In this blog post, I will show you how to check certificate expiry of certificates stored in secrets.
Let’s create a self-signed certificate using openSSL,
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
Provide all the inputs for the above command, like country, common name etc. cert.pem will be created.
Create a Secret
kubectl create secret generic mycert --from-file=./cert.pem
Fetch the cert data using kubectl and check the expiry using openssl
kubectl get secret mysecret --template={{.data.crt}} |base64 --decode | openssl x509 -enddate -nooutIf certificate key in secret has DOT (.)
If the certificate has a secret with extra dot like below, (tls.crt) then you can use -o=jsonpathwith kubectl.
apiVersion: v1 data: tls.crt: <cert-data>
Get certificate info by parsing using jsonpath flag with Escape \ character as shown below,
kubectl get secret dev-goacademy-tls -o=jsonpath='{.data.tls\.crt}' |base64 --decode |openssl x509 -enddate -noout
notAfter=Mar 1 15:38:50 2023 GMT
Learn more about kubernetes, join my CKA course