Sameer Pansari:
root@controlplane:~/CKA# kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
john-developer 3m10s http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving kubernetes-admin Approved,Failed (any issues with signer name , its approved but failed not issued ??)
unnivkn:
please run this piece of code as it is. Its mostly due to the request:
unnivkn:
cat <<EOF | kubectl apply -f -
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
groups:
- system:authenticated
request: $(cat john.csr | base64 | tr -d ā\nā)
signerName: http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client
usages: - client auth
EOF
Sameer Pansari:
from the above -> request = actual value , but why we need groups , can we get the reference link from kubernetes docs