Skip to content

[tools] Add d8 tools pki certs check for control-plane certificate expiration inspection#355

Draft
AmazinMax wants to merge 4 commits into
mainfrom
feature/tools-pki-certs-check
Draft

[tools] Add d8 tools pki certs check for control-plane certificate expiration inspection#355
AmazinMax wants to merge 4 commits into
mainfrom
feature/tools-pki-certs-check

Conversation

@AmazinMax
Copy link
Copy Markdown

@AmazinMax AmazinMax commented May 19, 2026
edited
Loading

Description

Add d8 tools pki certs check to deckhouse-cli to inspect local control-plane certificate expiration using the go_lib/controlplane expiration API from the companion PR deckhouse/deckhouse#19959.

  • registers a new tools -> pki -> certs -> check command tree in d8
  • supports full-scan mode for known control-plane PKI artifacts and kubeconfig client certificates
  • supports single-file inspection for both PEM certificates and kubeconfig files
  • renders kubeadm-like output with separate sections for leaf certificates and certificate authorities
  • adds --kubeconfig-dir for non-standard layouts; by default it resolves to the parent directory of --path
  • does not restart, reconfigure, or otherwise affect critical cluster components; it only adds a local inspection command to d8

Screenshots

Full scan

image

Single-file certificate

image

Single-file kubeconfig (client certificate)

image

@AmazinMax
add check expiration cp certificates command
2e6c4ff 
Signed-off-by: Maxim Mazin <maksim.mazin@flant.com>
@AmazinMax AmazinMax requested a review from ldmonster as a code owner May 19, 2026 11:15
@AmazinMax AmazinMax changed the title add check expiration cp certificates command [tools] Add d8 tools pki certs check for control-plane certificate expiration inspection May 19, 2026
@AmazinMax
chore linter
032c1d6 
Signed-off-by: Maxim Mazin <maksim.mazin@flant.com>
@AmazinMax AmazinMax mentioned this pull request May 19, 2026
Open
4 tasks
@AmazinMax AmazinMax marked this pull request as draft May 20, 2026 08:31
@AmazinMax
remove externally managed column
14aa520 
Signed-off-by: Maxim Mazin <maksim.mazin@flant.com>
@AmazinMax AmazinMax marked this pull request as ready for review May 20, 2026 08:36
@AmazinMax AmazinMax marked this pull request as draft May 20, 2026 08:41
@AmazinMax
ignore erros on fullScanReport
72ca3b1 
Signed-off-by: Maxim Mazin <maksim.mazin@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ldmonster ldmonster Awaiting requested review from ldmonster ldmonster is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AmazinMax