I recently upgraded an eks cluster from 1.18 to 1.21 in EKS. I had been using a CSR with apiVersion: certificates.k8s.io/v1beta1. This is deprecated from 1.19+, but still functional in 1.21. But will be removed in 1.22. I had been using signer kubernetes.io/legacy-unknown, which after issuing kubectl certificate approve would give a certificate under kubectl get csr my-csr -n my-namespace -o jsonpath='{.status.certificate}
I went on to update the apiVersion for the CSR to certificates.k8s.io/v1 and use signer kubernetes.io/kube-apiserver-client as per this documentation. Although I am getting the CSR approved, there is no certificate. Can someone point me in the right direction regarding this issue? Thanks.
EKS CSR Signer kubernetes.io/kube-apiserver-client no certificate
298 views Asked by MCR At
1
There are 1 answers
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in AMAZON-EKS
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- AWS EKS Fargate pod scheduling issue with Prometheus deployment
- EKS AMI kernel debug symbols
- How to add Addons to EKS with Pulumi
- Intermittent ec2ApiErrCount in EKS CNI Metrics Helper
- Implementing Multi-Tenant Access Restriction with Keycloak and Istio
- Any example to upgrade an aws eks cluster using github actions workflow on a self-hosted runner outside of cluster?
- How to set nodeSelector for controller for AWS EKS aws-ebs-csi-addon?
- Insight: Deprecated APIs removed in Kubernetes v1.29
- Multi attach error in AWS EKS deployment (rolling update)
- How to pass or allow spark-operator pod in eks to access AWS resources like S3
- Grpc.Core.RpcException: Status(StatusCode="PermissionDenied", Detail="Bad gRPC response. HTTP status code: 403")
- "413 Request Entity Too Large" when serving Angular web (client side) with Nginx
- Airflow `sensing task` queued but not run. What is the problem?
- Asynchronous dumping of requests received on FASTAPI using background tasks into a Kinesis Stream is increasing the response time drastically
Related Questions in CERTIFICATE-SIGNING-REQUEST
- How to find Sha1 fingerprint certification in flutter project in android studio #firebase #flutter #androidstudio
- Creating Self-signed Certificate Chain with openssl
- CreatePKCS10CSR soap message in c++
- Failed to install app in physical device through XCode 13.2.1
- webhook: tls: failed to find "CERTIFICATE" PEM block in certificate input after skipping PEM blocks of the following types: [CERTIFICATE REQUEST]
- EKS CSR Signer kubernetes.io/kube-apiserver-client no certificate
- Has one Apple Distribution certificate but its private key is not installed. Contact the creator of this certificate to get a copy of the private key
- kubectl : unable to recognize "csr.yaml": no matches for kind "CertificateSigningRequest" in version "certificates.k8s.io/v1"
- How does browser ensure that public key of CA is actually from that CA?
- Certificate pinning mobile apps
- How to Create Certificate Signing Request on Windows 10 For Apple
- Is there a way to decode CSR to String to get attributes?
- How do I use configure OpenSSL's policy to sign a certificate with multiple OUs?
- Generate key and CSR in IBM Cloud
- How to retrieve domains from CSR (Certificate Signing Request)?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
EKS does not have a kubernetes.io/kube-apiserver-client signer. Instead they manage users via AWS IAM. This is a custom and EKS specific way to handle users.
See: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html