Something is definitely wrong with your request
line.
Your error goes from(most probably, am not sure!!, seems) from the wrong encoded data copy pasted data.
You can find really a lot of similar examples, like Kubernetes doesnt create certificates
reproduced your minor example, seems everything work.
To reproduce I used Create CertificateSigningRequest official documentation page
Small remark: There is a v1 apiversion in official doc - I wasnt able to create CertificateSigningRequest
with it, so I had to back to apiVersion: certificates.k8s.io/v1beta1
one.
The error I received using apiVersion: certificates.k8s.io/v1
was
error: unable to recognize "sr.yaml": no matches for kind "CertificateSigningRequest" in version "certificates.k8s.io/v1"
So, basically,
$ openssl genrsa -out vit.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
............................................................................................................................+++++
........+++++
e is 65537 (0x010001)
$ openssl req -new -key vit.key -out vit.csr
...
$ cat vit.csr | base64 | tr -d "
"
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lqQ0NBWElDQVFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeApJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNZmZFSitFTjZ3Wjd5emV4WjA4aUtQOWhUYWVzSjh1cWt3U1NsU1QKdXhVbDlyci85YnA2OTd3Ky9lQXRVTlF6ajlWNGQvUnhLSG0rMkVhWDllaGowN0NBZlJRRFEvV284dW1tLS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lqQ0NBWElDQVFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeApJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNZmZFSitFTjZ3Wjd5emV4WjA4aUtQOWhUYWVzSjh1cWt3U1NsU1QKdXhVbDlyci85YnA2OTd3Ky9lQXRVTlF6ajlWNGQvUnhLSG0rMkVhWDllaGowN0NBZlJRRFEvV284dW1tUzRMZAo1UEtoNmVxMmdvMWJkNDRzQmpwaFk4encwK1UyQXdZMElPbitCcm9weWdGMVlCWWFkcHYzSnBXQVpqb2g2NFBuCmY0WThFNmptd0lnYlpTcXhlcTdDaUEwSDNHZDg1L0s4em5hWlFuYWZ2Q3E2Umc4SitsS2Z0RnN3QWdpL1BjSlgKWExYekRCdSs4OERacENJT0Rjek9MejZIYmhBMk1GK2tXN0RFTlJIZ29EenJZNHdNNGxGdVNpWGlPSVE2L01GVApuSmU5b1dNbFpNMjErNFpsQUN5RElZUnhwQmZQNlBBKzhoWEJJaGk4R09OK2ZiY0NBd0VBQWFBQU1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUUNlM1JyaEdoSWV4dWR5b2ljNjA0c0dGOTdNcExqV0Y0RVUwK0dOWGY5WWIzRHIKb2NsRG91OFVZQjhVTlpaTW1lc21xZUozdEVKQ3I2cE1mMWI4U09vOHhzYXdiR3NHZHlRdzJ5RWJvemdtWDR1bwphKy9aVjkyNUkwYVkwNGFGOW52QmVYSDBLbnh0RG9FdG8rOVVnVFoxLzV6ZVZOWGIrNnl0K1R6bVowOCtQbm4vCkhmUVMvdmtrVTdtNnRxNjQxbTJKUGlCK0Y4MnZyenM4NithS2gvYUk0ODJ2VXdjUzFrUnlLTEs0ZUVkOGNUUEQKWHdEVk9selhQcTVuMFh5ZUorcnlHY0dRYVpKb291TytVdUpXVnlCN0dYZnd5RENnUjhGZm8wZUtSQWZBQ1dIawplZ3h6UGN2ZEhtTTBjclM2VkU0SWNDVytycU5KUmxyQWhnY2JKM3daCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
I manually copypasted key and put into the yaml using VI...
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: vit
spec:
groups:
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lqQ0NBWElDQVFBd1JURUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeApJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpEQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNZmZFSitFTjZ3Wjd5emV4WjA4aUtQOWhUYWVzSjh1cWt3U1NsU1QKdXhVbDlyci85YnA2OTd3Ky9lQXRVTlF6ajlWNGQvUnhLSG0rMkVhWDllaGowN0NBZlJRRFEvV284dW1tUzRMZAo1UEtoNmVxMmdvMWJkNDRzQmpwaFk4encwK1UyQXdZMElPbitCcm9weWdGMVlCWWFkcHYzSnBXQVpqb2g2NFBuCmY0WThFNmptd0lnYlpTcXhlcTdDaUEwSDNHZDg1L0s4em5hWlFuYWZ2Q3E2Umc4SitsS2Z0RnN3QWdpL1BjSlgKWExYekRCdSs4OERacENJT0Rjek9MejZIYmhBMk1GK2tXN0RFTlJIZ29EenJZNHdNNGxGdVNpWGlPSVE2L01GVApuSmU5b1dNbFpNMjErNFpsQUN5RElZUnhwQmZQNlBBKzhoWEJJaGk4R09OK2ZiY0NBd0VBQWFBQU1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUUNlM1JyaEdoSWV4dWR5b2ljNjA0c0dGOTdNcExqV0Y0RVUwK0dOWGY5WWIzRHIKb2NsRG91OFVZQjhVTlpaTW1lc21xZUozdEVKQ3I2cE1mMWI4U09vOHhzYXdiR3NHZHlRdzJ5RWJvemdtWDR1bwphKy9aVjkyNUkwYVkwNGFGOW52QmVYSDBLbnh0RG9FdG8rOVVnVFoxLzV6ZVZOWGIrNnl0K1R6bVowOCtQbm4vCkhmUVMvdmtrVTdtNnRxNjQxbTJKUGlCK0Y4MnZyenM4NithS2gvYUk0ODJ2VXdjUzFrUnlLTEs0ZUVkOGNUUEQKWHdEVk9selhQcTVuMFh5ZUorcnlHY0dRYVpKb291TytVdUpXVnlCN0dYZnd5RENnUjhGZm8wZUtSQWZBQ1dIawplZ3h6UGN2ZEhtTTBjclM2VkU0SWNDVytycU5KUmxyQWhnY2JKM3daCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
usages:
- client auth
result is:
$ kubectl apply -f sr.yaml
certificatesigningrequest.certificates.k8s.io/vit created
request is the base64 encoded value of the CSR file content. You can
get the content using this command: cat john.csr | base64 | tr -d "
"
You can also use request: $(cat server.csr | base64 | tr -d '
')
instead of copy-pasting plain text.. Just read info below plz..its important
csr generation not working as per doc
Similar problem had been vexing me as well. After some
troubleshooting, it was observed the base64 and tr solution doesn't
work well in an MacOS environment. Using the gbase64 utilities from
GNU has a '-w ' option that will not line wrap. Once I installed gnu
coreutils and used gbase64, the scripts worked as expected. The
problem is related to 'tr' and line-wrapping using the original
combination. Hope it helps future users who stumble into similar
environment related issues.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…