I have started k3d locally. Where to find certificate-authority files i such case.
Course: https://www.educative.io/collection/10370001/5920988434792448
Lesson: https://www.educative.io/collection/page/10370001/5920988434792448/5067158017015808
k3s run a container for your cluster. All certificates are inside this container.
Keys client-ca.crt and client-ca.key are located in this container’s folder /var/lib/rancher/k3s/server/tls
Check our containers. You are looking for rancher/k3s:v1.26.4-k3s1 image based one.
docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
87b29528931e ghcr.io/k3d-io/k3d-proxy:5.5.1 "/bin/sh -c nginx-pr…" 6 days ago Up 5 hours 80/tcp, 0.0.0.0:41787->6443/tcp k3d-mycluster-serverlb
aaa24a79fbff rancher/k3s:v1.26.4-k3s1 "/bin/k3s server --t…" 6 days ago Up 5 hours k3d-mycluster-server-0
Get values of the key’s files.
This is a complete command. You can go to the container using it’s id for that.
docker exec $(docker ps | grep rancher | awk '{ print $1 }') cat /var/lib/rancher/k3s/server/tls/client-ca.crt
docker exec $(docker ps | grep rancher | awk '{ print $1 }') cat /var/lib/rancher/k3s/server/tls/client-ca.key
You can copy values of that files and create files locally for you. Or use this complete command that will substitute certificates files from the k3s container instead.
openssl x509 -req \
-in keys/jdoe.csr \
-CA <(docker exec $(docker ps | grep rancher | awk '{ print $1 }') cat /var/lib/rancher/k3s/server/tls/client-ca.crt) \
-CAkey <(docker exec $(docker ps | grep rancher | awk '{ print $1 }') cat /var/lib/rancher/k3s/server/tls/client-ca.key) \
-CAcreateserial \
-out keys/jdoe.crt \
-out keys/jdoe.crt \
-days 365
1 Like
Hi @11140
Thank you for posting this query.
I am happy to see that you have not only figured but have also discussed and listed all the steps in detail as a response to your own query which would definitely help others.
Thank you.
1 Like