Error while creating Secrets from openssl cert & keys.

[Raj Boruah]

Hi,

I am new to Kuberenetes and was trying to create Secret from OpenSSL cert & key pair. This is what I did:

1. created openssl cert & key: sudo openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout nginx.key -out nginx.crt -subj /CN=192.168.3.166 -days 3650

2. Base64-encode encoded and stored in files for later use: cat nginx.key | base64 > nginx_base64.key, cat nginx.crt | base64 > nginx_base64.crt

3. Created below nginx_secret.yaml file with above key & cert:

apiVersion: v1

kind: Secret

metadata:

  name: mynginxsecret

type: Opaque

data:

    proxycert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBekNDQWV1Z0F3SUJBZ0lKQUo3KzJOZmda

ME9yTUEwR0NTcUdTSWIzRFFFQkN3VUFNQmd4RmpBVUJnTlYKQkFNTURURTVNaTR4TmpndU15NHhO

all3SGhjTk1UY3dNVEV4TVRFMU1ETTVXaGNOTWpjd01UQTVNVEUxTURNNQpXakFZTVJZd0ZBWURW

UVFEREEweE9USXVNVFk0TGpNdU1UWTJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFN

SUlCQ2dLQ0FRRUFwN2FBL3BZZGVBb3Y3c0ZZV1VycmJGMVB3VnFINWtuTzlyVkFnT05DWHQyRTl5

QmUKbmZVa2xHQjFENG5rcFEwMm1KT09Obm44a1ROQk94Z2RnVjlydVVESW1iaThjODUwWmtoa0xs

MmhRMU9xdjYyYQpXRzJESHp2bVNlbnozelBQWGVGbzdEZy9YNjk2UWFLNlhGcHVOVERRb1ZEUG5H

eVhwUXBTek1ad05UTFRybDVHClRQbFJrR2psOC9uUnhDYU81a0ljd1BlVmNYc3h3K2tGMm11VktG

TjFVd0g4UEhrNHp5Q21BdkVNcXBxZ1MxazMKWDdqciszSE4xOGdlL3ZPUlNjdmZjSDlzNlpvTlpy

L1ZLb1R1Y3RLT2tpMWpxYUJLeHZYMHBXaDdVOTNpN3pNQgpMNEVsUFArd0thWTUxajVsVjlUa1hT

QXhJS3dhald2OGVsRENRUUlEQVFBQm8xQXdUakFkQmdOVkhRNEVGZ1FVCklHNlFWMGVwd0Q2enVZ

RU5mdHg4bHNxQWRXMHdId1lEVlIwakJCZ3dGb0FVSUc2UVYwZXB3RDZ6dVlFTmZ0eDgKbHNxQWRX

MHdEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWMxZkhOOGJrZlNQ

KwpkZ1ZNVjdVaHQzZ0xZVnNSaG56amYwNFR6T0FDK3JWNmJGRk93N25ONTNpZUhSaC80QjgrTzhT

cHNSSTQ5cXVkCmFoYVU3S3ZHRmdiOHRnMWQ4V2ZFd3BheFN0RWh0Wlgzbll3N2MzSDVKVVFhVkxQ

Wk9YbFIrQjA1bFJsM2tWcmgKanJudGp0a1FRUlVxb3lRczJWTzl5OERwaEpDNEc5ajlwTjFCTW05

Ym1INWdJYlRLNktpc1B6NDRNdE4yUFhRUgpTZHZYeS8wRE5KamJMTWxpdnYrOHV1b2FlU0RVVHh5

MDBYcWdzNTlyLzg4V0JBWCtvSTFBdXNZaXNqaDg5UStsCnY2c2YzajZwVEkyNzRXYWtHdi9BNjVZ

TSsrcm1PVEJYcHlNazAxc1ZRMExLYzQ4UGxKZlNhMlJmU0xUODdyQ1MKeTdZT0VlMVprdz09Ci0t

LS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"

proxykey: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZB

QVNDQktjd2dnU2pBZ0VBQW9JQkFRQ250b0QrbGgxNENpL3UKd1ZoWlN1dHNYVS9CV29mbVNjNzJ0

VUNBNDBKZTNZVDNJRjZkOVNTVVlIVVBpZVNsRFRhWWs0NDJlZnlSTTBFNwpHQjJCWDJ1NVFNaVp1

THh6em5SbVNHUXVYYUZEVTZxL3JacFliWU1mTytaSjZmUGZNODlkNFdqc09EOWZyM3BCCm9ycGNX

bTQxTU5DaFVNK2NiSmVsQ2xMTXhuQTFNdE91WGtaTStWR1FhT1h6K2RIRUpvN21RaHpBOTVWeGV6

SEQKNlFYYWE1VW9VM1ZUQWZ3OGVUalBJS1lDOFF5cW1xQkxXVGRmdU92N2NjM1h5QjcrODVGSnk5

OXdmMnpwbWcxbQp2OVVxaE81eTBvNlNMV09wb0VyRzlmU2xhSHRUM2VMdk13RXZnU1U4LzdBcHBq

bldQbVZYMU9SZElERWdyQnFOCmEveDZVTUpCQWdNQkFBRUNnZ0VBQ3NkYit3REMzQmdyaEhqQXFO

eDd6UGNpVFJiNGJRQ0pZS205ZjRzYmxPVS8KeW5JMklvakMxUlp0NzVXNU1ESnRNOWtuNXJCb1h4

eWdNS0FZSlZ4d20vTmg4UjlDWFY4RGRCOXE4Ti9yb1Z3YgpPVDU3RVB2WTFZVVFBK2daV0ZzSUZN

eUw1Y0tuc0FxakhOek1oV3I2Y2tpMDMrbEZycFA4R3d0U3p2NWg3OGs5CnlpTHh6eGVHd0dYRUpW

dWpvRjVnTkhXenVVYVpPRllpMWxlMXd2Skx3eDdlUmh6NmpoakR6RlFVNE83Ym45N1MKM2R6SUU2

cDNNQWJUM0hJcE5lS3d5Z3lOaWJIeE5CaXhrRlI4MzFnWWtPNmpWTHpMQWt4dVJ2THVYYnZVeXlE

QQpvbDZwYmh1WWJZcEJwRzlBaFlMelEwcWRxaGpyMFJ0YTQxYlo1Z2tJMFFLQmdRRGNiZ20yZzg0

dUx3MXVOcnhWCkM0elhuRGQvakphTDlzODlJd0RNWW1IaEc0MmFlc1FubEgzc2k1d2VNMVJXTHcw

YjRvOEpaamRkZjZmbnhSaEwKNzZ4UkhJQlJtN2hFMmlLQVFYYXF1ZitnRmtNVE9LWUtvYlNOYTdv

Q3ZHZ3FCOEZMbFBrMzZqMVF3S0RydjdzUApKZlFYa1kvMkw4ZlN1TURrcm0vTUY1ZzRSd0tCZ1FE

Q3hycHVITGdJWmpBcEJmSFJrVlpXbWFyUXpwMnAvL0FUCjloWHNlNjVlMzZNQk1udUtqL1JnSWZt

amR1UW5tNzBBV3pKYnB5M0FhZXMyV0ZhQUo1aUlHQkFFRjJ4TVoxdjYKZkRJOWFhZVhPOG5RUEJx

dzJjTlkvTlVIQlUvbjJVUjUvU2ZPME1BbWx2TWQ5YWZFRERoRUtDRmdwQkk4UHlBMQp0UkJLMU01

OU53S0JnRWM2UTJjM3RoTVVYem1pOUQ1aTZoTHR4cjB2ZDZJb2taVEd6OFk3Y0RkbVNONkhGd1ZY

CkpVMmZXMFlpL2ZpUFlhUUdGSVJNQkUzeEp4ZHNoOHBaMnd1bXN3d3J6bUpwUGtiRllJd1FhRHFa

bHZrS0VCVlYKWlZ0aFdRenpScEYyU2c2YlIrQzZqeStkM3lIdXBZcGlrRHBoYmV4MlNoS2NZckJD

Y1p1NGNCYVhBb0dBZDNLbQpIQ2NTbVZ3Snh1NjFXTjczZ3M1a1dmK0w0eGhwSStTemx6NVdOaXFS

N1ljSENuZXoxMHllcXFlYnpjcU5ndTFxCm1aaVJ6MEZsbFFOaHNPQVhnOGExODd4bGx3bC85OEk0

a1Q3OUh4cjBiZmFlSzd5d054OStpUHF5QVM1Vjl6WFEKTnQ0QUtPcERtQ2p4eEtIMTA1NkVzWjZN

N0ZPT0xrR25CeTB3b01zQ2dZRUExazhTeHV6aUFVeGZBU2RqdnlVawo0bzdHcitHVExkeW1mazh5

Wjk3NGdHdTRnRmFmenFvdXJUVHQ2aHV3T3ZrWm9CVHZUYVBqN2lRT1p0UjI0dW04CmMyL1JsSlZ6

SXZ0bnJ2NHVTUUcxNG1EbUdoSkNBQ2NtOUlQSkdkMHhDcmhSZ2JXNlZlL3RCM3c5Y25YcUdQYWMK

V3F4c01KRDlQOFQzMkpuMmFqRjB3WHc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"

and finally tried to create the secret and got error:

$kubectl create -f nginx-secret.yaml 

Error from server (BadRequest): error when creating "nginx-secret.yaml": Secret in version "v1" cannot be handled as a Secret: [pos 1536]: json: error decoding base64 binary 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBekNDQWV1Z0F3SUJBZ0lKQUo3KzJOZmda ME9yTUEwR0NTcUdTSWIzRFFFQkN3VUFNQmd4RmpBVUJnTlYKQkFNTURURTVNaTR4TmpndU15NHhO all3SGhjTk1UY3dNVEV4TVRFMU1ETTVXaGNOTWpjd01UQTVNVEUxTURNNQpXakFZTVJZd0ZBWURW UVFEREEweE9USXVNVFk0TGpNdU1UWTJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFN SUlCQ2dLQ0FRRUFwN2FBL3BZZGVBb3Y3c0ZZV1VycmJGMVB3VnFINWtuTzlyVkFnT05DWHQyRTl5 QmUKbmZVa2xHQjFENG5rcFEwMm1KT09Obm44a1ROQk94Z2RnVjlydVVESW1iaThjODUwWmtoa0xs MmhRMU9xdjYyYQpXRzJESHp2bVNlbnozelBQWGVGbzdEZy9YNjk2UWFLNlhGcHVOVERRb1ZEUG5H eVhwUXBTek1ad05UTFRybDVHClRQbFJrR2psOC9uUnhDYU81a0ljd1BlVmNYc3h3K2tGMm11VktG TjFVd0g4UEhrNHp5Q21BdkVNcXBxZ1MxazMKWDdqciszSE4xOGdlL3ZPUlNjdmZjSDlzNlpvTlpy L1ZLb1R1Y3RLT2tpMWpxYUJLeHZYMHBXaDdVOTNpN3pNQgpMNEVsUFArd0thWTUxajVsVjlUa1hT QXhJS3dhald2OGVsRENRUUlEQVFBQm8xQXdUakFkQmdOVkhRNEVGZ1FVCklHNlFWMGVwd0Q2enVZ RU5mdHg4bHNxQWRXMHdId1lEVlIwakJCZ3dGb0FVSUc2UVYwZXB3RDZ6dVlFTmZ0eDgKbHNxQWRX MHdEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWMxZkhOOGJrZlNQ KwpkZ1ZNVjdVaHQzZ0xZVnNSaG56amYwNFR6T0FDK3JWNmJGRk93N25ONTNpZUhSaC80QjgrTzhT cHNSSTQ5cXVkCmFoYVU3S3ZHRmdiOHRnMWQ4V2ZFd3BheFN0RWh0Wlgzbll3N2MzSDVKVVFhVkxQ Wk9YbFIrQjA1bFJsM2tWcmgKanJudGp0a1FRUlVxb3lRczJWTzl5OERwaEpDNEc5ajlwTjFCTW05 Ym1INWdJYlRLNktpc1B6NDRNdE4yUFhRUgpTZHZYeS8wRE5KamJMTWxpdnYrOHV1b2FlU0RVVHh5 MDBYcWdzNTlyLzg4V0JBWCtvSTFBdXNZaXNqaDg5UStsCnY2c2YzajZwVEkyNzRXYWtHdi9BNjVZ TSsrcm1PVEJYcHlNazAxc1ZRMExLYzQ4UGxKZlNhMlJmU0xUODdyQ1MKeTdZT0VlMVprdz09Ci0t LS0tRU5EIENFUlRJRklDQVRFLS0tLS0K': illegal base64 data at input byte 76

May I get some help to resolve this ?

Regards,

Rajen.

[Jordan Liggitt]

I think it expects base64 with no embedded whitespace

--
You received this message because you are subscribed to the Google Groups "Kubernetes developer/contributor discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-dev+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-dev@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-dev/063a9a62-bd78-4661-8412-679bd01c9640%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Raj Boruah]

Thanks for your response. Just now I realised that I did not use the option "--w 0" while encoding the pem files into base64.

I am able to generate the secret now.

Regards,

Raj.

To post to this group, send email to kuberne...@googlegroups.com.