From 9fb5dfea473fc0857783ab10be47fa0bbb66b10f Mon Sep 17 00:00:00 2001 From: Andy Ning <andy.ning@windriver.com> Date: Thu, 3 Aug 2023 11:52:02 -0400 Subject: [PATCH] Remove kubelet server and CA certs from show-certs The kubelet server and kubelet CA certificates are not documented so they are not required to be included in show-certs.sh output. Only kubelet client certificate is required to be included. Test Plan: PASS: Run show-certs.sh, verify the output contains the status of kubelet client, as following kubelet client CERTIFICATE: ------------------------------------------ Renewal : Automatically by k8s Filename : /var/lib/kubelet/pki/kubelet-client-current.pem Subject : O = system:nodes, CN = system:node:controller-0 Issuer : CN = starlingx Issue Date : Apr 27 18:41:43 2023 GMT Expiry Date : Apr 26 18:42:00 2024 GMT Residual Time : 340d Closes-Bug: 2020507 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: I6c8c14a1c75aaaae958ea8752e69c5e82df3ef4f --- utilities/platform-util/scripts/show-certs.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/utilities/platform-util/scripts/show-certs.sh b/utilities/platform-util/scripts/show-certs.sh index 9081cca9..2b05de6f 100755 --- a/utilities/platform-util/scripts/show-certs.sh +++ b/utilities/platform-util/scripts/show-certs.sh @@ -398,10 +398,6 @@ PrintCertInfo-fromFile "etcd apiserver client certificate" "/etc/kubernetes/pki/ # kubelet client certificates PrintCertInfo-fromFile "kubelet client" "/var/lib/kubelet/pki/kubelet-client-current.pem" "${GREEN}Automatically by k8s${RESET}" -PrintCertInfo-fromFile "kubelet server" "/var/lib/kubelet/pki/kubelet.crt" "${RED}Manual${RESET}" - -cat /var/lib/kubelet/pki/kubelet.crt | sed -n '/-----END CERTIFICATE/,/END CERTIFICATE-----$/p' | tail -n +2 > $TMP_KUBELET_CA_CERT_FILE -PrintCertInfo-fromFile "kubelet CA" "$TMP_KUBELET_CA_CERT_FILE" "${RED}Manual${RESET}" "/var/lib/kubelet/pki/kubelet.crt" echo CleanUp