Any idea why the below CSR status shows 'approved,failed' at the same time ? co . . .

Gurudutt Dongre:
Any idea why the below CSR status shows ‘approved,failed’ at the same time ?

controlplane $ kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
csr-qjzpq 103m http://kubernetes.io/kube-apiserver-client-kubelet|kubernetes.io/kube-apiserver-client-kubelet system:node:controlplane Approved,Issued
csr-wfw78 103m http://kubernetes.io/kube-apiserver-client-kubelet|kubernetes.io/kube-apiserver-client-kubelet system:bootstrap:96771a Approved,Issued
john-developer 15s http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving kubernetes-admin Approved,Failed
controlplane $
controlplane $
controlplane $
controlplane $ kubectl describe csr john-developer
Name: john-developer
Labels: <none>
Annotations: <none>
CreationTimestamp: Sat, 19 Jun 2021 14:17:57 +0000
Requesting User: kubernetes-admin
Signer: http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving
Status: Approved,Failed
Subject:
Common Name: john
Serial Number:
Events: <none>
controlplane $
controlplane $ cat csr.yaml
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZEQ0NBVHdDQVFBd0R6RU5NQXNHQTFVRUF3d0VhbTlvYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQU1aQlUxcmpYMEpCbXROQi93dURYTGpuMC9RWVRZM3RIVG9OaXZESXEvcFZMWDFmCmZoZHVJOVVGUGNRNk5ycWRUWjlKckE4RkYvR2F4VCtsbmxSYU9DNEJBTkt3SWdQMWlkRkE4eVRxMFFkU05SeFgKWWhZUUxzbzRRd1QwWEZOOEw4MlNWYjNwc3d0RXZXQ0pTUE9leDJ1TUdmM2w4ZU9CbzhtYnBQbnBLbmloWlJ5QgpqVGtkZG1PWkJzMFFRejA1MUVZTUdsNG5NV25yZGt0S2JSNDJ6TFZLTWxhNWhtK3lOQUNTcUswSDNSNk9uVzU1ClMyVnVVNFhYaTN4Z3o3WXFiRkptNGg0NzJEQStvdGxsWUMxdEgzUWJPZFVQQlBFQ21JRUdpdDZCRkl6Qnh0MnMKTjE3QXFHdlA4ZHI1cGY5c3pNNGY0cHRwVDJnY0RHZndTclAxZnAwQ0F3RUFBYUFBTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQVJ6T3FJZ0kzTWRUREJEVDVudmhmMWNnNjFwcW1pUDVTSW9zUlA2V2tJK0hRM21PdnJ6cW5rClI3aHBjTERLQVdNelJQL1hhSDdoQWxuMUxhTUY5U0J2Q0s1aHVpbUgyc0tib25qOGN4cDJ5MXlsSTlQS1JRWlcKYTFKaTF5TWs2NlkzZW0xN1JZOEI1YzVKZ3dtb2VVaTZHSjRsd2paa0YvVFlqd1diUW85M3kvVVUvWFN2ZjdwWApIR1U3RXRSeFZrLzdpVGx2K3JKY0o3aVl6RU15ZkVjRThaa2dZTUN4VmNvR1AwRTJuaExYMk1EQ0pWajFIR1FCCjRXbURmbnoySVFOOTMxOUsreVN4WXVQcnk0RWdSWWgvSmxhbGRHRGVMVWU3RGRIeHRnUVZCTmtPQVA4R2xSNHgKdEhyUkRQYjRML2h5UkExRk40aCs3TTJUSWdGMTRLaEgKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
signerName: http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving
usages:
- client auth
controlplane $

Narendra Singh:
@Gurudutt Dongre try putting the base64 encoded text in the same line with request:
Also make sure to remove the new line from the base64 encoded text. Use following command:

cat <filename>.csr | base64 | tr -d '\n'

Malayamanas Panda:
cat filename. csr | base64 -w 0

Gurudutt Dongre:
@Narendra Singh - value for ‘request’ is in single line and is base64 encoded. It was strange. I used the same method in my first attempt and this question was a success. I failed to complete it in the second try using the same mthod.

Kaustubh Oak:
https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user

Hey, I believe you should use a different signer, try signerName: kubernetes.io/kube-apiserver-client
Look at the docs here: Certificates and Certificate Signing Requests | Kubernetes