kubernetes: [kubectl] Previously working kubeconfig gives loading error on v1.8.0

/kind bug /sig kubectl

What happened: Running kubectl config get-contexts crashes with the error message:

error: Error loading config file "~/.kube/config": v1.Config: Contexts: []v1.NamedContext: Clusters: []v1.NamedCluster: v1.NamedCluster: Name: Cluster: v1.Cluster: Server: CertificateAuthorityData: decode base64: illegal base64 data at input byte 76, parsing 1540 ...S0tLQo=\n"... at {"apiVersion":"v1","clusters":[{"cluster":{"certificate-authority-data":"..........

What you expected to happen: Showing the available kube contexts.

How to reproduce it (as minimally and precisely as possible):

  1. Save this sanitized, dummy kubeconfig to e.g. /tmp/kubeconfig:
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: |
      LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCekNDQWUrZ0F3SUJBZ0lKQU8yRjlWbUlncUdvTUEwR0NTcUdTSWIzRFFFQkJRVUFNQm94R0RBV0JnTlYKQkFNTUQzZDNkeTVsZUdGdGNHeGxMbU52YlRBZUZ3MHhOekV3TVRJd09EUTJNVEJhRncweU56RXdNVEF3T0RRMgpNVEJhTUJveEdEQVdCZ05WQkFNTUQzZDNkeTVsZUdGdGNHeGxMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1xaGxuQUk1R0lZRVZJQTBmRlNlZVhJT296RWRqLytkUkZ2TDRoSUF5dHgKYkZmOW5YNFZwekh5SFRIV0w2NTBzWW5oVlYya2pqVFJrQzRndlp3eFNFc1ZBUzg4L1d0cWVTeld3K1NNb01zbgp5NG9iU2VyZ1p5d2JHODF5N1paSkdkL3c3blZUQVM1VnZ2TUt1N2hVaEhSRHF1bUlqNjdEa211NW5Ca2VUL0R4CnZrR3lvck1JT0VxWjJRZ1FjZ3RRVGJSTlBPd01qRzhZTjNLS2Zxc0tzeVQ4YzJ5em1TOWtQc0R5aHNwM2ZRR3oKc29zU0lzN3A3QnZ4SzZEdHUzVWxnY1J4SWtJUjZENG9POXFNOEYzTyszUU1UdHdHZ3VyL0dCczVtYk9NTGlFWgpZenZqTzhkSzZFNXJ4RHdiNXc1YW5xSW5INGlyeUNWZ2FyaXN6Uzdpb0pNQ0F3RUFBYU5RTUU0d0hRWURWUjBPCkJCWUVGSFNlRkVzbmdpN1BCaDJsc3E1N3ZYUFJ1M0ZDTUI4R0ExVWRJd1FZTUJhQUZIU2VGRXNuZ2k3UEJoMmwKc3E1N3ZYUFJ1M0ZDTUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBQ0thUWtVMAo5RzNHV1U1NjhTSVhoWWw1cER4Y3VCRzNidjhqeFRxbnVVNC9lWEN6REMyUEVFTFdOc3VOUE8xQTFzNE5nZ2hsCmZHOEdaZFU4SGVDSVltTkF3Qk0zUGtTaENnTzJhWnl2NEdKc1pmeWV0Zm42MnJxSHNaMGtQbzlJQldFY1l5elIKcTg5QWtRRVIyRElnUHlsd2tFZnc2aG9Hd3ZwMkpJYXEyNEpOdHIzN1czai9hdDhkOXZueVlqbVNvSUFsY0xNZwoydlBCS1libW4xTU9ra2ROK3lhOTlLU3ZGY3JKemJ0MmlpR1IwQmtZa2tpZmNCeXd5WGVyQTBvWitMdHRlaDVLCmRFZzF0VnlkdHlPTVR4cFZaZUpYYnMzWEZralI1VzJtS2VHVTVnRzY2c1FUbE43L29CTnVjZzRHaEFZRk85SlgKb00xdE1WTDlIRExNcExZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://www.example.com
  name: prod
contexts:
- context:
    cluster: prod
    namespace: default
    user: default-service-account
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default-service-account
  user:
    token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImp0aSI6IjY2ODQ1MzJlLTJiY2UtNDBiZC05MzIxLTUwNjMyZjA3NTA2ZSIsImlhdCI6MTUwNzc5ODE2NywiZXhwIjoxNTA3ODAxNzY3fQ.i6VcaE1EmbCXDdmFjyuDKOiO4yxmIiqazcT424cpzVs
  1. Download both a working kubectl version for this config (I tried with v1.6.2 and v1.7.8), and a non-working ( v1.8.0):
$ curl -#SLo /tmp/kubectl178 https://storage.googleapis.com/kubernetes-release/release/v1.7.8/bin/darwin/amd64/kubectl \
&& curl -#SLo /tmp/kubectl180 https://storage.googleapis.com/kubernetes-release/release/v1.8.0/bin/darwin/amd64/kubectl \
&& chmod +x /tmp/kubectl1*
  1. Run the two different kubectl versions with the provided config, and see only one of them output an error:

v1.7.8:

$ /tmp/kubectl178 config get-contexts --kubeconfig /tmp/kubeconfig
CURRENT   NAME      CLUSTER   AUTHINFO                  NAMESPACE
*         default   prod      default-service-account   default

v1.8.0:

$ /tmp/kubectl180 config get-contexts --kubeconfig /tmp/kubeconfig
error: Error loading config file "/tmp/kubeconfig": v1.Config: Contexts: []v1.NamedContext: Clusters: []v1.NamedCluster: v1.NamedCluster: Name: Cluster: v1.Cluster: Server: CertificateAuthorityData: decode base64: illegal base64 data at input byte 1484, parsing 1560 ...S0tCg==\n"... at {"apiVersion":"v1","clusters":[{"cluster":{"certificate-authority-data":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCekNDQWUrZ0F3SUJBZ0lKQU8yRjlWbUlncUdvTUEwR0NTcUdTSWIzRFFFQkJRVUFNQm94R0RBV0JnTlYKQkFNTUQzZDNkeTVsZUdGdGNHeGxMbU52YlRBZUZ3MHhOekV3TVRJd09EUTJNVEJhRncweU56RXdNVEF3T0RRMgpNVEJhTUJveEdEQVdCZ05WQkFNTUQzZDNkeTVsZUdGdGNHeGxMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1xaGxuQUk1R0lZRVZJQTBmRlNlZVhJT296RWRqLytkUkZ2TDRoSUF5dHgKYkZmOW5YNFZwekh5SFRIV0w2NTBzWW5oVlYya2pqVFJrQzRndlp3eFNFc1ZBUzg4L1d0cWVTeld3K1NNb01zbgp5NG9iU2VyZ1p5d2JHODF5N1paSkdkL3c3blZUQVM1VnZ2TUt1N2hVaEhSRHF1bUlqNjdEa211NW5Ca2VUL0R4CnZrR3lvck1JT0VxWjJRZ1FjZ3RRVGJSTlBPd01qRzhZTjNLS2Zxc0tzeVQ4YzJ5em1TOWtQc0R5aHNwM2ZRR3oKc29zU0lzN3A3QnZ4SzZEdHUzVWxnY1J4SWtJUjZENG9POXFNOEYzTyszUU1UdHdHZ3VyL0dCczVtYk9NTGlFWgpZenZqTzhkSzZFNXJ4RHdiNXc1YW5xSW5INGlyeUNWZ2FyaXN6Uzdpb0pNQ0F3RUFBYU5RTUU0d0hRWURWUjBPCkJCWUVGSFNlRkVzbmdpN1BCaDJsc3E1N3ZYUFJ1M0ZDTUI4R0ExVWRJd1FZTUJhQUZIU2VGRXNuZ2k3UEJoMmwKc3E1N3ZYUFJ1M0ZDTUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBQ0thUWtVMAo5RzNHV1U1NjhTSVhoWWw1cER4Y3VCRzNidjhqeFRxbnVVNC9lWEN6REMyUEVFTFdOc3VOUE8xQTFzNE5nZ2hsCmZHOEdaZFU4SGVDSVltTkF3Qk0zUGtTaENnTzJhWnl2NEdKc1pmeWV0Zm42MnJxSHNaMGtQbzlJQldFY1l5elIKcTg5QWtRRVIyRElnUHlsd2tFZnc2aG9Hd3ZwMkpJYXEyNEpOdHIzN1czai9hdDhkOXZueVlqbVNvSUFsY0xNZwoydlBCS1libW4xTU9ra2ROK3lhOTlLU3ZGY3JKemJ0MmlpR1IwQmtZa2tpZmNCeXd5WGVyQTBvWitMdHRlaDVLCmRFZzF0VnlkdHlPTVR4cFZaZUpYYnMzWEZralI1VzJtS2VHVTVnRzY2c1FUbE43L29CTnVjZzRHaEFZRk85SlgKb00xdE1WTDlIRExNcExZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n","server":"https://www.example.com"},"name":"prod"}],"contexts":[{"context":{"cluster":"prod","namespace":"default","user":"default-service-account"},"name":"default"}],"current-context":"default","kind":"Config","preferences":{},"users":[{"name":"default-service-account","user":{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImp0aSI6IjY2ODQ1MzJlLTJiY2UtNDBiZC05MzIxLTUwNjMyZjA3NTA2ZSIsImlhdCI6MTUwNzc5ODE2NywiZXhwIjoxNTA3ODAxNzY3fQ.i6VcaE1EmbCXDdmFjyuDKOiO4yxmIiqazcT424cpzVs"}}]}

Anything else we need to know?: Work with v1.6.2 and v1.7.8 for us, but not v1.8.0.

Environment:

  • Kubernetes version (use kubectl version): v1.8.0
  • OS (e.g. from /etc/os-release): macOS
  • Kernel (e.g. uname -a): Darwin Kernel Version 16.7.0
  • Install tools: curl or brew, doesn’t matter

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 15 (8 by maintainers)

Most upvoted comments

it appears newlines in the base64 data was tolerated before, but it is not correct. []byte is encoded as base64, not base64+newlines

if you want to use block styles to include the base64 data, use the stripping version (|-):

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: |-
      LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCekNDQWUrZ0F3SUJBZ0lKQU8yRjlWbUlncUdvTUEwR0NTcUdTSWIzRFFFQkJRVUFNQm94R0RBV0JnTlYKQkFNTUQzZDNkeTVsZUdGdGNHeGxMbU52YlRBZUZ3MHhOekV3TVRJd09EUTJNVEJhRncweU56RXdNVEF3T0RRMgpNVEJhTUJveEdEQVdCZ05WQkFNTUQzZDNkeTVsZUdGdGNHeGxMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1xaGxuQUk1R0lZRVZJQTBmRlNlZVhJT296RWRqLytkUkZ2TDRoSUF5dHgKYkZmOW5YNFZwekh5SFRIV0w2NTBzWW5oVlYya2pqVFJrQzRndlp3eFNFc1ZBUzg4L1d0cWVTeld3K1NNb01zbgp5NG9iU2VyZ1p5d2JHODF5N1paSkdkL3c3blZUQVM1VnZ2TUt1N2hVaEhSRHF1bUlqNjdEa211NW5Ca2VUL0R4CnZrR3lvck1JT0VxWjJRZ1FjZ3RRVGJSTlBPd01qRzhZTjNLS2Zxc0tzeVQ4YzJ5em1TOWtQc0R5aHNwM2ZRR3oKc29zU0lzN3A3QnZ4SzZEdHUzVWxnY1J4SWtJUjZENG9POXFNOEYzTyszUU1UdHdHZ3VyL0dCczVtYk9NTGlFWgpZenZqTzhkSzZFNXJ4RHdiNXc1YW5xSW5INGlyeUNWZ2FyaXN6Uzdpb0pNQ0F3RUFBYU5RTUU0d0hRWURWUjBPCkJCWUVGSFNlRkVzbmdpN1BCaDJsc3E1N3ZYUFJ1M0ZDTUI4R0ExVWRJd1FZTUJhQUZIU2VGRXNuZ2k3UEJoMmwKc3E1N3ZYUFJ1M0ZDTUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBQ0thUWtVMAo5RzNHV1U1NjhTSVhoWWw1cER4Y3VCRzNidjhqeFRxbnVVNC9lWEN6REMyUEVFTFdOc3VOUE8xQTFzNE5nZ2hsCmZHOEdaZFU4SGVDSVltTkF3Qk0zUGtTaENnTzJhWnl2NEdKc1pmeWV0Zm42MnJxSHNaMGtQbzlJQldFY1l5elIKcTg5QWtRRVIyRElnUHlsd2tFZnc2aG9Hd3ZwMkpJYXEyNEpOdHIzN1czai9hdDhkOXZueVlqbVNvSUFsY0xNZwoydlBCS1libW4xTU9ra2ROK3lhOTlLU3ZGY3JKemJ0MmlpR1IwQmtZa2tpZmNCeXd5WGVyQTBvWitMdHRlaDVLCmRFZzF0VnlkdHlPTVR4cFZaZUpYYnMzWEZralI1VzJtS2VHVTVnRzY2c1FUbE43L29CTnVjZzRHaEFZRk85SlgKb00xdE1WTDlIRExNcExZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://www.example.com
  name: prod
contexts:
- context:
    cluster: prod
    namespace: default
    user: default-service-account
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default-service-account
  user:
    token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImp0aSI6IjY2ODQ1MzJlLTJiY2UtNDBiZC05MzIxLTUwNjMyZjA3NTA2ZSIsImlhdCI6MTUwNzc5ODE2NywiZXhwIjoxNTA3ODAxNzY3fQ.i6VcaE1EmbCXDdmFjyuDKOiO4yxmIiqazcT424cpzVs
+1
liggitt on Oct 12, 2017

a sanitized kubeconfig reproducer would be very helpful

+1
liggitt on Oct 12, 2017
Read more comments on GitHub
← kubernetes: kubectl port-forward doesn't properly recover from interrupted connection errors
kubernetes: kubectl proxy not working for kube contexts with base path →