GithubHelp home page GithubHelp logo

leoh0 / kubectl-check-cert Goto Github PK

View Code? Open in Web Editor NEW
24.0 3.0 4.0 4.65 MB

kubectl-check-cert will help you find the kubernetes certificates that can be expired and check the remaining time.

Makefile 9.69% Dockerfile 1.50% Go 88.81%
kubernetes kubectl plugin expiration certification

kubectl-check-cert's Introduction

kubectl check-cert

kubectl-check-cert will help you find the kubernetes certificates that can be expired and check the remaining time.

How to use

after k8s 1.12 version

$ kubectl check-cert

or just use below (check name carefully check_cert not check-cert. See Names with dashes and underscores)

$ kubectl-check_cert

and you can also check kubelet certification

$ kubectl-check_cert --also-check-kubelet

Example

$ kubectl-check_cert --also-check-kubelet
4 / 4 [============================================================] 100.00% 5s
+--------------------+----------+----------------------------+------+-------------------------------+------------------------------------------------------+----------------------+
|        TYPE        |   NODE   |            NAME            | DAYS |              DUE              |                         PATH                         |       WARNING        |
+--------------------+----------+----------------------------+------+-------------------------------+------------------------------------------------------+----------------------+
| apiserver          | minikube | etcd-certfile              |  354 | 2020-01-10 15:52:33 +0000 UTC | /var/lib/minikube/certs/apiserver-etcd-client.crt    |                      |
| apiserver          | minikube | kubelet-client-certificate |  354 | 2020-01-10 15:52:31 +0000 UTC | /var/lib/minikube/certs/apiserver-kubelet-client.crt |                      |
| apiserver          | minikube | proxy-client-cert-file     |  354 | 2020-01-10 15:52:31 +0000 UTC | /var/lib/minikube/certs/front-proxy-client.crt       |                      |
| apiserver          | minikube | tls-cert-file              |  362 | 2020-01-18 07:29:07 +0000 UTC | /var/lib/minikube/certs/apiserver.crt                |                      |
| controller-manager | minikube | client-cert                |  362 | 2020-01-18 07:29:10 +0000 UTC | /etc/kubernetes/controller-manager.conf              |                      |
| scheduler          | minikube | client-cert                |  362 | 2020-01-18 07:29:10 +0000 UTC | /etc/kubernetes/scheduler.conf                       |                      |
| kubelet            | minikube | client-cert                |  364 | 2020-01-18 07:29:09 +0000 UTC | /etc/kubernetes/kubelet.conf                         |                      |
| kubelet            | minikube | server-cert                |  356 | 2020-01-10 14:51:39 +0000 UTC | /var/lib/kubelet/pki/kubelet.crt                     | Can be ignored this. |
+--------------------+----------+----------------------------+------+-------------------------------+------------------------------------------------------+----------------------+

Install

MacOS

curl -L https://github.com/leoh0/kubectl-check-cert/releases/download/v0.0.2/kubectl-check_cert_0.0.2_darwin_amd64.tar.gz | tar zxvf - > kubectl-check_cert
chmod +x kubectl-check_cert
sudo mv ./kubectl-check_cert /usr/local/bin/kubectl-check_cert

Linux

curl -L https://github.com/leoh0/kubectl-check-cert/releases/download/v0.0.2/kubectl-check_cert_0.0.2_linux_amd64.tar.gz | tar zxvf - > kubectl-check_cert
chmod +x kubectl-check_cert
sudo mv ./kubectl-check_cert /usr/local/bin/kubectl-check_cert

Explain certification types

Apiserver

Type Name Explain
apiserver etcd-certfile apiserver -> etcd client certification
apiserver kubelet-client-certificate apiserver -> kubelet client certification
apiserver proxy-client-cert-file front-proxy-client
apiserver tls-cert-file client -> apiserver server certification

Controller manager

Type Name Explain
controller-manager client-cert controller-manager -> apiserver client certification

Scheduler

Type Name Explain
scheduler client-cert scheduler -> apiserver client certification

Kubelet

Type Name Explain
kubelet client-cert kubelet -> apiserver client certification
kubelet server-cert apiserver -> kubelet server certification

develop

make normal build

$ make build

make static build

$ make static

make static linux/amd build

$ docker run --rm -it -v "$GOPATH":/go -v "$PWD":/app -w /app golang:1.11.5 sh -c 'make release'

Note

  • If you use --also-check-kubelet option, then it'll install daemon-set for gathering kubelet information.
  • You can safely ignore kubelet's server-cert unless you use the --kubelet-certificate-authority option in apiserver. This will appear as a message like Can be ignored this.

kubectl-check-cert's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

dennis-hong juner417 uglyliu 0xack13

kubectl-check-cert's Issues

GCP에 올리는 것에 대해서 문의 있습니다.

안녕하세요
쿠버네티스를 공부하다가 발견해서 테스트를 해보려고 했다가 어려움이 있어서 이렇게 남깁니다.

제가 윈도우를 사용해서 대신에 GCP에 설치를 하려고 Readme에 있는 linux용 설치 메뉴얼로 설치를 진행하였습니다. 하지만, Error: No Auth Provider found for name "gcp" 오류가 나면서 명령어 실행이 거부가 되었습니다.

그래서 소스코드를 로컬에 다운받아 VScode로
main.go에 _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" 만 추가하여서 디버그를 했을 때에는 문제가 없던 것으로 나왔지만, gcp에서는 go build -o kubectl-check_cert 를 통하여 코드를 빌드를 했지만, 결국 똑같은 오류가 발생하였습니다.

클라우드에 올려보고 싶은데 다른 방법이 있을까요?
제가 아직 golang에 익숙하지 않아서 놓친 것이 있을 것 같습니다.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.