Hi all, I am creating the csr yaml file as below: apiVersion: <http://certifica . . .

Tanuja SM:
Hi all, I am creating the csr yaml file as below:

apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: testuser
spec:
request:
<encoded request>
signerName: http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client
usages:

  • “client auth”

But while create creating the csr it is throwing me the below error:

[[email protected] ~]# kubectl create -f testuser-csr.yaml
error: error parsing testuser-csr.yaml: error converting YAML to JSON: yaml: line 8: could not find expected ‘:’

can anyone help whats wrong I am doing here? i checked the indention it looks fine for me

unnivkn:

image.png

unnivkn:
please try this: just run the below piece of code

unnivkn:
cat <<EOF | kubectl apply -f -
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: testuser
spec:
groups:

Tanuja SM:
it worked

Tanuja SM:
thank you

Tanuja SM:
but still i dont understand whats wrong

Tanuja SM:
spec:
groups:

  • system:authenticated // whats wrong in the group ??

Tanuja SM:
i retrived the csr created to yaml file. And there it was mentioned like this :

spec:
groups:

  • system:masters
  • system:authenticated
    so this additional group is mandatory ??

unnivkn:
yes… what it is coming once you created is needed. while you create csr, behind the screen k8s is adding some default configuration to it.

unnivkn:
@Tanuja SM In your code you missed the group, looks like that is the issue.

Tanuja SM:
okay sure thank you

unnivkn:
I think group is not mandatory. It may add automatically once you create csr. see the below code from doc. The request: part you pasted may be the issue. not sure though. I suggest this [request: $(cat testuser.csr | base64 | tr -d “\n”)] to avoid any code issue.

Tanuja SM:
exactly the request part is problem here

Tanuja SM:
because the request is string… it should be in one line