User authentication failing

I’ve followed every step under Certificate Signing Requests | Kubernetes but I’m getting the following error when attempting to authenticate:

Unable to connect to the server: tls: failed to find any PEM data in certificate input

I’ve verified that the certificate value at status.certificate in the approved/issued csr is the same value that’s in client-certificate-data.

$ kubectl get csr ken
NAME   AGE   SIGNERNAME                            REQUESTOR          CONDITION
ken    38m   kubernetes-admin   Approved,Issued

What am I missing here?

Cluster information:

Kubernetes version: 1.19.2
Cloud being used: Virtualbox
Installation method: kubeadm
Host OS: Ubuntu 20.04
CNI and version: calico v3.17.1

I ended up fixing this by manually editing my kube config and replacing the value in client-certificate-data with the string in status.certificate. I’m thinking the crt file the I created with the contents of the certificate needed to be in PEM format and wasn’t.

For posterity:

Creating a new user on a pure Kubernetes 1.19.2 cluster:

Step 1 Create private key

openssl genrsa -out ken.key 2048

Step 2 Create CSR

openssl req -new -key ken.key -out ken.csr -subj "/CN=ken"

Step 3 Create Kubernetes certificate

Get the csr request in base64 and replace it in /vagrant/ubuntu/user/csr.yaml.orig
with a new file /vagrant/ubuntu/user/csr.yaml.generated

Then run kubectl apply -f /vagrant/ubuntu/user/csr.yaml.generated

Step 4 Approve CSR

kubectl certificate approve ken

Step 5 Create Namespace

kubectl create ns ken

Step 5 Create Role

kubectl create -f /vagrant/ubuntu/user/role.yaml

Step 6 Create Role Binding

kubectl create -f /vagrant/ubuntu/user/rolebinding.yaml

Step 7 Download Certificate

kubectl get csr/ken -o jsonpath="{.status.certificate}"

to /vagrant/ubuntu/user/ken.crt

Step 8 Create User

kubectl config set-credentials ken --client-key=/vagrant/ubuntu/user/ken.key --client-certificate=/vagrant/ubuntu/user/ken.crt --embed-certs=true

Replace the contents of client-certificate-data in ~/.kube/config with the string from Step 7

Step 8 Create Context

kubectl config set-context ken --cluster=kubernetes --user=ken

Step 9 Text Context

kubectl config use-context ken
1 Like