openssl把证书变成pkcs12格式

openssl把证书变成pkcs12格式

需求

只有kubeconfig，java如何使用它把变成证书呢？变成证书又怎么调用k8s的api呢？

1. 变成证书

kubeconfig_to_cert.sh

# cat kubeconfig_to_cert.sh
export clientcert=$(grep client-cert ~/.kube/config |cut -d" " -f 6)
echo $clientcert
export clientkey=$(grep client-key-data ~/.kube/config |cut -d" " -f 6)
echo $clientkey
export certauth=$(grep certificate-authority-data ~/.kube/config |cut -d" " -f 6)
echo $certauth
echo $clientcert | base64 -d > ./client.pem
echo $clientkey | base64 -d > ./client-key.pem
echo $certauth | base64 -d > ./ca.pem

# kubectl config view |grep server
IP=$(kubectl config view |grep server | cut -d ' ' -f 6)
curl --cert ./client.pem \
--key ./client-key.pem \
--cacert ./ca.pem \
${IP}/api/v1/namespaces

这样就有证书了

drwxr-x---   15 xiaoyu  staff    480  7 18 18:34 .
drwxr-xr-x+  56 xiaoyu  staff   1792  7 18 20:19 ..
-rw-r--r--    1 xiaoyu  staff   2677  7 18 18:29 ca.pem
drwxr-x---    4 xiaoyu  staff    128  5  6 20:44 cache
-rw-r--r--    1 xiaoyu  staff   1679  7 18 18:29 client-key.pem
-rw-r--r--    1 xiaoyu  staff   1294  7 18 18:29 client.pem
-rw-r--r--@   1 xiaoyu  staff   8899  7 18 14:56 config  
drwxr-x---  172 xiaoyu  staff   5504  7 16 19:49 http-cache
-rw-r--r--    1 xiaoyu  staff    587  7 14 21:25 kubeconfig_to_cert.sh 
 x

2. 证书变成java使用的证书

openssl pkcs12 -name "xiaolixi" -export -out xiaolixi.p12 -inkey client-key.pem -in client.pem -certfile ca.pem

3. 调用k8s api

https://editor.csdn.net/md/?articleId=118882266