1
私はcfsslを使用してCSRを生成しています。私は次のステップ でJSON形式の下cfsslとkubernetesを使用してCA証明書と秘密鍵を生成する際にエラーが発生する
{
"CN": "ambika",
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"O": "system:masters"
}
]
}
[email protected]:~/bin# cat csr.json | cfssl genkey - | cfssljson -bare server
2017/10/25 08:28:07 [INFO] generate received request
2017/10/25 08:28:07 [INFO] received CSR
2017/10/25 08:28:07 [INFO] generating key: ecdsa-256
2017/10/25 08:28:07 [INFO] encoded CSR
を持って
は、CSRのYAMLブロブを生成し、次のコマンドを実行してapiserverに送信:
[email protected]:~/bin# cat csr.yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: ambika
spec:
groups:
- system:masters
request: $(cat server.csr | base64 | tr -d "\n")
usages:
- digital signature
- key encipherment
- client auth
[email protected]:~/bin# kubectl create -f csr.yaml
Error from server (BadRequest): error when creating "STDIN": CertificateSigningRequest in version "v1beta1" cannot be handled as a CertificateSigningRequest: [pos 684]: json: error decoding base64 binary 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIbE1JR01BZ0VBTUNveEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFERXdaaApiV0pwYTJFd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTdXVIbWF4bpaDU1TkpHZHh1cmN1ClQ1OU9YU0hEWUQ0d1J2S055NjlMOEkwL3RxTjF3WmRMckpYdSsxSDN5ZGp2N0FMaUJoSUh6aHRMMHd6QUN4b3AKb0FBd0NWUlLb1pJemowRUF3SURTQUF3UlFJaEFOTk9xaXFDa1lSYWgxQUFoUDQ1bWNzb09QM2p4RjIvdTB6ZgpHZW9BamhEQkFpQU55MEZkSU9vREhlZDFGd3UvTWFBditmWGJxN3V6RUdCQm9zUUFSUWFYcEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K': illegal base64 data at input byte 512
私は、このリンクを以下のい Manage TLS Certificates in a Cluster