For CKA Mock Exam 2 Question 6, I'm trying to create a CSR but I am unable to do . . .

kodekloud · October 18, 2021, 6:48am

Sreeram Meka:
For CKA Mock Exam 2 Question 6, I’m trying to create a CSR but I am unable to do so. Does anyone why this is occurring, I’m creating it as specified in the KodeKloud mock exam solutions. Here’s the error:

root@controlplane:~# kubectl create -f johncsr.yaml 
Error from server (BadRequest): error when creating "johncsr.yaml": CertificateSigningRequest in version "v1" cannot be handled as a CertificateSigningRequest: v1.CertificateSigningRequest.Spec: v1.CertificateSigningRequestSpec.Usages: []v1.KeyUsage: SignerName: Request: decode base64: illegal base64 data at input byte 0, error found in #10 byte of ...|-d '\\n')","signerNa|..., bigger context ...|"$(cat /root/CKA/john.csr | base64 | tr -d '\\n')","signerName":"<http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving>","usa|...

The CSR yaml is below:

root@controlplane:~# cat johncsr.yaml 
apiVersion: <http://certificates.k8s.io/v1|certificates.k8s.io/v1>
kind: CertificateSigningRequest
metadata:
  name: john-developer
spec:
  request: $(cat /root/CKA/john.csr | base64 | tr -d '\n')
  signerName: <http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving>
  usages:
  - digital signature
  - key encipherment
  - server auth

kodekloud · October 18, 2021, 6:48am

Sreeram Meka:
@Sergei Diachenko @Tharanath

kodekloud · October 18, 2021, 6:48am

Sreeram Meka:
This looks a issue on Kodekloud side or with the APIs

kodekloud · October 18, 2021, 6:48am

Sergei Diachenko:
@Sreeram Meka you cannot use bash command in request field. base64 data is expected here.
You can invoke cat /root/CKA/john.csr | base64 | tr -d '\n' separately and paste the result to request field of your yaml

kodekloud · October 18, 2021, 6:48am

Sreeram Meka:
@Sergei Diachenko It is present in K8 official docs; https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/

kodekloud · October 18, 2021, 6:48am

Sergei Diachenko:

cat &lt;&lt;EOF | kubectl apply -f -
apiVersion: <http://certificates.k8s.io/v1|certificates.k8s.io/v1>
kind: CertificateSigningRequest
metadata:
  name: my-svc.my-namespace
spec:
  request: $(cat server.csr | base64 | tr -d '\n')
  signerName: <http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving>
  usages:
  - digital signature
  - key encipherment
  - server auth
EOF

In this example bash command will be invoked before it sends to kuberenetes. It’s not the same as save this defenition in the yaml file.

kodekloud · October 18, 2021, 6:48am

Sergei Diachenko:
Try to run in this way:

cat &lt;&lt;EOF | cat -
apiVersion: <http://certificates.k8s.io/v1|certificates.k8s.io/v1>
kind: CertificateSigningRequest
metadata:
  name: my-svc.my-namespace
spec:
  request: $(cat server.csr | base64 | tr -d '\n')
  signerName: <http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving>
  usages:
  - digital signature
  - key encipherment
  - server auth
EOF

And you can see what really send to kubernetes

kodekloud · October 18, 2021, 6:48am

Sergei Diachenko:
In conclusion, you can create CSR as in example with

cat &lt;&lt;EOF...

but without creating file.
If you create yaml file and apply it, it cannot contain bash command in the request field.

kodekloud · October 18, 2021, 6:48am

Sreeram Meka:
Thanks @Sergei Diachenko