Unable to authenticate kubernetes cluster with the certificate-authority

Question

I have a kubeadm cluster. I modified the .kube/config file by exporting out hardcoded certificate-authority-data value (the base64 of ca certificate) to another file called ca.b64.crt. I modified also the client-certificate and client-key by having their values in another files in the disk.

So the result .kube/config file is:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.b64.crt
    server: https://172.31.127.100:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate: /etc/kubernetes/pki/admins/admin.b64.crt
    client-key: /etc/kubernetes/pki/admins/admin.b64.key

The problem is that whenever I try to use kubectl (e.g to get pods), I got:

xxxx:~$ k get po
error: unable to load root certificates: unable to parse bytes as PEM block

Any ideas?

Answer 1

I found out the issue. certificate-authority-data uses base64 string of the crt or key while certificate-authority uses the crt or key files (without being base64)