我正在使用cfssl生成CSR。
我有以下json格式
{
"CN": "ambika",
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"O": "system:masters"
}
]
}
root@vagrant-xenial64:~/bin# cat csr.json | cfssl genkey - | cfssljson -bare server
2017/10/25 08:28:07 [INFO] generate received request
2017/10/25 08:28:07 [INFO] received CSR
2017/10/25 08:28:07 [INFO] generating key: ecdsa-256
2017/10/25 08:28:07 [INFO] encoded CSR
下一步
通过运行以下命令来生成CSR yaml blob并将其发送到apiserver:
root@vagrant-xenial64:~/bin# cat csr.yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: ambika
spec:
groups:
- system:masters
request: $(cat server.csr | base64 | tr -d "\n")
usages:
- digital signature
- key encipherment
- client auth
root@vagrant-xenial64:~/bin# kubectl create -f csr.yaml
Error from server (BadRequest): error when creating "STDIN": CertificateSigningRequest in version "v1beta1" cannot be handled as a CertificateSigningRequest: [pos 684]: json: error decoding base64 binary 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIbE1JR01BZ0VBTUNveEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFERXdaaApiV0pwYTJFd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTdXVIbWF4bpaDU1TkpHZHh1cmN1ClQ1OU9YU0hEWUQ0d1J2S055NjlMOEkwL3RxTjF3WmRMckpYdSsxSDN5ZGp2N0FMaUJoSUh6aHRMMHd6QUN4b3AKb0FBd0NWUlLb1pJemowRUF3SURTQUF3UlFJaEFOTk9xaXFDa1lSYWgxQUFoUDQ1bWNzb09QM2p4RjIvdTB6ZgpHZW9BamhEQkFpQU55MEZkSU9vREhlZDFGd3UvTWFBditmWGJxN3V6RUdCQm9zUUFSUWFYcEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K': illegal base64 data at input byte 512
我正在追踪这个连结
Manage TLS Certificates in a Cluster
最佳答案
由于您是在yaml文件中运行此文件,因此您需要在yaml文件中包含based64编码值。 $(cat server.csr | base64 | tr -d "\n")
在示例页面中,他们直接在 shell 中运行它。cat server.csr | base64 | tr -d '\n' > o像这样编码,并将值包含在它将起作用的yaml文件中。
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: ambika
spec:
groups:
- system:masters
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIbU1JR01BZ0VBTUNveEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFERXdaaApiV0pwYTJFd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTVWVLYmdpKzZHVHlhQlhDdk40S29SClRqMmFmRlUvVVZXV1Z5WHhJSnlMczhraE5pZDlRQnp0bzZHcDZESnYwTDdST1JuZnNXR2M2N0VVeXUzdU5LZ00Kb0FBd0NnWUlLb1pJemowRUF3SURTUUF3UmdJaEFJekkxOWxuR3ZueG1la1JyM28vSDI1ZWYyVklOWURlMkJZRQpaZUJiaHN1c0FpRUEyRXNWUE0xV2huZUMyMVFEL3ZIbXNnVFZqWWdVcHRPU3dSQ2lHSWZQekhjPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K
usages:
- digital signature
- key encipherment
- server auth
关于ssl - 使用cfssl和kubernetes生成CA证书和私钥时出错,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/46927643/