DigitalOcean

Report this

What is the reason for this report?
Question

Error when approving certificate following Recommended steps to Secure Kubernetes cluster

Posted on May 2, 2021
DigitalOcean Managed Kubernetes
Kubernetes
AlessioDo

By AlessioDo

I was following the guide Recommended Steps to Secure a DigitalOcean Kubernetes Cluster and at the approving step I’m receiving a not found response and an error

error: no kind "CertificateSigningRequest" 
is registered for version "certificates.k8s.io/v1" 
in scheme "k8s.io/kubernetes/pkg/kubectl/scheme/scheme.go:28"

I did create a private certificate using openssl and then a certificate signing request configuration with CN set to user, the username I want to allow access.

Then I created the certificate signing request by using api v1 as in Kubernetes Certificate Signing Requests documentation

apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: user
spec:
  groups:
  - system:authenticated
  request: L...=
  signerName: kubernetes.io/kube-apiserver-client
  usages:
  - client auth

I saved this file as user.yml and applied to the cluster using the kubeconfig downloaded from the admin panel.

kubectl apply -f ./user.yml

kubectl get csr

The pending CSR lists the one I added

NAME      AGE   SIGNERNAME                         REQUESTOR  CONDITION
user   62m   kubernetes.io/kube-apiserver-client   DO-email   Pending

But when I want to approve it I get back the error

kubectl certificate approve user

No resources found
error: no kind "CertificateSigningRequest" is registered for version "certificates.k8s.io/v1" in scheme "k8s.io/kubernetes/pkg/kubectl/scheme/scheme.go:28"

Any idea?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
October 31, 2023

Heya,

I know it’s been quite a while since the question was originally posted, but I would like to post an answer in case someone runs into it now in 2023.

The error you’re encountering suggests that Kubernetes is unable to recognize the CertificateSigningRequest resource with the version certificates.k8s.io/v1. This usually happens because the Kubernetes cluster doesn’t have the necessary resources registered or the API version you’re using is not supported.

Here are some steps to troubleshoot and resolve the problem:

  1. Check your Kubernetes version: Make sure you are using a Kubernetes version that supports the certificates.k8s.io/v1 API version. You can check your cluster’s version by running:
  1. kubectl version

If you are using an older version of Kubernetes, you may need to update your cluster to a newer version that supports certificates.k8s.io/v1.

  1. Check the available API versions: List the available API versions for CertificateSigningRequest using the following command:
  1. kubectl api-versions | grep certificates

This will show you which API versions are available in your cluster. Ensure that certificates.k8s.io/v1 is listed.

  1. Use the correct API version: Modify your user.yml file to use the correct API version. If your cluster supports certificates.k8s.io/v1beta1, update the apiVersion in your YAML file

  2. Apply the updated YAML file: After making the necessary changes, apply the updated YAML file to create the CertificateSigningRequest:

  1. kubectl apply -f ./user.yml
  1. Approve the CertificateSigningRequest: Once the resource is created with the correct API version, you should be able to approve it using:
  1. kubectl certificate approve user

If your Kubernetes version has been updated and the API version has changed, be sure to use the appropriate API version in your YAML files. Always refer to the documentation for your specific Kubernetes version to ensure you’re using the correct API versions and resource definitions.

Hope that this helps!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Start building today

From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.

© 2026 DigitalOcean, LLC.Sitemap.
Dark mode is coming soon.