Tanuja SM:
Hi all, I am creating the csr yaml file as below:
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: testuser
spec:
request:
<encoded request>
signerName: http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client
usages:
But while create creating the csr it is throwing me the below error:
[root@master ~]# kubectl create -f testuser-csr.yaml
error: error parsing testuser-csr.yaml: error converting YAML to JSON: yaml: line 8: could not find expected ‘:’
can anyone help whats wrong I am doing here? i checked the indention it looks fine for me
unnivkn:
please try this: just run the below piece of code
unnivkn:
cat <<EOF | kubectl apply -f -
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: testuser
spec:
groups:
Tanuja SM:
but still i dont understand whats wrong
Tanuja SM:
i retrived the csr created to yaml file. And there it was mentioned like this :
spec:
groups:
- system:masters
- system:authenticated
so this additional group is mandatory ??
unnivkn:
yes… what it is coming once you created is needed. while you create csr, behind the screen k8s is adding some default configuration to it.
unnivkn:
@Tanuja SM In your code you missed the group, looks like that is the issue.
Tanuja SM:
okay sure thank you
unnivkn:
I think group is not mandatory. It may add automatically once you create csr. see the below code from doc. The request: part you pasted may be the issue. not sure though. I suggest this [request: $(cat testuser.csr | base64 | tr -d “\n”)] to avoid any code issue.
Tanuja SM:
exactly the request part is problem here
Tanuja SM:
because the request is string… it should be in one line
