So I've gone through the process of generating an RSA key, creating the YAML for a CSR, using kubectl to create a CSR in Minikube, approved the certificate.
However, when I try to download the certificate using kubectl get csr my-csr -o jsonpath='{.status.certificate}'
I'm getting an empty result.
When I do a kubectl get csr my-csr -o yaml
to get more information, this is what I see:
status:
conditions:
- lastUpdateTime: "2020-01-17T20:17:20Z"
message: This CSR was approved by kubectl certificate approve.
reason: KubectlApprove
type: Approved
I'm expecting a certificate attribute with a base64 encoded string to which I will decode to obtain the certificate for client certificate validation. Can someone please tell me what I'm doing wrong?
For more context, I'm trying to follow the instructions in this tutorial
I got similar problem. When I check with the following command:
kubectl get svc
It seems that the status of the csr is approved, but not issued. Any idea how to fix it?
[Updated] I found the problem. It is because the kube-controller-manager missed these options:
--cluster-signing-cert-file and --cluster-signing-key-file
Since CSR is not namespace specific, the command looks fine. I did the same to get the certificate, check you provide the proper csr name properly.
Secondly, if you didn't provide the name, and try to get all csr detail, you need change the key structure with additional .items[*]
kubectl get csr -o jsonpath='{.items[*].status.certificate}'
I have the feeling, you missed the csr name my-csr
or the name is not really matched the search (typo?). Double check it.