1KUBERNETES(1)                      Jan 2015                      KUBERNETES(1)
2
3
4

NAME

6       kubectl certificate approve - Approve a certificate signing request
7
8
9

SYNOPSIS

11       kubectl certificate approve [OPTIONS]
12
13
14

DESCRIPTION

16       Approve a certificate signing request.
17
18
19       kubectl  certificate  approve  allows a cluster admin to approve a cer‐
20       tificate signing request (CSR). This action tells a certificate signing
21       controller  to issue a certificate to the requestor with the attributes
22       requested in the CSR.
23
24
25       SECURITY NOTICE: Depending on the requested attributes, the issued cer‐
26       tificate  can potentially grant a requester access to cluster resources
27       or to authenticate as a requested identity.  Before  approving  a  CSR,
28       ensure you understand what the signed certificate can do.
29
30
31

OPTIONS

33       --allow-missing-template-keys=true
34           If  true, ignore any errors in templates when a field or map key is
35       missing in the template. Only applies to  golang  and  jsonpath  output
36       formats.
37
38
39       -f, --filename=[]
40           Filename,  directory,  or  URL to files identifying the resource to
41       update
42
43
44       --force=false
45           Update the CSR even if it is already approved.
46
47
48       -o, --output=""
49           Output format. One of:  json|yaml|name|template|go-template|go-tem‐
50       plate-file|templatefile|jsonpath|jsonpath-file.
51
52
53       -R, --recursive=false
54           Process  the  directory  used in -f, --filename recursively. Useful
55       when you want to manage related manifests  organized  within  the  same
56       directory.
57
58
59       --template=""
60           Template  string  or  path  to template file to use when -o=go-tem‐
61       plate, -o=go-template-file. The template format is golang  templates  [
62       ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
63
64
65

OPTIONS INHERITED FROM PARENT COMMANDS

67       --allow-verification-with-non-compliant-keys=false
68           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
69       non-compliant with RFC6962.
70
71
72       --alsologtostderr=false
73           log to standard error as well as files
74
75
76       --application-metrics-count-limit=100
77           Max number of application metrics to store (per container)
78
79
80       --as=""
81           Username to impersonate for the operation
82
83
84       --as-group=[]
85           Group to impersonate for the operation, this flag can  be  repeated
86       to specify multiple groups.
87
88
89       --azure-container-registry-config=""
90           Path  to the file containing Azure container registry configuration
91       information.
92
93
94       --boot-id-file="/proc/sys/kernel/random/boot_id"
95           Comma-separated list of files to check for boot-id. Use  the  first
96       one that exists.
97
98
99       --cache-dir="/builddir/.kube/http-cache"
100           Default HTTP cache directory
101
102
103       --certificate-authority=""
104           Path to a cert file for the certificate authority
105
106
107       --client-certificate=""
108           Path to a client certificate file for TLS
109
110
111       --client-key=""
112           Path to a client key file for TLS
113
114
115       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
116           CIDRs opened in GCE firewall for LB traffic proxy  health checks
117
118
119       --cluster=""
120           The name of the kubeconfig cluster to use
121
122
123       --container-hints="/etc/cadvisor/container_hints.json"
124           location of the container hints file
125
126
127       --containerd="unix:///var/run/containerd.sock"
128           containerd endpoint
129
130
131       --context=""
132           The name of the kubeconfig context to use
133
134
135       --default-not-ready-toleration-seconds=300
136           Indicates   the   tolerationSeconds   of   the    toleration    for
137       notReady:NoExecute  that is added by default to every pod that does not
138       already have such a toleration.
139
140
141       --default-unreachable-toleration-seconds=300
142           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
143       able:NoExecute  that  is  added  by  default to every pod that does not
144       already have such a toleration.
145
146
147       --docker="unix:///var/run/docker.sock"
148           docker endpoint
149
150
151       --docker-env-metadata-whitelist=""
152           a comma-separated list of environment variable keys that  needs  to
153       be collected for docker containers
154
155
156       --docker-only=false
157           Only report docker containers in addition to root stats
158
159
160       --docker-root="/var/lib/docker"
161           DEPRECATED:  docker  root is read from docker info (this is a fall‐
162       back, default: /var/lib/docker)
163
164
165       --docker-tls=false
166           use TLS to connect to docker
167
168
169       --docker-tls-ca="ca.pem"
170           path to trusted CA
171
172
173       --docker-tls-cert="cert.pem"
174           path to client certificate
175
176
177       --docker-tls-key="key.pem"
178           path to private key
179
180
181       --enable-load-reader=false
182           Whether to enable cpu load reader
183
184
185       --event-storage-age-limit="default=0"
186           Max length of time for which to store events (per type). Value is a
187       comma  separated  list  of  key  values, where the keys are event types
188       (e.g.: creation, oom) or "default" and the value is a duration. Default
189       is applied to all non-specified event types
190
191
192       --event-storage-event-limit="default=0"
193           Max  number  of  events to store (per type). Value is a comma sepa‐
194       rated list of key values, where the keys are event  types  (e.g.:  cre‐
195       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
196       applied to all non-specified event types
197
198
199       --global-housekeeping-interval=1m0s
200           Interval between global housekeepings
201
202
203       --google-json-key=""
204           The Google Cloud Platform Service  Account  JSON  Key  to  use  for
205       authentication.
206
207
208       --housekeeping-interval=10s
209           Interval between container housekeepings
210
211
212       --insecure-skip-tls-verify=false
213           If true, the server's certificate will not be checked for validity.
214       This will make your HTTPS connections insecure
215
216
217       --kubeconfig=""
218           Path to the kubeconfig file to use for CLI requests.
219
220
221       --log-backtrace-at=:0
222           when logging hits line file:N, emit a stack trace
223
224
225       --log-cadvisor-usage=false
226           Whether to log the usage of the cAdvisor container
227
228
229       --log-dir=""
230           If non-empty, write log files in this directory
231
232
233       --log-flush-frequency=5s
234           Maximum number of seconds between log flushes
235
236
237       --logtostderr=true
238           log to standard error instead of files
239
240
241       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
242           Comma-separated list of files to  check  for  machine-id.  Use  the
243       first one that exists.
244
245
246       --match-server-version=false
247           Require server version to match client version
248
249
250       --mesos-agent="127.0.0.1:5051"
251           Mesos agent address
252
253
254       --mesos-agent-timeout=10s
255           Mesos agent timeout
256
257
258       -n, --namespace=""
259           If present, the namespace scope for this CLI request
260
261
262       --request-timeout="0"
263           The  length  of  time  to  wait before giving up on a single server
264       request. Non-zero values should contain a corresponding time unit (e.g.
265       1s, 2m, 3h). A value of zero means don't timeout requests.
266
267
268       -s, --server=""
269           The address and port of the Kubernetes API server
270
271
272       --stderrthreshold=2
273           logs at or above this threshold go to stderr
274
275
276       --storage-driver-buffer-duration=1m0s
277           Writes  in  the  storage driver will be buffered for this duration,
278       and committed to the non memory backends as a single transaction
279
280
281       --storage-driver-db="cadvisor"
282           database name
283
284
285       --storage-driver-host="localhost:8086"
286           database host:port
287
288
289       --storage-driver-password="root"
290           database password
291
292
293       --storage-driver-secure=false
294           use secure connection with database
295
296
297       --storage-driver-table="stats"
298           table name
299
300
301       --storage-driver-user="root"
302           database username
303
304
305       --token=""
306           Bearer token for authentication to the API server
307
308
309       --user=""
310           The name of the kubeconfig user to use
311
312
313       -v, --v=0
314           log level for V logs
315
316
317       --version=false
318           Print version information and quit
319
320
321       --vmodule=
322           comma-separated list of pattern=N settings for  file-filtered  log‐
323       ging
324
325
326

SEE ALSO

328       kubectl-certificate(1),
329
330
331

HISTORY

333       January  2015,  Originally compiled by Eric Paris (eparis at redhat dot
334       com) based on the kubernetes source material, but hopefully  they  have
335       been automatically generated since!
336
337
338
339Eric Paris                  kubernetes User Manuals              KUBERNETES(1)