Pankaj Arora:
In Practice Test - Certificates API, under security section, even after creating CSR from answer file getting its condition as approved and failed. May I know what is the meaning of failed and what can be the issue here ?
unnivkn:
just run this piece of code
unnivkn:
cat <<EOF | kubectl apply -f -
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: akshay
spec:
groups:
- system:authenticated
request: $(cat akshay.csr | base64 | tr -d “\n”)
signerName: http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client
usages: - client auth
EOF
1 Like
Jeff McLamb:
I got the same. I think it was maybe because I used the wrong signerName when copied from the k8s docs site? It does not cause the checks to fail though…
Jeff McLamb:
For a user CSR it makes sense that the signer would be kube-apiserver…