Hello all, I'm getting following error for the creating CSR object in the lab fo . . .

Sunit Shukla:
Hello all, I’m getting following error for the creating CSR object in the lab for test certificates API:

error: error parsing akshay-csr.yaml: error converting YAML to JSON: yaml: line 15: could not find expected ':'

The weird thing about this message is its coming from the line 15 which is in the middle of the request section where there is no need for ‘:’.

I’m just curious what to do when we face something like this? I made sure of the indentation. Also I’m using space rather than tabs for all the indentation

Any suggestions? Thanks in advance.

apiVersion: <http://certificates.k8s.io/v1|certificates.k8s.io/v1>
kind: CertificateSigningRequest
metadata:
  name: akshay
spec:
  signerName: <http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client>
  groups:
   - system:authenticated
  usages:
   - digital signature
   - key encipherment
   - server auth
  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZqQ0NBVDRDQVFBd0VURVBN
QTBHQTFVRUF3d0dZV3R6YUdGNU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJD
Z0tDQVFFQTY1U2lxVU1CQnpNT1RDNTBQaTRKeEdEbGdVWmF2cUgzVXRYcnFVZ0hJeHNrCnpZTWFK
andta3V0RzBDR2c0Z1YrR29oaldnaThmWVkvN0VEZDhNbU9Ca1k0MXRKaythSk9hRGVSRkRXdTF2
b3YKU1NFV0xzL1hrbjF3Z3E5REhBd3JYOG53S0JJaWpGQ0g5Wkl3aHpEUE15OVpZRTF3cUc2NzIr
SlgrcUtiL1RJSQppOG9PMk91ZUpHTldGZ25CWVM0NUNrTzVISkE4bnVFSGxTajNwSVk2Qm5tMjJk
YUgzZlF4ckJ1R1VzbUFBelhMCmZyZ2JUTmdURzd6SnN0cnJKN2dxWkxOT0pKSTdXUmg3ckpTRGhX
NThuaHV5Yk41bUlnQVV5MEhDTE9mZzdONUsKc08vYnRMZXdXdlhzcXdDWk92OTJSTnBWOHlvQ0E0
UjlkSnBEZDB1Tm93SURBUUFCb0FBd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBRzJCZkxBSU9X
ZVZjbGRDbkc0L0IrMFpPQkovK3JJUWNvUDB2TUY5eVJ3bHlNRjl1ajB6CjNpRlFMdzhsMlpCdGx1
NUdrNURkeTJmUzRKK1FMOXA0aXNLUldZYmFXQTZ3N3FST1lzUmE4U3pmV2VCbEgrT3oKQk5BcmRj
NUVaZzMvWFJ2alh0cHBzNW5jb1laYUZjQnRtTlc2eS9FZlVmL2paU0YxYk56bkJFalpEOWlwbzdI
aApqdkVlalZyUEREaVlPak0rYXRDWmprNzh1NVJ4a095TXRacXNiNklVSldSaVVqSXkxd3hNenhB
RFVjTndFcG8wCmM5UnRnL3BhTWtEU1dOREN1RXV3czFocE52RXNhT2hGdU1MTzZFYUMrWGVCbGxH
MGszajh0bnhlMWl5NktPOHAKL3NUN2hFRUdHZlJHN3dFUmpZQUdKNEdZTDNVWnFQc3NCaGs9Ci0t
LS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=

Mohamed Ayman:
This occurs because the encrypted key should be added as a one line but it seems that you copied it from terminal directly and this will copy the key as a separated lines.
So please copy the encrypted key to a notepad editor in your PC and copy it again to the YAML file from the editor.
Or use another method as mentiond in the following replies

Mohamed Ayman:
I hope you got it.

Mohamed Ayman:
The CertificateSigningRequest options has been updated like usages, It can have only client auth

Mohamed Ayman:
Check the following:

cat <<EOF | kubectl apply -f -
apiVersion: <http://certificates.k8s.io/v1beta1|certificates.k8s.io/v1beta1>
kind: CertificateSigningRequest
metadata:
  name: akshay
spec:
  groups:
  - system:authenticated
  request: $(cat akshay.csr | base64 | tr -d '\n')
  signerName: <http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client>
  usages:
  - client auth
EOF

Mohamed Ayman:
Check the documentation:
https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/

Sunit Shukla:
Thanks @Mohamed Ayman. I tried it today and it worked. Used the output of cat akshay.csr | base64 | tr -d ‘\n’ in the request section