Hello, I have a question regarding ex.6 of the Mock exam 2 in the CKA course.
I created the user via
openssl x509 -req -in /root/CKA/john.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out john.crt -days 500
Then I created the role and the binding.
When I try the kubectl auth can-i command it seems I can only get, list, etc… on pod in the development namespace, the rest does not work - This is as per the exercise description.
I thought this procedure was was correct, but when I went for the evaluation the exercise was marked as wrong.
In the solution I see that a csr in yaml format must be created.
Is this (csr yaml) really necessary or can I proceed with my way above (user with certs, role, binding)?
Which is the value of variable “spec.request” exactly, how is it retrieved? I looked at the /root/CKA/john.key and /root/CKA/john.csr and they are not the same.
Thank you