How to get the expiry dates of all CA's & certificates in the PKS deployment and clusters
search cancel

How to get the expiry dates of all CA's & certificates in the PKS deployment and clusters

book

Article ID: 298609

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

This article describes how to get the expiry dates of all CA's & certificates in the PKS deployment and clusters.

Environment

Product Version: 1.6

Resolution

1. In the Ops Manager VM, set the environment variables for the Bosh CLI credentials. Get the value of “Bosh Commandline Credentials” from Director tile->Credentials->Bosh Commandline Credentials.
$ export BOSH_CLIENT=ops_manager BOSH_CLIENT_SECRET=xxxxxxxx BOSH_CA_CERT=/var/tempest/workspaces/default/root_ca_certificate BOSH_ENVIRONMENT=172.x.x.1

2. Run the following to set more needed environment variables for credhub cli to work.
$ export CREDHUB_CLIENT=$BOSH_CLIENT CREDHUB_SECRET=$BOSH_CLIENT_SECRET
$ credhub api --server $BOSH_ENVIRONMENT:8844 --ca-cert $BOSH_CA_CERT
$ credhub login

3. Run the following to get all the deployment ID’s in the foundation. For this purpose, we would only want to note down the PKS deployment (e.g., `pivotal-container-service-<uuid>`) and the cluster deployments (e.g., `service-instance_<uuid>`).
$ bosh deployments --column=name

4. For each of the deployment name from output of step 3, run the following command. Please change ‘deployment-name’ to the actual deployment name you noted down from step 3.
$ credhub export -p /p-bosh/deployment-name > deployment-name_vars.yaml

5. Download and run the shell script to get the cert & CA expiry dates from the credhub output files. The below command will output to report.txt that you can open to review.
$ ./review_yamls.sh > report.txt