V S Charan kumar Reddy Bakka:
@Tej_Singh_Rana @Mohamed Ayman,
In Mock2 Q6,PFB:
Create a new user called john
. Grant him access to the cluster. John should have permission to create, list, get, update and delete pods
in the development
namespace . The private key exists in the location: /root/CKA/john.key
and csr at /root/CKA/john.csr
After i create and Approve CSR, it goes to Approved, Failed Status…can you help me with this?
controlplane $ kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
john-developer 87s http://kubernetes.io/kube-apiserver-client-kubelet|kubernetes.io/kube-apiserver-client-kubelet kubernetes-admin Approved,Failed
-----------YAML USED for CSR---------
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
groups:
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZEQ0NBVHdDQVFBd0R6RU5NQXNHQTFVRUF3d0VhbTlvYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUsvSnlxNGg5cVNEcG4wVEJDdU1zc0w0MjN2MTUrbTRMVE8xbEVaRnV6aXgvaVZHCm5PQktWUGZTcmdxZ1dVeXhXMDNHTTA0cFV2dmF4eU5pV1F4ZDVmaFkyMzJrMWVPanhWV0Nuam5pWDhON284UHkKYXR5VHpYNWh0Nk1IbnJxeEwzbnIwS25zU0ZiaER2dDQ2NXJ2ZlR3NnpSaHBkNVR4ZDV6R2ZBT3RXdzhhWG9ZRQozRVpiY0xUR2IxS2w1SGs2Z2lCVGJweDVYaWhCS3JkbGNaU25HUVAwd3NiVDdnS2RWSjFvZWZkOExjTXNxRlFsCkRiMmluK3pLZUVvazRVVnp6aXMwVHJsK2xTMVNPU0RGcDRUWVJDdGVYWml1UUFUd2ZYK0hQc2xvNnEzZW9pMzUKMlo5WkR5YWV1aHNYb0dGOUhCSGp1OWdiQW1SaU9EL1lSMUFXZ1RFQ0F3RUFBYUFBTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmtCNTRWSjFxK2c5M09MNEhjMHdKRlplS254OXRpd1Q4ZmFsamgvZG0vTDRkMjNEUnYwazNXCitKb3hDbmpiZkNrOG5TTVc2aDNubUJETWQvNEpKUHZFeXZxMWhyV1JrNU5raUFzWjFWYTI3ditpOUhDcnlyUXgKSUxsK3ZHc3ZMc3V6anFzWWhMSU9VaVEyY2VtQ3RqeUo1VzZwUkpNbU5ZU1FuZUxEUk5BOFBzdFp3UFdSdEVGTwpobHlqUEJEMFh4L0FGSHZkanNiaHJYVVhxMHVyYnYyS3NSdk9Fem5SVW1vUG9RUlJIVXJxZ0tLQ2xsZjZvVHFzCm9Gbm1SWmszS09TMElMRFBVVUc4cDhSQjV3RGNaQ01ENms4WHB1cHViWmUrVVRrU2VPSThGT3BVcVQ2aktrU2kKcHNFVVR4ZzRuT0NPbVpIZVM5czRLUXVIUDFPeFBPVWEKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
signerName: http://kubernetes.io/kube-apiserver-client-kubelet|kubernetes.io/kube-apiserver-client-kubelet
usages: - digital signature
- key encipherment
- server auth