CSR Mock-exam2 Q6

cambell79 · May 11, 2022, 2:04pm

Can someone please help me understand why the following fields were added to this CSR definition file:

digital signature
key encipherment
groups: - system:authenticated
The documentation only has - client auth, as usage.
The question also doesn’t mention anything about groups

apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
signerName: kubernetes.io/kube-apiserver-client
request:
usages:

digital signature
key encipherment
client auth
groups: - system:authenticated

Tej-Singh-Rana · May 21, 2022, 7:47pm

Hi @cambell79 ,

Yeah, even if we don’t specify the “groups” field in the CSR manifest file then the API server will automatically add that groups field and its values on creation.

I will update the solution accordingly.

Regards,
KodeKloud Support