How to Check the Sunpike and Cluster Certificate Details?

Problem

How to Check the Sunpike and Cluster Certificate Details in LTS1 setup.

Environment

Platform9 Edge Cloud - v-5.3.

Procedure

Sunpike Certificates

Use below mentioned steps to check the TTL value of Sunpike CA.

Inside DU VM
    
# export VAULT_TOKEN=$(mysql qbert -Bse "SELECT credential_value FROM qbert_secrets where credential_name='root_token'")# export VAULT_ADDR=http://127.0.0.1:8200# /usr/local/bin/vault read pki/roles/sunpike | grep ttlmax_ttl                               8760h ttl
Copy

Use below mentioned steps to check the certificate of Sunpike:

Inside DU VM
    
 
vault read pki/cert/ca -format=json | jq -r '.data.certificate'
Copy

Use below mentioned steps to check the certificate of Sunpike:

Inside DU VM
    
 
# docker exec -ti sunpike-kube-apiserver /bin/bash# curl -kv https://127.0.0.1:6443
Copy

Cluster Certificates

Use below mentioned steps to check the TTL value of Cluster CA.

Inside DU VM
    
 
# cat /etc/vault/server.hcl | grep ttlOr# cat /etc/pf9-vault.d/server-config.hcl | grep ttl
Copy

Use below mentioned steps to check the certificate of Sunpike:

Inside DU VM
    
​x
    
# export VAULT_TOKEN=$(mysql qbert -Bse "SELECT credential_value FROM qbert_secrets where credential_name='root_token'")# export VAULT_ADDR=http://127.0.0.1:8200​# /usr/local/bin/vault  read pki/cert/ca -format=json | jq -r '.data.certificate' > ca.cert# cat ca.cert | openssl x509 -noout -dates
Copy

To know the current cluster certificate expiry you can try below steps:

Master node
    
 
# openssl x509 -in /etc/pf9/kube.d/certs/kubelet/apiserver/request.crt -text -noout
Copy

Last updated on

Was this page helpful?