Issue with creating a CSR

jhashem3 · March 30, 2021, 5:28pm

I was able to figure this out finally after many tries. I created a csr using the site Kubernetes.io since we can use this during the exam.

openssl genrsa -out akshay.key 2048
openssl req -new -key akshay.key -out akshay.csr

converted the key to base64

cat akshay.csr | base 64

I used this command but it was messy with replacing text. Is there an easier way.

cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: akshay
spec:
  groups:
  - system:authenticated
  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZqQ0NBVDRDQVFBd0VURVBNQTBHQTFVRUF3d0dZV3R6YUdGNU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQXdlZDJSYzFVUGFlT0d4L2JOL0hLSmZFSkFDODh1VTl0Q0xaV09udTJOZmlXCk9GdXBNYnhNeGU1aFg4NldzbnVjU2lwcU5lNnNYMDB4blBVVTcvM0NwNGtPNXFmRHBYenNxSEYxNnduM0t5Uk0KK05YcHJwSHlyNDRiUzFaNEIyMkhZempnamJtaXlpVHBxamtBaVZoY3J0cHpxSjlFbTRacnJZTVYxaE5FRCtVRQpOTmV2eDc0Qi83U3JCaGU3QTBQVVQwZGN3UjNxNHFjUldaS1U2V2NhTzhid3l6eElud2VMbmlRM2RDbDNGVVdtCkNKbmNmbkJVRk9RMEhEQXVMUWJQWlkrWWMrVVB4VUxiMVg3MStKWE4xQXdaVnBOeVdQZS9ISkswWVdGb3BiaDgKSDJxNzZyS3lUL29neVpDRWs0b0lnaEpSZGRiakhCUEZSVHZuMjlQcld3SURBUUFCb0FBd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSk1CYU5RWVV0V0pIMFBrZlFudUNmeFdlMHd4MitQdzJhZVU5MzJPVzlVTVV4V1RyVUw2CnY0UVZPRS8xT3RXeVJhQ2wvdVB1cmZUWWQ4M2ZZYVlmTjlUUXRUSlJ4azBEL3FtT1lSTGVZL0ZnNFhEbitpMmkKcXM0L1A4SXNxZW4yTnM4T1puRWFhZzcySWtiam9VazJOZGxKMUFsZTlSSFFtVElBTUJ5dTZraWN2cllqQlovdwpva3ZHTjV3TExkNks3K1EzN0YxRDRFRWlZVFMySllCSVZVbVVqUjUzOWQwQ3pDSXRzd25ldStxNXZ2MWMyeGRZCit6UjlLYk8rbFBrb2dsTmtuc0t0K1BBZDdwVXpCa0dybDBRblBFOHQ3SUJoOGozWlhBU2tBdEt4OWl6cXJqK1AKY3ZXblUwUVVidTFxRFBBODM4anRrN3pDQTIxMWorYmJsdWM9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
  signerName: kubernetes.io/kube-apiserver-client
  usages:
  - client auth
EOF

jhashem3 · March 30, 2021, 6:48pm

I think I found my answer adding this line will help

request is the base64 encoded value of the CSR file content. You can get the content using this command: cat myuser.csr | base64 | tr -d "\n"

Ayman · March 31, 2021, 6:48pm

Great!
Also you can check the following:
Check the following:
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: akshay
spec:
groups:
- system:authenticated
request: $(cat akshay.csr | base64 | tr -d ‘\n’)
signerName: kubernetes.io/kube-apiserver-client
usages:
- client auth
EOF