airship/airshipctl
Code Issues Proposed changes
6076891f31
airshipctl/docs/source/cli/airshipctl_cluster_check-certificate-expiration.md
guhaneswaran20 dd03db0916 Adds command objects for cluster check-certificate-expiration 
Reference:- https://hackmd.io/aGaz7YXSSHybGcyol8vYEw
Previous work:- https://review.opendev.org/#/c/755291/

Below is the complete ordered flow of PS for the feature:
https://review.opendev.org/#/c/760498/ - Cobra command
https://review.opendev.org/#/c/760501/ - Command Objects
https://review.opendev.org/#/c/760504/ - TLS check
https://review.opendev.org/#/c/760517/ - Kubeconf check
https://review.opendev.org/#/c/760532/ - Node check
https://review.opendev.org/#/c/760537/ - Combined Unit tests

Change-Id: Ie0fac7799724b7fb2255e387b7e90b26159bda5c
Relates-To: #391
2020-11-06 13:14:21 +00:00

2.0 KiB
Raw Blame History

airshipctl cluster check-certificate-expiration

Check for expiring TLS certificates, secrets and kubeconfigs in the kubernetes cluster

Synopsis

Displays a list of certificate expirations from both the management and workload clusters, or in a self-managed cluster. Checks for TLS Secrets, kubeconf secrets (which gets created while creating the workload cluster) and also the node certificates present inside /etc/kubernetes/pki directory for each node

airshipctl cluster check-certificate-expiration [flags]

Examples


# To display all the expiring entities in the cluster
airshipctl cluster check-certificate-expiration --kubeconfig testconfig

# To display the entities whose expiration is within threshold of 30 days
airshipctl cluster check-certificate-expiration -t 30 --kubeconfig testconfig

# To output the contents to json (default operation)
airshipctl cluster check-certificate-expiration -o json --kubeconfig testconfig
or
airshipctl cluster check-certificate-expiration --kubeconfig testconfig

# To output the contents to yaml
airshipctl cluster check-certificate-expiration -o yaml --kubeconfig testconfig

# To output the contents whose expiration is within 30 days to yaml
airshipctl cluster check-certificate-expiration -t 30 -o yaml --kubeconfig testconfig

Options

  -h, --help                 help for check-certificate-expiration
      --kubeconfig string    Path to kubeconfig associated with cluster being managed
      --kubecontext string   Kubeconfig context to be used
  -o, --output string        Convert output to yaml or json (default "json")
  -t, --threshold int        The max expiration threshold in days before a certificate is expiring. Displays all the certificates by default (default -1)

Options inherited from parent commands

      --airshipconf string   Path to file for airshipctl configuration. (default "$HOME/.airship/config")
      --debug                enable verbose output

SEE ALSO