When I run .sh script I see this error
error: error executing template "{{.data.username | base64decode }}:{{.data.password | base64decode}}": template: output:1:19: executing "output" at <base64decode>: invalid value; expected string
error: error executing template "{{ index .data \"tls.crt\" | base64decode }}": template: output:1:27: executing "output" at <base64deco de>: invalid value; expected string
error: error executing template "{{ index .data \"tls.key\" | base64decode }}": template: output:1:27: executing "output" at <base64deco de>: invalid value; expected string
This is the script
# Use the pgouser-admin secret to generate pgouser file
kubectl get secret -n "${PGO_OPERATOR_NAMESPACE}" "${PGO_USER_ADMIN}" \
-o 'go-template={{.data.username | base64decode }}:{{.data.password | base64decode }}' > $OUTPUT_DIR/pgouser
# ensure this file is locked down to the specific user running this
chmod a-rwx,u+rw "${OUTPUT_DIR}/pgouser"
*# Use the pgo.tls secret to generate the client cert files
kubectl get secret -n "${PGO_OPERATOR_NAMESPACE}" pgo.tls \
-o 'go-template={{ index .data "tls.crt" | base64decode }}' > $OUTPUT_DIR/client.crt
kubectl get secret -n "${PGO_OPERATOR_NAMESPACE}" pgo.tls \
-o 'go-template={{ index .data "tls.key" | base64decode }}' > $OUTPUT_DIR/client.key
# ensure the files are locked down to the specific user running this
chmod a-rwx,u+rw "${OUTPUT_DIR}/client.crt" "${OUTPUT_DIR}/client.key"
echo "pgo client files have been generated, please add the following to your bashrc"
echo "export PATH=${OUTPUT_DIR}:\$PATH"
echo "export PGOUSER=${OUTPUT_DIR}/pgouser"
echo "export PGO_CA_CERT=${OUTPUT_DIR}/client.crt"
echo "export PGO_CLIENT_CERT=${OUTPUT_DIR}/client.crt"
echo "export PGO_CLIENT_KEY=${OUTPUT_DIR}/client.key"
I don't see any error, any suggestion Please.
What I want it to do:
It should create PGO client and not show any error.
Edited Question:
This how I created secret
kubectl create secret docker-registry pgo.tls -n pgo --docker-server='https://index.docker.io/v1/' --docker-username='tauqeerdocker' --docker-email='[email protected]' --docker-password='Letstest'
If you create a secret like this:
Then you end up with a resource that looks like this:
When you run:
You're asking for the key
tls.crtfrom thedataattribute, but there is no such attribute. You've created a docker registry secret, not a TLS secret.If you have a certificate and key available locally, you can create a TLS secret like this:
This gets you:
And when we try your command using that secret, it works as expected: