1

我正在使用cfssl生成 CSR。

我有以下 json 格式

{
"CN": "ambika",
"key": {
  "algo": "ecdsa",
  "size": 256
},
"names": [
   {
       "O": "system:masters"
   }
 ]
}

root@vagrant-xenial64:~/bin# cat csr.json | cfssl genkey - | cfssljson  -bare server
2017/10/25 08:28:07 [INFO] generate received request
2017/10/25 08:28:07 [INFO] received CSR
2017/10/25 08:28:07 [INFO] generating key: ecdsa-256
2017/10/25 08:28:07 [INFO] encoded CSR

在下一步中,通过运行以下命令生成 CSR yaml blob 并将其发送到 apiserver:

root@vagrant-xenial64:~/bin# cat csr.yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
 name: ambika
spec:
  groups:
    - system:masters
    request: $(cat server.csr | base64 | tr -d "\n")
usages:
 - digital signature
- key encipherment
- client auth

root@vagrant-xenial64:~/bin# kubectl create -f csr.yaml
Error from server (BadRequest): error when creating "STDIN": CertificateSigningRequest in version "v1beta1" cannot be handled as a CertificateSigningRequest: [pos 684]: json: error decoding base64 binary 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIbE1JR01BZ0VBTUNveEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFERXdaaApiV0pwYTJFd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTdXVIbWF4bpaDU1TkpHZHh1cmN1ClQ1OU9YU0hEWUQ0d1J2S055NjlMOEkwL3RxTjF3WmRMckpYdSsxSDN5ZGp2N0FMaUJoSUh6aHRMMHd6QUN4b3AKb0FBd0NWUlLb1pJemowRUF3SURTQUF3UlFJaEFOTk9xaXFDa1lSYWgxQUFoUDQ1bWNzb09QM2p4RjIvdTB6ZgpHZW9BamhEQkFpQU55MEZkSU9vREhlZDFGd3UvTWFBditmWGJxN3V6RUdCQm9zUUFSUWFYcEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K': illegal base64 data at input byte 512

我正在关注此链接 管理集群中的 TLS 证书

4

1 回答 1

1

由于您在 yaml 文件中运行它,因此您需要在 yaml 文件中包含 based64 编码值。$(cat server.csr | base64 | tr -d "\n")

在示例页面中,他们直接在 shell 中运行它。

cat server.csr | base64 | tr -d '\n' > o像这样编码并将值包含在它将起作用的 yaml 文件中。

apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
  name: ambika
spec:
  groups:
  - system:masters
  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIbU1JR01BZ0VBTUNveEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFERXdaaApiV0pwYTJFd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTVWVLYmdpKzZHVHlhQlhDdk40S29SClRqMmFmRlUvVVZXV1Z5WHhJSnlMczhraE5pZDlRQnp0bzZHcDZESnYwTDdST1JuZnNXR2M2N0VVeXUzdU5LZ00Kb0FBd0NnWUlLb1pJemowRUF3SURTUUF3UmdJaEFJekkxOWxuR3ZueG1la1JyM28vSDI1ZWYyVklOWURlMkJZRQpaZUJiaHN1c0FpRUEyRXNWUE0xV2huZUMyMVFEL3ZIbXNnVFZqWWdVcHRPU3dSQ2lHSWZQekhjPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K
  usages:
  - digital signature
  - key encipherment
  - server auth
于 2017-10-25T13:39:47.413 回答