Use base64 for cluster certificate authority

[HenryXie1]

We are automating deploy loginapp + dex. We have difficulty on replace cluster certificate-authority strings.

          -----BEGIN CERTIFICATE-----
          MIIC5zCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
          ******
          -----END CERTIFICATE-----

It has pem format which has many lines and /n. The automation has difficulty to replace certficate-authority strings for different clusters.
Do you support base64 encode string for this certificate-authority? like

    # Clusters list for CLI configuration
    clusters:
      - name: test1
        server: https://****:6443
        certificate-authority: |
          <base64 encoded string>
        insecure-skip-tls-verify: false
        # Alternative context name for this cluster
        contextName: test

or any workaround would be much appreciated.

Thank you
Henry

[fydrah]

HI @HenryXie1 ,

Yes that's something we could do.

Currently we use the certificate-authority value, what we could change is:

• check if there is a certificate-authority-data also (the b64 encoded cert)
• if yes use this one instead during templating (https://github.com/fydrah/loginapp/blob/v3.2.3/web/templates/token.html#L120 and https://github.com/fydrah/loginapp/blob/v3.2.3/web/templates/token.html#L156)
• else, use the certificate-authority by default (this will avoid breaking changes)

I'll take a look at this.

[fsdrw08]

I am in the same situation, for work around, I use yq to manipulate the content of ca, e.g.
yq -i e '.config.clusters[0].certificate-authority = "'"$(sudo cat /var/lib/rancher/k3s/server/tls/server-ca.crt)"'"' /vagrant/HelmWorkShop/loginapp/values.yaml