As a Kubernetes operator, you may want to inspect the contents of the certificate in your kubeconfig file.
This could be useful if you'd like to see the expiration date.
To inspect the cert, you can run this one-liner:
cat <path-to-kubeconfig-file> | grep client-certificate-data | cut -f2 -d : | tr -d ' ' | base64 -d | openssl x509 -text -out -
The output will look like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: <>
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = kubernetes
Validity
Not Before: Jul 28 18:55:19 2022 GMT
Not After : Jul 28 18:55:20 2023 GMT
Subject: O = system:masters, CN = kubernetes-admin
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
<>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:<>
Signature Algorithm: sha256WithRSAEncryption
<>
-----BEGIN CERTIFICATE-----
<>
-----END CERTIFICATE-----
If you're looking for the expiration date, it will be on the "Not After" line.
You can also run the following to only pull the expiration date from the data:
cat <path-to-kubeconfig-file> | grep client-certificate-data | cut -f2 -d : | tr -d ' ' | base64 -d | openssl x509 -text -out - | grep "Not After"
Please note that your results may vary if your kubeconfig contains multiple contexts with different certificates for each. This example only covers a basic kubeconfig file with one cluster context.