See how to retrieve cluster.rkestate
from controlplane node here: https://gist.github.com/superseb/e9f2628d1033cb20e54f6ee268683a7a
cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".config' > kube-admin-kubeconfig.yml
kube-admin.pem
cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".certificatePEM' > kube-admin.pem
kube-admin-key.pem
cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".keyPEM' > kube-admin-key.pem
kube-ca.pem
cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-ca".certificatePEM' > kube-ca.pem
Test using curl
curl --cert kube-admin.pem --key kube-admin-key.pem --cacert kube-ca.pem https://localhost:6443
docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .currentState.certificatesBundle.\"kube-admin\".config' > kube-admin-kubecfg.yaml