I've created a Kubernetes cluster on AWS with the kops tool. I need to get hold of its certificate authority certificate and key though, how do I export these files through kops?
I've tried the following, but it fails saying that yaml output format isn't supported for secrets:
kops --state s3://example.com get secret ca -o yaml
I'm also wondering how to specify which cluster to address, as kops is just using the default kubectl context. I'm using kops version 1.6.2.
I found out that kops stores the CA key and certificate in its S3 bucket, so you can download said files like so:
aws s3 cp s3://$BUCKET/$CLUSTER/pki/private/ca/$KEY.key ca.key
aws s3 cp s3://$BUCKET/$CLUSTER/pki/issued/ca/$CERT.crt ca.crt
You need to determine the S3 bucket used by kops (i.e. $BUCKET), the name of your cluster ($CLUSTER) and the filenames of the .key and .crt files will be random.