Issue
While working with cert-manager and Let’s Encrypt I noticed the ca.crt field was empty but the tls.crt included the full chain so I ventured in to Google to find the simplest way to update it. Here it goes:
Solution
Extract the CA out of the full chain that’s saved in the tls.crt field.
kubectl patch secret \
-n <namespace> <secret name> \
-p="{\"data\":{\"ca.crt\": \"$(kubectl get secret \
-n <namespace> <secret name> \
-o json -o=jsonpath="{.data.tls\.crt}" \
| base64 -d | awk 'f;/-----END CERTIFICATE-----/{f=1}' - | base64 -w 0)\"}}"Cheers!
Source: github.com/cert-manager