Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot Create CSR. #2418

Closed
mykidong opened this issue Aug 21, 2020 · 3 comments · Fixed by #2421
Closed

Cannot Create CSR. #2418

mykidong opened this issue Aug 21, 2020 · 3 comments · Fixed by #2421
Assignees
@rohanKanojia
Labels
bug component/kubernetes-model Deals with the kubernetes-model

Comments

@mykidong
Copy link

mykidong commented Aug 21, 2020
edited

I wanted to create a CSR, but I got errors.
I am using fabric8 k8s client 4.10.3.

CSR manifest k8s-csr.yaml looks like this:

apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
  name: kidong-data-engineer-k8s-csr
spec:
  groups:
    - system:authenticated
  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRWJqQ0NBbFlDQVFBd0tURVBNQTBHQTFVRUF3d0dhMmxrYjI1bk1SWXdGQVlEVlFRS0RBMWtZWFJoTFdWdQpaMmx1WldWeU1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBc2dVZXl0S0F6ZDkyClN1S2pZL1RqbmRsZ0lkSFVVYWFxbHJIVW1nbTloKzY2RTJCNGs0TSt6Q0tOQmovemlMdWV6NFNUeHJ6SFk3RlUKNGUxWElBU3lMS0dmRGNPaks5NThURThwcXBRM21VdlpWMmxnK25BTVF5dlZUYWdZSmFId2JWUzVlNHgvRmpKcQoxTWpQZ1VoSGFXeEdIYTQrQnZYQU9Kdk5BdnV4alpZaVJET251dGxHVzloQkRKRlhoUk5jOGFKNnFiZWVBWnNiCmozWUFMaUcydWp1VmhoTUVRNEJxdFVHVGZCMzBQNGhRK2t2bWVKc2ZUU3Vsb2xiWFdIdVZGWnh1d0FJek5RbmQKMTd4VHd2cU04OGZFb3ZJazBJV0ZCWTk2aHRvaUVNdThZUms4SEZ6QkJralhsZGlkbVNNSHkwK0plcFRONmdQTQpEYVVsd1cxS0lCcW9TbnZNcjY4cFRVWEVhZVRjc040anMxTUIwK3FwR0JBS1puWWVxM0JmMkxVVFBNaG1VZ2VVCmFUTFlqODI2WVorZjJrOWJ1cngwK1NOSmVZbWoxVTl0N3A2YWM0dDIzZHVYQ1BzYkNrUFNKeGtrU3dudUlVVzkKdmJVVGtJNGtVMlFVMnE0NzRaMW1uMlkvejF2TEdQdEpsTDFYUVFVNEdsb2hrQkVkM1BsUTRtOGU1WGZSRkV6ZgpYZnhMRXFRczFTeEg1ekhjcnVaOWxJdnBkeEw5Tkc5WlR6M0tmT0tIbCtSUzdxMGdKaExac0RubUJKNXZab3p4CldXci9IRW9PamFYbGh0VitDN3M4TUg5Y0lKZENZNnpjcFVrZis1NmZ0Z1FuN0YrT1RYdDI0UVJQYWNFZnRFOTkKVERPb2luTGtOMm1kckxiMTgxQUZNUWJ0bTFLc1k2MENBd0VBQWFBQU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQwpBUUNQYU1WdDd4YWhkZlF1L1BySFVTTW5LK2I0SlJScEdEYlpWUXk4aUtkSmdHM0VrYnNBZ21qQmN4Q1IvL2t1CkVhU0plSGNWK20xVlFUTEp1ZFU3ZHFUeFBLOVFCNlB2aHlBbCttNnFaQkt1Q25VM1BKc2k5azBYSE5GWXBqRmYKVFNwTlpJSnRuanVEQWVtT05kcjJYMm1rODZmSmpWTEUvYnA1KzM5dFBkN0xjL3dZR2JoRU0xcExtUGpQK0Z6eQpzZnBiYW5PcmZFSG5NMmlsRFpGZURVSEpYL3F5Ykt1RC9BRmdoZk1Ua0x3ODNLNkNRdCtDQm05djRCeEtCS2xqCkdBWEQyUEhUTWlzektUbGpBM3czYUphanZzU0FwQXFCWnFocjB3QzdOb1dYM1h6S0p3ck9MaWVxemo3SXlpUGEKTEI5SmJveFpOQTdBSU5ucEdsa1hDZlRGT2RManZtQkVRQXV5Ym9wLzdqV2RiSzJHRkZKS2UwdlVlbWNUeGdHVwp5c0ZyV2pqMUlvdVBVNFZ6ck82QVBVQnZCZUFtdU1Bbm9yVng5emc4akhlT1pkd2RWdFRnOUwrK0VnWjlxK0htCjVtUlJGVHlZOWo4WVVvd2J6TzRlRUZnaVN0di84T1p0YmtOeDFROWFQWHJ3VUV1Q1I0SUthWG0wNlJUYXJOYXUKTWFsbk5oZm9WYi9Bc1R5d1ArNlc1dGErcTBpckR5cnVkZk5pRkFWbkRMZEU5a2hWZzVrU0lPRzhYbEZUMklwSQpkdVNpcUl0NlNUTlY3UmdaRzBGTFN5akxoc3laWnY2bitpUzl3Ky9OOFpoUzgvalViUUVidG1VTnNJU3Z5WS9JCmZqcHNZQUdleExvVW5mN2pDaUhkbTVhSnJ5SU1kdmZ2akJsMDhIVk5nWG1McVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K
  usages:
    - client auth

And I wrote some codes to create csr with reading external above csr manifest:

// create namespace.
Namespace newNs = adminClient.namespaces().createOrReplaceWithNew()
                .withNewMetadata()
                .withName("csr-test-data-engineer-cluster-local")
                .addToLabels("name", namespace)
                .endMetadata()
                .done();

// namespace creation is ok!

// Here, I got errors!
client.load(...)).inNamespace("csr-test-data-engineer-cluster-local").createOrReplace();

I got the following errors:

io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://10.0.4.5:6443/apis/certificates.k8s.io/v1beta1/namespaces/csr-test-data-engineer-cluster-local/certificatesigningrequests. Message: the server could not find the requested resource. Received status: Status(apiVersion=v1, code=404, details=StatusDetails(causes=[], group=null, kind=null, name=null, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=the server could not find the requested resource, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=NotFound, status=Failure, additionalProperties={}).
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:589)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:528)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:492)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:451)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate(OperationSupport.java:252)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate(BaseOperation.java:844)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:341)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:79)
        at io.fabric8.kubernetes.client.handlers.certificates.v1beta1.CertificateSigningRequestHandler.create(CertificateSigningRequestHandler.java:39)
        at io.fabric8.kubernetes.client.handlers.certificates.v1beta1.CertificateSigningRequestHandler.create(CertificateSigningRequestHandler.java:25)
        at io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.createOrReplace(NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.java:268)
        at io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.createOrReplace(NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.java:66)
        at io.spongebob.kubernetes.user.CreateCsr.csr(CreateCsr.java:87)

I have tried creating csr in the above manifest file with kubectl like this:

kubectl apply -f k8s-csr.yaml;

kubectl get csr;

With kubectl, there is no problem to create csr.

Any idea how to create CSR using fabric8 client?
@rohanKanojia
Copy link
Member

Which version of client are you using?

@rohanKanojia
Copy link
Member

oh, okay. It's on 4.10.3. Will try to reproduce

@rohanKanojia
Copy link
Member

Isn't CertificateSigningRequest a cluster scoped resource? I think this is a bug in fabric8 kubernetes model which is considering it as a namespaced resource. We need to add CertificateSigningRequest here so that it won't implement Namespaced interface and regenerate model for kubernetes-model-generator/kubernetes-model-certificates/:

kubernetes-client/kubernetes-model-generator/pkg/schemagen/generate.go

Lines 565 to 580 in 71772d3

case "MutatingWebhookConfiguration",
"ValidatingWebhookConfiguration",
"CustomResourceDefinition",
"ComponentStatus",
"Namespace",
"Node",
"PersistentVolume",
"PodSecurityPolicy",
"ClusterRoleBinding",
"ClusterRole",
"PriorityClass",
"StorageClass",
"APIService":
return Cluster
default:
return Namespaced

@rohanKanojia rohanKanojia added bug component/kubernetes-model Deals with the kubernetes-model labels Aug 21, 2020
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Aug 21, 2020
@rohanKanojia
Fix fabric8io#2418: CertificateSigningRequest doesn't implement Names…
c4d9630 
…paced

+ Add new resources in Cluster scope block in kubernetes model generator
+ Fix previous tests which were wrongly asserting Cluster Scoped resources as Namespaced resources
+ Add dsl entrypoint client.certificateSigningRequests() for dealing with CertificateSigningRequests
@rohanKanojia rohanKanojia mentioned this issue Aug 21, 2020
Merged
11 tasks
rohanKanojia added a commit to rohanKanojia/kubernetes-client that referenced this issue Aug 21, 2020
@rohanKanojia
Fix fabric8io#2418: CertificateSigningRequest doesn't implement Names…
a84ef12 
…paced

+ Add new resources in Cluster scope block in kubernetes model generator
+ Fix previous tests which were wrongly asserting Cluster Scoped resources as Namespaced resources
+ Add dsl entrypoint client.certificateSigningRequests() for dealing with CertificateSigningRequests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rohanKanojia rohanKanojia

Labels
bug component/kubernetes-model Deals with the kubernetes-model
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #2418: CertificateSigningRequest doesn't implement Namespaced rohanKanojia/kubernetes-client
2 participants
@mykidong @rohanKanojia