Question

Error when approving certificate following Recommended steps to Secure Kubernetes cluster

Posted May 2, 2021 313 views
KubernetesDigitalOcean Managed Kubernetes

I was following the guide Recommended Steps to Secure a DigitalOcean Kubernetes Cluster and at the approving step I’m receiving a not found response and an error

error: no kind "CertificateSigningRequest" 
is registered for version "certificates.k8s.io/v1" 
in scheme "k8s.io/kubernetes/pkg/kubectl/scheme/scheme.go:28"

I did create a private certificate using openssl and then a certificate signing request configuration with CN set to user, the username I want to allow access.

Then I created the certificate signing request by using api v1 as in Kubernetes Certificate Signing Requests documentation

apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: user
spec:
  groups:
  - system:authenticated
  request: L...=
  signerName: kubernetes.io/kube-apiserver-client
  usages:
  - client auth

I saved this file as user.yml and applied to the cluster using the kubeconfig downloaded from the admin panel.

kubectl apply -f ./user.yml

kubectl get csr

The pending CSR lists the one I added

NAME      AGE   SIGNERNAME                         REQUESTOR  CONDITION
user   62m   kubernetes.io/kube-apiserver-client   DO-email   Pending

But when I want to approve it I get back the error

kubectl certificate approve user

No resources found
error: no kind "CertificateSigningRequest" is registered for version "certificates.k8s.io/v1" in scheme "k8s.io/kubernetes/pkg/kubectl/scheme/scheme.go:28"

Any idea?

Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!