27

I've created a Kubernetes cluster on AWS with the kops tool. I need to get hold of its certificate authority certificate and key though, how do I export these files through kops?

I've tried the following, but it fails saying that yaml output format isn't supported for secrets:

kops --state s3://example.com get secret ca -o yaml

I'm also wondering how to specify which cluster to address, as kops is just using the default kubectl context. I'm using kops version 1.6.2.

aknuds1
  • 65,625
  • 67
  • 195
  • 317
  • 5
    About the vote to close regarding the question not being about programming, the help center does state that 'software tools commonly used by programmers' is firmly within the scope of this site! I would argue that kops/kubernetes are commonly used by programmers. – aknuds1 Jun 29 '17 at 09:37

1 Answers1

35

I found out that kops stores the CA key and certificate in its S3 bucket, so you can download said files like so:

aws s3 cp s3://$BUCKET/$CLUSTER/pki/private/ca/$KEY.key ca.key
aws s3 cp s3://$BUCKET/$CLUSTER/pki/issued/ca/$CERT.crt ca.crt

You need to determine the S3 bucket used by kops (i.e. $BUCKET), the name of your cluster ($CLUSTER) and the filenames of the .key and .crt files will be random.

aknuds1
  • 65,625
  • 67
  • 195
  • 317