Kubernetes supports x509 client certificates for authentication against the
Kubernetes API server. The expiration of a clients certificates inside the kubeconfig can be viewed as follows with
openssl.
kubectl config view -o jsonpath='{.users[?(@.name == "admin")].user.client-certificate-data}' \
| base64 -d \
| openssl x509 -in - -noout -text