Explain the openssl commands needed to get kubernetes CA certificate hash

So, I’m studying to try my first hit at CKA certification. At one of the videos I’m watching, the instructor said to execute those commands to find the CA certificate hash for k8s:

# On the Control Plane Node, you can find the CA cert hash.
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | \
openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | \
sed 's/^.* //'

Ok, this works just fine, but he didn’t explained what this command really does. Could someone explain each step? I’m not used to work with openssl command, and just reading the man for the command, things wasn’t exactly clear for me.

Best regards, Vitor Jr.

Hi,
I also tried to reproduce the command from Van Vugt’s tutorial without success. But the exact same command is included in the Kubernetes documentation so I guess we can just use it as is from there:

Also, it seems we can get the same result (or full join-command) with:

kubeadm token create --print-join-command

Cheers