Chemmy's Blog

chengming0916@gmail.com

0%

K3s导出证书

发表于 更新于 分类于 Valine: 
1
2
3
4
5
6
# 导出根证书
kubectl get secret example-secret -o jsonpath='{.data.ca\.crt}'| base64 --decode

kubectl get secret example-secret -o jsonpath='{.data.tls\.crt}'| base64 --decode

kubectl get secret example-secret -o jsonpath='{.data.tls\.key}'| base64 --decode

导出Secret

1
kubectl get secret example-secret -o yaml > example-secret.yaml

导出内容格式如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
apiVersion: v1
data:
  ca.crt: ...
  tls.crt: ...
  tls.key: ...
kind: Secret
metadata:
  annotations:
    cert-manager.io/alt-names: '...'
    cert-manager.io/certificate-name: ...
    cert-manager.io/common-name: Tianjin Pengan
    cert-manager.io/ip-sans: 192.168.0.2
    cert-manager.io/issuer-group: cert-manager.io
    cert-manager.io/issuer-kind: ClusterIssuer
    cert-manager.io/issuer-name: selfsigned-cluster-issuer
    cert-manager.io/subject-organizations: ...
    cert-manager.io/uri-sans: ""
  creationTimestamp: "2024-09-10T10:54:59Z"
  labels:
    controller.cert-manager.io/fao: "true"
  name: tjpengan-io-secret
  namespace: default
  resourceVersion: "1730340"
  uid: 1c7d877b-ed86-4a1a-ad8c-0d8466c46506
type: kubernetes.io/tls

Base64解码

1
2
3
4
5
# cert
cat example-secret.yaml | grep tls.crt | awk '{print $2}' | base64 --decode > example-secret.cert

#key
cat example-secret.yaml | grep tls.key | awk '{print $2}' | base64 --decode > example-secret.key