Mayur Sharma:
@Mumshad Mannambeth @Tej_Singh_Rana Can you please help to know how to do this inside the yaml file
Tej_Singh_Rana:
Hello, @Mayur Sharma
Simply encode first and paste that value in CSR.
cat akshay.csr | base64 | tr -d "\n"
Mayur Sharma:
@Tej_Singh_Rana thanks though I was looking for inline substitution, and want to avoid copy paste…
apiVersion: <http://certificates.k8s.io/v1|certificates.k8s.io/v1>
kind: CertificateSigningRequest
metadata:
name: myuser
spec:
groups:
- system:authenticated
request: $(cat akshay.csr | base64 | tr -d "\n")
signerName: <http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client>
usages:
- client auth
Please help if you know how to put encoded value in request using above inline commands
Mumshad Mannambeth:
Hi Mayur, I don’t think that works like that. You might need to use some templating languages or tools like Helm. Or develop local scripts that utilises eval
or something.
Mayur Sharma:
@Mumshad Mannambeth okay, if that is the case then I copy paste is cheaper option here.
Thanks!
Fernando Jimenez:
I wonder if doing the following would be faster for you. Prepare the CertificateSigningRequest by copying and pasting from documentation, and remove the value for request, leaving the the rest ready. Save into a yaml file. Then append the akshay.csr base64 like this:
base64 -i akshay.csr | tr -d "\n" >> certificatesigningrequest.yaml
Afterward, open certificatesigningrequest.yaml with vim and move that last line to the be the value of resquest.
unnivkn:
cat <<EOF | kubectl apply -f -
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
groups:
- system:authenticated
request: $(cat john.csr | base64 | tr -d “\n”)
signerName: http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client
usages: - client auth
EOF
Fernando Jimenez:
I like cat
but sometimes is over used even when it is not required. The command base64
can read a file without the external help.
request: $(base64 -i john.csr | tr -d "\n")
Mayur Sharma:
@Fernando Jimenez and @unnivkn Tried with both of your option but getting same error.
controlplane $ cat akshay-csr.yaml
apiVersion: <http://certificates.k8s.io/v1|certificates.k8s.io/v1>
kind: CertificateSigningRequest
metadata:
name: akshay
spec:
groups:
- system:authenticated
request: $(base64 -i akshay.csr | tr -d '\n')
signerName: <http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client>
usages:
- client auth
controlplane $ kubectl create -f akshay-csr.yaml
Error from server (BadRequest): error when creating "akshay-csr.yaml": CertificateSigningRequest in version "v1" cannot be handled as a CertificateSigningRequest: v1.CertificateSigningRequest.Spec: v1.CertificateSigningRequestSpec.Usages: []v1.KeyUsage: SignerName: Request: decode base64: illegal base64 data at input byte 0, error found in #10 byte of ...|-d '\\n')","signerNa|..., bigger context ...|,"request":"$(base64 -i akshay.csr | tr -d '\\n')","signerName":"<http://kubernetes.io/kube-apiserver-client%7C|kubernetes.io/kube-apiserver-client|>...
controlplane $
unnivkn:
only run this command. you don’t have to do: k apply -f explicitly.its there in the below command:
unnivkn:
ls -l akshay.csr
cat <<EOF | kubectl apply -f -
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: akshay
spec:
groups:
- system:authenticated
request: $(cat akshay.csr | base64 | tr -d “\n”)
signerName: http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client
usages: - client auth
EOF
Mayur Sharma:
@unnivkn It worked … though I had to to copy the content from K8s document in notepad , edit the request and name and then paste it in console to run.