From 71d493bf94a3f8514c6aadcfdb304be3e7686424 Mon Sep 17 00:00:00 2001 From: wushka00 <34586841+wushka00@users.noreply.github.com> Date: Wed, 14 Feb 2024 08:00:15 +1100 Subject: [PATCH 1/3] Update troubleshoot-kubectl.md In this section - I found the provided commands didn't generate the desired results. The proposed commands seem to work for me. Validated with: kubectl version Client Version: v1.28.6 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.28.6 openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) base64 (GNU coreutils) 8.32 --- .../debug/debug-cluster/troubleshoot-kubectl.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md b/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md index 2166d204b3..f1565d3c04 100644 --- a/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md +++ b/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md @@ -123,23 +123,23 @@ directory. The `certificate-authority` attribute contains the CA certificate and Verify the expiry of these certificates: ```shell -openssl x509 -noout -dates -in $(kubectl config view --minify --output 'jsonpath={.clusters[0].cluster.certificate-authority}') +kubectl config view --flatten --output 'jsonpath={.clusters[0].cluster.certificate-authority-data}' | base64 -d | openssl x509 -noout -dates ``` output: ```console -notBefore=Sep 2 08:34:12 2023 GMT -notAfter=Aug 31 08:34:12 2033 GMT +notBefore=Feb 13 05:57:47 2024 GMT +notAfter=Feb 10 06:02:47 2034 GMT ``` ```shell -openssl x509 -noout -dates -in $(kubectl config view --minify --output 'jsonpath={.users[0].user.client-certificate}') +kubectl config view --flatten --output 'jsonpath={.users[0].user.client-certificate-data}'|base64 -d | openssl x509 -noout -dates ``` output: ```console -notBefore=Sep 2 08:34:12 2023 GMT -notAfter=Sep 2 08:34:12 2026 GMT +notBefore=Feb 13 05:57:47 2024 GMT +notAfter=Feb 12 06:02:50 2025 GMT ``` ## Verify kubectl helpers @@ -155,4 +155,4 @@ kubectl config view ``` If you previously used a helper tool (for example, `kubectl-oidc-login`), ensure that it is still -installed and configured correctly. \ No newline at end of file +installed and configured correctly. From 85fe916165af04f2126cf8eba83c728a140f8fc8 Mon Sep 17 00:00:00 2001 From: wushka00 <34586841+wushka00@users.noreply.github.com> Date: Wed, 14 Feb 2024 08:54:50 +1100 Subject: [PATCH 2/3] Update content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md Thanks and agreed regarding format change. Co-authored-by: Sean McGinnis --- .../en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md b/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md index f1565d3c04..e62a16e673 100644 --- a/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md +++ b/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md @@ -133,7 +133,7 @@ notAfter=Feb 10 06:02:47 2034 GMT ``` ```shell -kubectl config view --flatten --output 'jsonpath={.users[0].user.client-certificate-data}'|base64 -d | openssl x509 -noout -dates +kubectl config view --flatten --output 'jsonpath={.users[0].user.client-certificate-data}'| base64 -d | openssl x509 -noout -dates ``` output: From 6ea106744e4c056b982d987f430dc02281bbfd91 Mon Sep 17 00:00:00 2001 From: wushka00 <34586841+wushka00@users.noreply.github.com> Date: Sun, 21 Apr 2024 14:37:30 +1000 Subject: [PATCH 3/3] Update troubleshoot-kubectl.md Included reference to additional tools in TLS problems. --- .../en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md b/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md index e62a16e673..3acfc96102 100644 --- a/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md +++ b/content/en/docs/tasks/debug/debug-cluster/troubleshoot-kubectl.md @@ -112,6 +112,7 @@ Verify the status of the load balancer (if used) to ensure it is healthy and for traffic to the API server. ## TLS problems +* Additional tools required - `base64` and `openssl` version 3.0 or above. The Kubernetes API server only serves HTTPS requests by default. In that case TLS problems may occur due to various reasons, such as certificate expiry or chain of trust validity.