毎回忘れてしまうので。
まず、こんな感じでkubeconfigがあると、certificate-authority-data
にSSLの証明書のpemファイルがbase64でエンコードされている。
$ cat kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRRENDQWlpZ0F3SUJBZ0lJTjVUdTRXdVdkSVV3RFFZSktvWklodmNOQVFFTEJRQXdQakVTTUJBR0ExVUUKQ3hNSmIzQmxibk5vYVdaME1TZ3dKZ1lEVlFRREV4OXJkV0psTFdGd2FYTmxjblpsY2kxc2IyTmhiR2h2YzNRdApjMmxuYm1WeU1CNFhEVEkwTURJeU1EQTBOVFV6TjFvWERUTTBNREl4TnpBME5UVXpOMW93UGpFU01CQUdBMVVFCkN4TUpiM0JsYm5Ob2FXWjBNU2d3SmdZRFZRUURFeDlyZFdKbExXRndhWE5sY25abGNpMXNiMk5oYkdodmMzUXQKYzJsbmJtVnlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTFDT2tDbTVzL1poaQpDVDN2SVdUTXBremlkOEpCZ2hkbUZ3TnBKaFR0OXQ3d2ZYZzVpTEgvdTRHeHkrZ3pVRW9HT2RJS0g3RnA2ZStzCmJSSGVUelIvOWk2blNTSnV1Qkh3WmY1d2RKak9Ec0xnWUppUjJYbk1WbmFPZURTMFlrczZzS0ZvOUpWTitPWk8KUHlvVUxSSnJ3RzVkejZDdm1aRmhza2M2bTBIdlBhNzBhWlNKZjdEdS84MEQ0L3EyN1ZWeFhiYkQ1N3JyTVJJcwpQbEVjdDNoRnNNcHNQdmljV3VNaVVpUGdHS2RJd05vK25xR3VRNWdQRXZveW5MUjRra2dPN3VLczRhWlZqT1NvCnhMZ0VHL2g5S1JUWW9KajNKSlpnRlcrTGVLcjZqbmc2ZFp1QlkwOWF6OHVMTkNoc2V6d3o5TXRxbjRwS3BwUnkKN3dqTUJzcGZjUUlEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQgovekFkQmdOVkhRNEVGZ1FVbVlZTitSSUQva2JnNnBCQkJFYnM4bkRPMTRBd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSzJXTHZiUCtHNFlPWmtPMXZXUW9qeURHOURiM1cwTVMvSkVJMzdaSWYrekhMK1BMdWQwN0tvSWc5ak0KdTlCOVk3NXVaeldNeUsweUhhTkhJc1pRMWdOV2laTGlmK2lzNXJQNmIwaGhxVS82bVFSeXVzeWFRZEc1QVJzTApHZVJtdVViakU2aGZPTFVhMEtabEpQb1lMNlZaVVBHSUxrZGprSXV4eWJsOFBxaXJwamZFOEw3OUJYSis3STgzCkluUWgwZEpCeWJSb0xFS1V2UkNHRkN1dVRkaEl2RG9SSEplQVErZHJaVXJ6NUVwV1RQOTg1cUYxMGpQTzhEZGcKY29VZjluZDJaTUxCRzRrRG51KzBCTEJRMHVGb1NJaWljVVZ3QWZsM0VDTUljbWsvUnduUko3b3p6NjRuRU1SNwpJWlUzK1NrTTYvZ1pxWnpLSE1FZ2lMdHRLbDg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURURENDQWpTZ0F3SUJBZ0lJQng2QmtaTjFvRTB3RFFZSktvWklodmNOQVFFTEJRQXdSREVTTUJBR0ExVUUKQ3hNSmIzQmxibk5vYVdaME1TNHdMQVlEVlFRREV5VnJkV0psTFdGd2FYTmxjblpsY2kxelpYSjJhV05sTFc1bApkSGR2Y21zdGMybG5ibVZ5TUI0WERUSTBNREl5TURBME5UVXpPRm9YRFRNME1ESXhOekEwTlRVek9Gb3dSREVTCk1CQUdBMVVFQ3hNSmIzQmxibk5vYVdaME1TNHdMQVlEVlFRREV5VnJkV0psTFdGd2FYTmxjblpsY2kxelpYSjIKYVdObExXNWxkSGR2Y21zdGMybG5ibVZ5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQwpBUUVBc0tzSStrNjByOXJISFJZWGRlMWRNSEszR25XdHE5aC84cWRuMk9ZZ2pmUWxVdldPajN2R1JMWVU3eEtUCmN4U0pUQ2ZXZTRiRE5STjlYNG9kbTNJV05TNlNXai9hQmRPUTg0WVh4MDk0ajBycTNJenBRaW9EL2hqQkJOcGwKN1BhZElwVUxwUzNHQmFKNnRVZVhFK0FUVWZtK00wb2Z1WllLWE40aDlwaEhZelZBSWhuZ0xFUjEvQmQvaXE2TwozSkJKOWIxeE1XdkRXVnVBNGxPN0tnUUdwZzY2OEJsQmd5UGNheE81ZDJUNHR1Y1BEdVJpU3JGMDJ1b3lOUDI0CnpRVXFmZjJEbXBiWTMyRmRSK1NCUUNSTEtaQUJZcCtwZHVMUzgzUkoySngwTHNHUFY5a3BwWkY5aHFkc0lnWHcKRXpwWUZ5T3R4SWdkektDb1BROEpGeVZLK3dJREFRQUJvMEl3UURBT0JnTlZIUThCQWY4RUJBTUNBcVF3RHdZRApWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXk4eTRWckRwT0xaSzdUVllQbC8rL3o1QXJOWXdEUVlKCktvWklodmNOQVFFTEJRQURnZ0VCQUpzTlZXRWc0WHV4U0NQLzNGemZLUjRDendLMi9yRk5LbHBUWGRKeFNDblMKMkNaNHdTZEdrM2NsNUk1SDVOVEFjWXhoNG9SWFFqbDVEeGtiMTJwdXErUklESjg2ZUU1aXpYWC8vcFVQSDZGQgpYbWdDSjNRb0lYa0tUbmRXUzVlYzlibk1uTXlqNnVXRUFxY0lmZE1WWUV6OUxwWW5OWmpTVUVqbWxzUDIvSkZjCnNUTmhoL2k0NUpzZmUxNFlqd0dTWDBUU1ZxbmhVRERpOFNMN0ZNcTdOZS8xbUVERmlXS01oamxOVmFSZFdQN2MKOHlFS1hOanR2VkJWb04yRm5OUUl0NDE4VXRNT2llcktPYjBScTJ5SXdxSnBRazE5MTM4elRLUTJUWnd6UU1INQprQjc2ZmRQcjVtekFLRzJhLzlWRzltOExKZ3hSYUpMOG9GeGdhNDNBeXRvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlETWpDQ0FocWdBd0lCQWdJSU1VeGtORDNzT3JZd0RRWUpLb1pJaHZjTkFRRUxCUUF3TnpFU01CQUdBMVVFCkN4TUpiM0JsYm5Ob2FXWjBNU0V3SHdZRFZRUURFeGhyZFdKbExXRndhWE5sY25abGNpMXNZaTF6YVdkdVpYSXcKSGhjTk1qUXdNakl3TURRMU5UTTRXaGNOTXpRd01qRTNNRFExTlRNNFdqQTNNUkl3RUFZRFZRUUxFd2x2Y0dWdQpjMmhwWm5ReElUQWZCZ05WQkFNVEdHdDFZbVV0WVhCcGMyVnlkbVZ5TFd4aUxYTnBaMjVsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtkY2hUOXVKYkJBbHcrQzlmNlB1ZUg0K1piRTJyUTQKOG10Kzh2ZnoyMHFYR2lmMDdkOW9zNlFBVHdIRFoxMFpjSDJVc0NYckF0NVNGNlhhYmRUcGRWeFIydlNpcElacgozTWx2bllxQ0p1N2VKNnpBK2ZpMHhORWpBemR1SkoxK1hGaFJhOUtBbUk0N3JVbHMreGI2YldCTWdMQ0M1dGgxCm1FRDJvYWRZZTAyZW9pNG9OOEdTTUhTVldqNHJWdDQxaDdaa3JKQmdGMVJIeVhmZ0xFWFNSQVZlRFFzc0Y1UEgKSHg2RjdGZmR4YjRiRlB4bUV4aHRCRjFZaFdjWUx3SW5oeHlkTTUvWC9JU3NNU1hJVEo4MVh6b3BaMkVVSzJGZwpuSzNHQldlTDlXU3dadDJlK3dsWjB4Tk1ia1RtYUVmMk5pdUZKdzJxVVhOWWhSUGNqOURJalZzQ0F3RUFBYU5DCk1FQXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZEcVMKem15MkZnTWF6MGRWa2lDYXlEWTNLbjZhTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBUTZKaUdjZUVCOW5yMgpjalhmZDJzSXlUTUJNSFZ0RnF5SEpxV3diQmVmTzJhQXZZcWdyY2JKeTR6anhaQ0ZIQ083UDlEbyt6NnlzdkgzCllqV0NQQ3lrMnRtVzRQY1I5dzQrajVMN2M0QjdKc2tYYlBhRkNOR29kOUdINE9kNkFOUnl0cm9CaENjcFZtZU8KRlF3WVBGWG0xZERTdGxGaTlnY2ZnQUJPRi8xYVBKejVVaGNPMEpkMG5zbFB4U0NQaGFmK2FFT3YrTWRFZzNnKwppKzJGdml6S1paaVBpcU1KamZlNG9hSXU1MVZESUQ3ekY3U2pTWXBQY2Y5QVNJT0p3VDNOL0UvZEFYWUFUZlJLCmFjWno0RDJBVFY3TC9XZzZMcTFOVktVZnJlSU9pUVRKYjJ3SW82bEJGeE42UVVxbWJUMjJKbWx6dkVTUXNmQWcKVWVHWWxBd0sKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
(snip)
これをbase64でデコードする。
$ echo LS0tLS1CRUdJTiBDRVS...(snip)...0VSVElGSUNBVEUtLS0tLQo= | base64 -d > test.pem
これをopensslに-noout -subject -dates
とか-enddate -noout
とかのオプションを付けて実行すればnotAfter
にexpiration dateが表示される。
openssl x509 -noout -subject -dates -in test.pem
subject=OU = openshift, CN = kube-apiserver-localhost-signer
notBefore=Feb 20 04:55:37 2024 GMT
notAfter=Feb 17 04:55:37 2034 GMT