kubectl-view-cert

module

v0.0.4 Latest Latest Go to latest Published: Jan 9, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lmolas/kubectl-view-cert

Links

Open Source Insights

README ¶

kubectl-view-cert

A kubectl plugin to view certificate information stored in secrets.

Installation

Use krew plugin manager to install:

kubectl krew install view-cert
kubectl view-cert --help

Usage

Output of kubectl view-cert command is json.

kubectl view-cert plugin supports standard kubectl flags.

Some specific flags have been added:

-A, --all-namespaces Query all objects in all API groups, both namespaced and non-namespaced

-E, --expired Show only expired certificates

-D, --expired-days-from-now int Show expired certificates at date in future (now plus number of days)

-S, --show-ca Show CA certificates

You can search for all certificates information stored in kubernetes.io/tls secrets.

If you use kubectx and kubens, you do not have to specify the context and the namespace. If you do not use kubectx or kubens, you have to add kubectl namespace and context flags to the command examples described in this documentation.

The following command allows browsing all certificates found in kubernetes.io/tls secrets from current namespace:

kubectl view-cert

If you want to browse all namespaces, you can do:

kubectl view-cert -A

If you want to see only expired certificates in all namespaces:

kubectl view-cert -A -E

If you want to see all certificates that will expire in 90 days in all namespaces:

kubectl view-cert -A -D 90

If you want to see all certificates with CA cert information in all namespaces:

kubectl view-cert -A -S

You can also use view-cert plugin with some arguments to browse a specific secret (secret name is the first argument). The secret will be parsed only if its type is kubernetes.io/tls. If secret type is not kubernetes.io/tls, a list of all secret keys is displayed:

kubectl view-cert mysecret

If you want to see information from a secret with a different type than kubernetes.io/tls it is possible by specifying a second argument: the secret key to read. The secret key must contain base64 pem encoded data.

kubectl view-cert mysecret mykey

By using the two argument described above, you can for example browse istio secrets like this:

kubectl view-cert istio.default cert-chain.pem

As all outputs are json, you can chain response with any jq command to narrow your search.

License

Apache 2.0. See LICENSE.

Directories ¶

Path	Synopsis
cmd
kubectl-view-cert Package main defines cobra command entrypoint	Package main defines cobra command entrypoint
internal
parse Package parse defines all necessary tools to parse base64 pem strings and retrieve x509 certificates	Package parse defines all necessary tools to parse base64 pem strings and retrieve x509 certificates

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL