The base64 encoded CA cert in the kubectl config file doesn't contain a newline after the certificate end tag. This isn't a problem for `kubectl` itself, but it is a problem for the golang k8s client library. When you run a controller using this config file, (example: ) you get an error message saying that CA is unknown:
The base64 encoded CA cert in the kubectl config file doesn't contain a newline after the certificate end tag. This isn't a problem for `kubectl` itself, but it is a problem for the golang k8s client library. When you run a controller using this config file, (example: ) you get an error message saying that CA is unknown:
Controller example repo: https:/ /github. com/trstringer/ k8s-controller- core-resource
```console r-core- resource core-resource/ controller. go:37: Failed to list *v1.Service: Get https:/ /10.10. 138.101: 443/api/ v1/namespaces/ k8s-tengu- test/services? limit=500& resourceVersion =0: x509: certificate signed by unknown authority
$ go build && ./k8s-controlle
INFO[0000] Successfully constructed k8s client
INFO[0000] Controller.Run: initiating
ERROR: logging before flag.Parse: E0507 14:07:01.479764 30683 reflector.go:205] k8s-controller-
```
```console howard: ~/Desktop$ cat config | grep -oP 'certificate- authority- data: \K.*' | base64 --decode BAgIJAPhq3GVu+ mc5MA0GCSqGSIb3 DQEBCwUAMBcxFTA TBgNV zOS41OTAeFw0xOT A0MjMxMzQ1MDhaF w0yOTA0MjAxMzQ1 MDha MDDEwLjEwLjEzOS 41OTCCASIwDQYJK oZIhvcNAQEBBQAD ggEP c5dCt9BRq2Boil7 gR4fpJbLJxOw5+ ZF7UnTljDJJMNVy ebpHV h8x01vuTMUlHLFW NmEa1penvUNPYWm q3wz87056FO6Aif lMO/z88R N4Dl5+IAom17zb7 SenvMJBX2sO1C9g xGnVv5HAqo7xTH7 t1oibqfsgj6z hjKh/I6lRPMFctM Kz6ROB58Ux60eMQ VDdeugu7y3MZql7 ZNQa TLT3eXHSdV3gdMp pXWvJgQrRgSfqqt lF+8lIau1x8sk4K QQkY NTLM7LIYR10FWPY hf2gUCAwEAAaOBh jCBgzAdBgNVHQ4E FgQU wY31D1xuJrEAwRw YDVR0jBEAwPoAUd umpSQssby3YQgpw Y31D xFTATBgNVBAMMDD EwLjEwLjEzOS41O YIJAPhq3GVu+ mc5MAwG wCwYDVR0PBAQDAg EGMA0GCSqGSIb3D QEBCwUAA4IBAQCA 7iu3 dcxUsqEDCiF/ Gd2P4H4Sy0q/ HR5xgtoc5/ Th2YOG2nnk4iNFe zB3sG7gprWVJ4c+ BZ1zGY9vhiYnFDQ QvBglTPAzQ7Utgt KFVV og6YpatlubXjZjj Po+Te8oFf7FjfzO a/l5/dU/ B7U2bevfbZV bDC4ByXNnaY6a8v JwWeGouNyIzOxbW w4do3jawUdeoNTY js1n oKF+XLQESdunP0W +Mr+jxJF+ IdWrAlaQzNGauAB W60G9uNh+ t ----merlijn@ howard: ~/Desktop$
merlijn@
-----BEGIN CERTIFICATE-----
MIIDODCCAiCgAwI
BAMMDDEwLjEwLjE
MBcxFTATBgNVBAM
ADCCAQoCggEBAMY
Lm31FSO3NM+
T02f14/
XGRZcOaGHpFEPrY
zLfrG1pdORasCUJ
mx6LssSDnbsEr0w
dumpSQssby3YQgp
1xuJrEChG6QZMBc
A1UdEwQFMAMBAf8
rr7k+JecLvHvIji
ouYpVsIOjvdUiua
2ZWBEPKOfyE66eC
/kn0uKrFFBWTn11
wOzoip3oCDsRMgs
4SUk8EV0D8EX/NbG
-----END CERTIFICATE-
```
Changing the base64-encoded certificate to include a newline fixes the issue.
```console authority- data: \K.*' | base64 --decode BAgIJAPhq3GVu+ mc5MA0GCSqGSIb3 DQEBCwUAMBcxFTA TBgNV zOS41OTAeFw0xOT A0MjMxMzQ1MDhaF w0yOTA0MjAxMzQ1 MDha MDDEwLjEwLjEzOS 41OTCCASIwDQYJK oZIhvcNAQEBBQAD ggEP c5dCt9BRq2Boil7 gR4fpJbLJxOw5+ ZF7UnTljDJJMNVy ebpHV h8x01vuTMUlHLFW NmEa1penvUNPYWm q3wz87056FO6Aif lMO/z88R N4Dl5+IAom17zb7 SenvMJBX2sO1C9g xGnVv5HAqo7xTH7 t1oibqfsgj6z hjKh/I6lRPMFctM Kz6ROB58Ux60eMQ VDdeugu7y3MZql7 ZNQa TLT3eXHSdV3gdMp pXWvJgQrRgSfqqt lF+8lIau1x8sk4K QQkY NTLM7LIYR10FWPY hf2gUCAwEAAaOBh jCBgzAdBgNVHQ4E FgQU wY31D1xuJrEAwRw YDVR0jBEAwPoAUd umpSQssby3YQgpw Y31D xFTATBgNVBAMMDD EwLjEwLjEzOS41O YIJAPhq3GVu+ mc5MAwG wCwYDVR0PBAQDAg EGMA0GCSqGSIb3D QEBCwUAA4IBAQCA 7iu3 dcxUsqEDCiF/ Gd2P4H4Sy0q/ HR5xgtoc5/ Th2YOG2nnk4iNFe zB3sG7gprWVJ4c+ BZ1zGY9vhiYnFDQ QvBglTPAzQ7Utgt KFVV og6YpatlubXjZjj Po+Te8oFf7FjfzO a/l5/dU/ B7U2bevfbZV bDC4ByXNnaY6a8v JwWeGouNyIzOxbW w4do3jawUdeoNTY js1n oKF+XLQESdunP0W +Mr+jxJF+ IdWrAlaQzNGauAB W60G9uNh+ t
$ cat ~/.kube/config | grep -oP 'certificate-
-----BEGIN CERTIFICATE-----
MIIDODCCAiCgAwI
BAMMDDEwLjEwLjE
MBcxFTATBgNVBAM
ADCCAQoCggEBAMY
Lm31FSO3NM+
T02f14/
XGRZcOaGHpFEPrY
zLfrG1pdORasCUJ
mx6LssSDnbsEr0w
dumpSQssby3YQgp
1xuJrEChG6QZMBc
A1UdEwQFMAMBAf8
rr7k+JecLvHvIji
ouYpVsIOjvdUiua
2ZWBEPKOfyE66eC
/kn0uKrFFBWTn11
wOzoip3oCDsRMgs
4SUk8EV0D8EX/NbG
-----END CERTIFICATE-----
```
```console r-core- resource test/sse- endpoint runWorker: starting processNextItem : start processNextItem : object created detected: k8s-tengu- test/sse- endpoint ObjectCreated runWorker: processing next item processNextItem : start
$ go build && ./k8s-controlle
INFO[0000] Successfully constructed k8s client
INFO[0000] Controller.Run: initiating
INFO[0000] Add service: k8s-tengu-
INFO[0000] Controller.Run: cache sync complete
INFO[0000] Controller.
INFO[0000] Controller.
INFO[0000] Controller.
INFO[0000] TestHandler.
INFO[0000] ResourceVersion: 2518213
INFO[0000] ExternalName: idlab-iot.tengu.io
INFO[0000] Phase: []
INFO[0000] Controller.
INFO[0000] Controller.
```