K
Q

How can I do this to approve a CSR in the Denied state?

9/13/2018

View node status:kubectl get csr

[root@kube1 ~]# kubectl get csr
NAME                                                   AGE    REQUESTOR                 CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c   150m   system:bootstrap:gn5vla   Pending
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg   150m   system:bootstrap:xay6t6   Pending
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ   150m   system:bootstrap:v1g4p2   Pending

Perform a refusal:

kubectl get csr | grep Pending| awk '{print $1}' | xargs kubectl certificate deny

View node status again:kubectl get csr

[root@kube1 ~]# kubectl get csr
NAME                                                   AGE    REQUESTOR                 CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c   150m   system:bootstrap:gn5vla   Denied
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg   150m   system:bootstrap:xay6t6   Denied
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ   150m   system:bootstrap:v1g4p2   Denied

How can I do this to approve a CSR in the Denied state?

-- jingfeng Wang
csr
kubelet
kubernetes

Similar Questions

Adding Custom Header to Logout in Icecast
Permission denied while deploying/activating docker image in Rancher-Kubernetes
Configuring RStudio Server service for nginx-ingress in GKE
eks error : certificate-authority-data and certificate-authority are both specified for kubernetes
How to handle concurrent transactions from multiple pods in kubernetes
Installing Jenkins onminikube shows Failed to pull image "jenkins/jenkins:2.303.3-jdk11"
Traefik Kubernetes 301 Redirect

1 Answer

9/13/2018

Short answer, you can't. Once you deny a CSR you need issue a new CSR and approve it if you want to. You can delete denied CSRs if you don't want to see them there with:

 kubectl delete csr <csr-name>
-- Rico
Source: StackOverflow