This is w.r.t mock test -2 CSR question not sure why the status is showing as *A . . .

Mark:
This is w.r.t mock test -2 CSR question not sure why the status is showing as Approved, Failed
I followed the steps correctly. I’ve seen similar case in chat history but no solution was provided.

john-developer 34m <http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving> kubernetes-admin Approved,Failed
apiVersion: <http://certificates.k8s.io/v1|certificates.k8s.io/v1>
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZqQ0NBVDRDQVFBd0VURVBNQTBHQTFVRUF3d0dZVzVuWld4aE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQTByczhJTHRHdTYxakx2dHhWTTJSVlRWMDNHWlJTWWw0dWluVWo4RElaWjBOCnR2MUZtRVFSd3VoaUZsOFEzcWl0Qm0wMUFSMkNJVXBGd2ZzSjZ4MXF3ckJzVkhZbGlBNVhwRVpZM3ExcGswSDQKM3Z3aGJlK1o2MVNrVHF5SVBYUUwrTWM5T1Nsbm0xb0R2N0NtSkZNMUlMRVI3QTVGZnZKOEdFRjJ6dHBoaUlFMwpub1dtdHNZb3JuT2wzc2lHQ2ZGZzR4Zmd4eW8ybmlneFNVekl1bXNnVm9PM2ttT0x1RVF6cXpkakJ3TFJXbWlECklmMXBMWnoyalVnald4UkhCM1gyWnVVV1d1T09PZnpXM01LaE8ybHEvZi9DdS8wYk83c0x0MCt3U2ZMSU91TFcKcW90blZtRmxMMytqTy82WDNDKzBERHk5aUtwbXJjVDBnWGZLemE1dHJRSURBUUFCb0FBd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBR05WdmVIOGR4ZzNvK21VeVRkbmFjVmQ1N24zSkExdnZEU1JWREkyQTZ1eXN3ZFp1L1BVCkkwZXpZWFV0RVNnSk1IRmQycVVNMjNuNVJsSXJ3R0xuUXFISUh5VStWWHhsdnZsRnpNOVpEWllSTmU3QlJvYXgKQVlEdUI5STZXT3FYbkFvczFqRmxNUG5NbFpqdU5kSGxpT1BjTU1oNndLaTZzZFhpVStHYTJ2RUVLY01jSVUyRgpvU2djUWdMYTk0aEpacGk3ZnNMdm1OQUxoT045UHdNMGM1dVJVejV4T0dGMUtCbWRSeEgvbUNOS2JKYjFRQm1HCkkwYitEUEdaTktXTU0xMzhIQXdoV0tkNjVoVHdYOWl4V3ZHMkh4TG1WQzg0L1BHT0tWQW9FNkpsYWFHdTlQVmkKdjlOSjVaZlZrcXdCd0hKbzZXdk9xVlA3SVFjZmg3d0drWm89Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo==
signerName: <http://kubernetes.io/kubelet-serving|kubernetes.io/kubelet-serving>
usages:
- digital signature
- key encipherment
- server auth
status:
conditions:
- lastTransitionTime: "2021-07-13T08:44:59Z"
lastUpdateTime: "2021-07-13T08:44:59Z"
message: This CSR was approved by kubectl certificate approve.
reason: KubectlApprove
status: "True"
type: Approved
- lastTransitionTime: "2021-07-13T08:44:59Z"
lastUpdateTime: "2021-07-13T08:44:59Z"
message: subject organization is not system:nodes
reason: SignerValidationFailure
status: "True"
type: Failed

unnivkn:
please run this piece of code:

unnivkn:
cat <<EOF | kubectl apply -f -
apiVersion: http://certificates.k8s.io/v1|certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
groups:

• system:authenticated
  request: $(cat john.csr | base64 | tr -d “\n”)
  signerName: http://kubernetes.io/kube-apiserver-client|kubernetes.io/kube-apiserver-client
  usages:
• client auth
  EOF

Mark:
https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#create-certificatesigningrequest