Я пытаюсь получить сертификат, подписанный Центром сертификации Kubernetes (1.11), отправив следующее:
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: openunison.openunison.svc.cluster.local
spec:
groups:
- system:authenticated
request: LS0tLS1CRUdJTiBORVcgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCk1JSURCakNDQWU0Q0FRQXdnWkF4Q3pBSkJnTlZCQVlUQW5Wek1SRXdEd1lEVlFRSUV3aDJhWEpuYVc1cFlURVQKTUJFR0ExVUVCeE1LWVd4bGVHRnVaSEpwWVRFWk1CY0dBMVVFQ2hNUWRISmxiVzlzYnlCelpXTjFjbWwwZVRFTQpNQW9HQTFVRUN4TURhemh6TVRBd0xnWURWUVFERXlkdmNHVnVkVzVwYzI5dUxtOXdaVzUxYm1semIyNHVjM1pqCkxtTnNkWE4wWlhJdWJHOWpZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3gKRnpBR2tBWlYrZWxxem1aK3RxUW1xTEsxV3kvRFRXU0FZT3N2Mk9SaDFyVEx4eTZ6NVRwVW9kNzBjYmhCQlowbgptMDMzd0VkWW1QODFHRVM1YlYyQkpQa2FiN1EySmltQXFuU1MrcHYvSmVjTnVUcGlUb05xVUlGeHhUcXdlWHo3CkgxUVBPY25LZ251M0piempKUXZBbWZoUXZaNjdHRXRGanl3QXE5MS9TUFBHdVVlUFBOb09kU1J0MHlJdFJSV1cKV0N4THhLRW4zUU5jc1hqZWtJUy9aMXdTdERuVyttQi9LZERWbmlZUzlYRlV1T3BTcEl4ZkhHNmFkdTdZaUNLZgptQWZqSE1jdmlOQlN3M3ZBOGQ4c21yVnZveHhkelpzMGFXRlpZai9mQ0IycVVRb2FXQi85TmU1SStEb3JBbXJXCm42OGtoY1MwbkxsWGFIQmhLZjM1QWdNQkFBR2dNREF1QmdrcWhraUc5dzBCQ1E0eElUQWZNQjBHQTFVZERnUVcKQkJTUExoa2V5eUkrQmttSXEzdmxpalA4MHI1RXVUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFpMndVUjA4RgpjL3VVanovWHVvd29vQ1M3c2tndlpSZDVhVTFxdzU2MzdmOGVJSmM2S0huNGNZZUw3YTZ5M3M0QmJnYVVIOVpVCm5Sb3N1V1R2WEJNTUxxLzJBSEx4VVhsTGNhZW03cE1EbXEzbGkxNEkvWTdQWUlxSFQxNEc2UnlkQUUvc2R6MHUKd1RNL0k3eHJ0bFZNTzliNXpuWnlxVkpTY0xhYnRDTXMwa3dwQlpVM2dTZThhWW8zK3A3d2pVeVpuZmFoNllhNAovcXZVd3kzNGdianZSTWc2NmI3UTl2dERmU0RtUWFyVVh0QVJEd052T1lnNmpIMkpwYmUvNUdqcHhaUTRYYW93CnZodGJyY2NTL2RCbFZwWlQxd0k2Um85WFl2OEliMm1icWhFMjBNWGJuVWUrYS9uUkdPVndMaVRQMGNnSk92eDIKdzRZWmtxSUhVQWZad0E9PQotLS0tLUVORCBORVcgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
usages:
- digital signature
- key encipherment
- server auth
В ответе жалуется, что это не PEM - The CertificateSigningRequest "openunison.openunison.svc.cluster.local" is invalid: spec.request: Invalid value: []byte{0x2d,...}: PEM block type must be CERTIFICATE REQUEST, однако CSR является действительным CSR:
echo 'LS0tLS1CRUdJTiBORVcgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCk1JSURCakNDQWU0Q0FRQXdnWkF4Q3pBSkJnTlZCQVlUQW5Wek1SRXdEd1lEVlFRSUV3aDJhWEpuYVc1cFlURVQKTUJFR0ExVUVCeE1LWVd4bGVHRnVaSEpwWVRFWk1CY0dBMVVFQ2hNUWRISmxiVzlzYnlCelpXTjFjbWwwZVRFTQpNQW9HQTFVRUN4TURhemh6TVRBd0xnWURWUVFERXlkdmNHVnVkVzVwYzI5dUxtOXdaVzUxYm1semIyNHVjM1pqCkxtTnNkWE4wWlhJdWJHOWpZV3d3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3gKRnpBR2tBWlYrZWxxem1aK3RxUW1xTEsxV3kvRFRXU0FZT3N2Mk9SaDFyVEx4eTZ6NVRwVW9kNzBjYmhCQlowbgptMDMzd0VkWW1QODFHRVM1YlYyQkpQa2FiN1EySmltQXFuU1MrcHYvSmVjTnVUcGlUb05xVUlGeHhUcXdlWHo3CkgxUVBPY25LZ251M0piempKUXZBbWZoUXZaNjdHRXRGanl3QXE5MS9TUFBHdVVlUFBOb09kU1J0MHlJdFJSV1cKV0N4THhLRW4zUU5jc1hqZWtJUy9aMXdTdERuVyttQi9LZERWbmlZUzlYRlV1T3BTcEl4ZkhHNmFkdTdZaUNLZgptQWZqSE1jdmlOQlN3M3ZBOGQ4c21yVnZveHhkelpzMGFXRlpZai9mQ0IycVVRb2FXQi85TmU1SStEb3JBbXJXCm42OGtoY1MwbkxsWGFIQmhLZjM1QWdNQkFBR2dNREF1QmdrcWhraUc5dzBCQ1E0eElUQWZNQjBHQTFVZERnUVcKQkJTUExoa2V5eUkrQmttSXEzdmxpalA4MHI1RXVUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFpMndVUjA4RgpjL3VVanovWHVvd29vQ1M3c2tndlpSZDVhVTFxdzU2MzdmOGVJSmM2S0huNGNZZUw3YTZ5M3M0QmJnYVVIOVpVCm5Sb3N1V1R2WEJNTUxxLzJBSEx4VVhsTGNhZW03cE1EbXEzbGkxNEkvWTdQWUlxSFQxNEc2UnlkQUUvc2R6MHUKd1RNL0k3eHJ0bFZNTzliNXpuWnlxVkpTY0xhYnRDTXMwa3dwQlpVM2dTZThhWW8zK3A3d2pVeVpuZmFoNllhNAovcXZVd3kzNGdianZSTWc2NmI3UTl2dERmU0RtUWFyVVh0QVJEd052T1lnNmpIMkpwYmUvNUdqcHhaUTRYYW93CnZodGJyY2NTL2RCbFZwWlQxd0k2Um85WFl2OEliMm1icWhFMjBNWGJuVWUrYS9uUkdPVndMaVRQMGNnSk92eDIKdzRZWmtxSUhVQWZad0E9PQotLS0tLUVORCBORVcgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==' | base64 -d | openssl req -noout -text
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = us, ST = virginia, L = alexandria, O = tremolo security, OU = k8s, CN = openunison.openunison.svc.cluster.local
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
Что мне не хватает?