kubernetes webhooks kubectl kubernetes-pod

Kubernetes certificate always disappear after few hours

I am new to kubernetes. I created a certificate in kubernetes for my validation webhook. After approving the certificate, and checking if it is still there after few hours, by running

kubectl -n mynamespace get csr

However, it shows no resources found in the namespace. But if the certificate is newly created and run the same command above it shows the certificate.

Is this an expected behavior? where does the certificate go?

Please help. :(

Solution

This is an expected behavior for security reasons. You should download the certificate using below command and keep it safe.

kubectl get csr my-svc.my-namespace -o jsonpath='{.status.certificate}' \
    | base64 --decode > server.crt

https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/#download-the-certificate-and-use-it

Single Container Pod yaml
How is a service connected to a pod? In yaml, what fields need to match between service and pod?
Helm's v3 Example Doesn't Show Multi-line Properties. Get YAML to JSON parse error
Kubectl command to list pods of a deployment in Kubernetes
Kubernetes: list all pods and its nodes
how to uninstall minikube from ubuntu, i get an 'Unable to load cached images' error
Failed to start minikube with virtualbox driver on ubuntu 20.04
Using Minikube: deployed SQL Server 2022, but it's not reachable on host machine using ssms
Kubernetes Application with multiple Resources single YAML
Nat Gateway Profile for AKS using terraform
kubectl logs - continuously
How do i update helm repo to the latest version
0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims
Is there a name or standard for the YAML format used to describe kubernetes resources?
Kubernetes Persisten Volumes
Kubernetes Authentication no re-create token
.NET 8 app in Rancher only listening on http port
Issue injecting helm value on configmap
Which rights are missing? Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy
is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes
How can I get pods by label, using the python kubernetes api?
Failed calling webhook "namespace.sidecar-injector.istio.io"
How to Hard Limit Of Storage Usage
Delete Kubernetes namespace with delay
Redis Sentinel doesn't auto discover new slave instances
Azure pipelines: abstract away parameters
difference between spark.kubernetes.driver.request.cores, spark.kubernetes.driver.limit.cores and spark.driver.cores
Debezium KafkaConnect, kafka_connect_run.sh No such file or directory
Unable to access my minikube cluster from the browser (❗ Because you are using a Docker driver on windows, the terminal needs to be open to run it.)
What is the difference between Istio VirtualService and Kubernetes Service?