my .sh script for PGO client setup show error of invalid value?

Question

When I run .sh script I see this error

error: error executing template "{{.data.username | base64decode }}:{{.data.password | base64decode}}": template: output:1:19: executing             "output" at <base64decode>: invalid value; expected string
error: error executing template "{{ index .data \"tls.crt\" | base64decode }}": template: output:1:27: executing "output" at <base64deco            de>: invalid value; expected string
error: error executing template "{{ index .data \"tls.key\" | base64decode }}": template: output:1:27: executing "output" at <base64deco            de>: invalid value; expected string

This is the script

# Use the pgouser-admin secret to generate pgouser file
kubectl get secret -n "${PGO_OPERATOR_NAMESPACE}" "${PGO_USER_ADMIN}" \
  -o 'go-template={{.data.username | base64decode }}:{{.data.password | base64decode }}' > $OUTPUT_DIR/pgouser
# ensure this file is locked down to the specific user running this
chmod a-rwx,u+rw "${OUTPUT_DIR}/pgouser"


*# Use the pgo.tls secret to generate the client cert files
kubectl get secret -n "${PGO_OPERATOR_NAMESPACE}" pgo.tls \
  -o 'go-template={{ index .data "tls.crt" | base64decode }}' > $OUTPUT_DIR/client.crt
kubectl get secret -n "${PGO_OPERATOR_NAMESPACE}" pgo.tls \
  -o 'go-template={{ index .data "tls.key" | base64decode }}' > $OUTPUT_DIR/client.key
# ensure the files are locked down to the specific user running this
chmod a-rwx,u+rw "${OUTPUT_DIR}/client.crt" "${OUTPUT_DIR}/client.key"


echo "pgo client files have been generated, please add the following to your bashrc"
echo "export PATH=${OUTPUT_DIR}:\$PATH"
echo "export PGOUSER=${OUTPUT_DIR}/pgouser"
echo "export PGO_CA_CERT=${OUTPUT_DIR}/client.crt"
echo "export PGO_CLIENT_CERT=${OUTPUT_DIR}/client.crt"
echo "export PGO_CLIENT_KEY=${OUTPUT_DIR}/client.key"

I don't see any error, any suggestion Please.

What I want it to do:

It should create PGO client and not show any error.

Edited Question:

This how I created secret

kubectl create secret docker-registry pgo.tls -n pgo --docker-server='https://index.docker.io/v1/' --docker-username='tauqeerdocker' --docker-email='myeamil@gmail.com' --docker-password='Letstest'

Answer 1

If you create a secret like this:

kubectl create secret docker-registry pgo.tls \
  -n pgo \
  --docker-server='https://index.docker.io/v1/' \
  --docker-username='tauqeerdocker' \
  --docker-email='myeamil@gmail.com' \
  --docker-password='Letstest'

Then you end up with a resource that looks like this:

apiVersion: v1
kind: Secret
metadata:
  name: pgo.tls
  namespace: pgo
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ0YXVxZWVyZG9ja2VyIiwicGFzc3dvcmQiOiJMZXRzdGVzdCIsImVtYWlsIjoibXllYW1pbEBnbWFpbC5jb20iLCJhdXRoIjoiZEdGMWNXVmxjbVJ2WTJ0bGNqcE1aWFJ6ZEdWemRBPT0ifX19

When you run:

kubectl get secret -n pgo pgo.tls \
  -o 'go-template={{ index .data "tls.crt" | base64decode }}'

You're asking for the key tls.crt from the data attribute, but there is no such attribute. You've created a docker registry secret, not a TLS secret.

If you have a certificate and key available locally, you can create a TLS secret like this:

kubectl -n pgo create secret tls \
  --cert=tls.crt --key=tls.key

This gets you:

apiVersion: v1
data:
  tls.crt: ...
  tls.key: ...
kind: Secret
metadata:
  name: pgo.tls
  namespace: pgo
type: kubernetes.io/tls

And when we try your command using that secret, it works as expected:

$ kubectl get secret -n pgo pgo.tls \
  -o 'go-template={{ index .data "tls.crt" | base64decode }}'
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----