
certificate-authority
kops
kubernetes
ssl
ssl-certificate

Similar Questions

When I use kuernets to execute kubectl create -f redis-master-controller.yaml
Why my worker node fails after submitting topology?
Accessing docker container over https on Azure subdomain
jhipster kubectl - unable to decode " ": Object 'Kind' is missing

1 Answer

7/3/2017

I found out that kops stores the CA key and certificate in its S3 bucket, so you can download said files like so:

aws s3 cp s3://$BUCKET/$CLUSTER/pki/private/ca/$KEY.key ca.key
aws s3 cp s3://$BUCKET/$CLUSTER/pki/issued/ca/$CERT.crt ca.crt

You need to determine the S3 bucket used by kops (i.e. $BUCKET), the name of your cluster ($CLUSTER) and the filenames of the .key and .crt files will be random.

-- aknuds1
Source: StackOverflow