K
Q

Passing certificates/keys in kubeconfig throws an JSON error

8/2/2017

Using Kubectl client (1.7.0) on Windows to connect to remote cluster.

The config file in Windows ( located in .kube) directory is configured as follows:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: C:\Users\DK05478\.kube\ca.crt
    server: https://10.99.70.153:6443
  name: devo
contexts:
- context:
    cluster: devo
    user: admindevo
  name: devo
current-context: devo
kind: Config
preferences: {}
users:
- name: admindevo
  user:
    client-certificate-data: C:\Users\DK05478\.kube\apiserver.crt
    client-key-data: C:\Users\DK05478\.kube\apiserver.key

These certificate files I have downloaded from the remote system to my localhost. But this does not work. Throws the following error->

C:\Windows\kubernetes>kubectl   version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.0", GitCommit:"d3ada0119e776222f11ec7945e6d860061339aad", GitTreeState:"clean", BuildDate:"2017-06-29T23:15:59Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"windows/amd64"}
error: Error loading config file "C:\Users\DK05478/.kube/config": [pos 107]: json: error decoding base64 binary 'C:\Users\DK05478\.kube\ca.crt': illegal base64 data at input byte 1

How can I fix this issue? whats that I am doing wrong ?

-- dkat
kubernetes

Similar Questions

Establishing PPTP-connection in a Kubernetes POD
How could targetPort be set with string value in kubernetes?
How to run kubernetes custom scheduler?
How to assign a static IP to a pod using Kubernetes on deployment

2 Answers

8/2/2017

certificate-authority-data: , client-certificate-data:, client-key-data: reference to the file. I think you need base64 encoded keys value here. you can look .kube/config file from your cluster master.

look at this page for base64 usage example https://kubernetes.io/docs/concepts/configuration/secret/

-- sfgroups
Source: StackOverflow
8/3/2017

Remove the -data suffix from certificate-authority-data, client-certificate-data and client-key-data. Like what @sfgroups said, the xxx-data param is meant for a base64-encoded cert/key.

Once you do, your kubeconfig should look like this:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: C:\Users\DK05478\.kube\ca.crt
    server: https://10.99.70.153:6443
  name: devo
contexts:
- context:
    cluster: devo
    user: admindevo
  name: devo
current-context: devo
kind: Config
preferences: {}
users:
- name: admindevo
  user:
    client-certificate: C:\Users\DK05478\.kube\apiserver.crt
    client-key: C:\Users\DK05478\.kube\apiserver.key
-- Eugene Chow
Source: StackOverflow