Here are several examples demonstrating the usage of kubectl certificate:
Example 1: Creating a Certificate Signing Request (CSR)
To request a new certificate from a Certificate Authority (CA), you can use:
kubectl certificate create csr my-csr --namespace=default --host=example.com
This command generates a CSR for the host “example.com” within the default namespace.
Example 2: Approving a Certificate Signing Request
After creating a CSR, you need to approve it before obtaining a certificate:
kubectl certificate approve my-csr --namespace=default
This approves the CSR named “my-csr” in the default namespace.
Example 3: Listing Certificate Signing Requests
To view all pending CSRs in the cluster:
kubectl certificate list csr --namespace=default
This command lists all CSRs awaiting approval in the default namespace.
Example 4: Inspecting a Certificate
To inspect details of a specific certificate:
kubectl certificate describe certificate my-cert --namespace=default
This provides detailed information about the certificate “my-cert” in the default namespace.
Example 5: Renewing a Certificate
To renew an expiring certificate:
kubectl certificate renew my-cert --namespace=default
This renews the certificate named “my-cert” in the default namespace.
Example 6: Revoking a Certificate
To revoke a compromised certificate:
kubectl certificate revoke my-cert --namespace=default --reason=compromised
This revokes the certificate “my-cert” in the default namespace due to compromise.
Example 7: Deleting a Certificate
To delete an existing certificate:
kubectl certificate delete my-cert --namespace=default
This deletes the certificate “my-cert” from the default namespace.
Example 8: Checking Certificate Expiry
To check when a certificate will expire:
kubectl certificate get-expiry my-cert --namespace=default
This retrieves the expiry date of the certificate “my-cert” in the default namespace.
Example 9: Rotating Certificates
To rotate certificates periodically:
kubectl certificate rotate --all --namespace=default
This rotates all certificates in the default namespace to maintain security.
Example 10: Verifying Certificate Installation
To ensure a certificate is properly installed:
kubectl certificate verify my-cert --namespace=default
This command verifies the installation and configuration of the certificate “my-cert” in the default namespace.
To verify if a command executed successfully, you can typically check for output directly in the terminal or use subsequent kubectl commands to inspect or verify the state of resources affected by the certificate operations.
Also check similar articles.
Implement Auto-Scaling in Kubernetes with kubectl autoscale
Scaling Kubernetes Deployments with kubectl scale
Manage Resource Rollouts with kubectl rollout
Efficiently Delete Kubernetes Resources with kubectl delete
Comprehensive Guide to kubectl get Command
Discussion about this post