1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
6 kubectl certificate deny - Deny a certificate signing request
7
11 kubectl certificate deny [OPTIONS]
12
16 Deny a certificate signing request.
17 kubectl certificate deny allows a cluster admin to deny a certificate
20 signing request (CSR). This action tells a certificate signing con‐
21 troller to not to issue a certificate to the requestor.
22
26 --allow-missing-template-keys=true
27 If true, ignore any errors in templates when a field or map key is
28 missing in the template. Only applies to golang and jsonpath output
29 formats.
30 -f, --filename=[]
33 Filename, directory, or URL to files identifying the resource to
34 update
35 --force=false
38 Update the CSR even if it is already denied.
39 -o, --output=""
42 Output format. One of: json|yaml|name|go-template|go-tem‐
43 plate-file|template|templatefile|jsonpath|jsonpath-file.
44 -R, --recursive=false
47 Process the directory used in -f, --filename recursively. Useful
48 when you want to manage related manifests organized within the same
49 directory.
50 --template=""
53 Template string or path to template file to use when -o=go-tem‐
54 plate, -o=go-template-file. The template format is golang templates [
55 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
56
60 --alsologtostderr=false
61 log to standard error as well as files
62 --application-metrics-count-limit=100
65 Max number of application metrics to store (per container)
66 --as=""
69 Username to impersonate for the operation
70 --as-group=[]
73 Group to impersonate for the operation, this flag can be repeated
74 to specify multiple groups.
75 --azure-container-registry-config=""
78 Path to the file containing Azure container registry configuration
79 information.
80 --boot-id-file="/proc/sys/kernel/random/boot_id"
83 Comma-separated list of files to check for boot-id. Use the first
84 one that exists.
85 --cache-dir="/builddir/.kube/http-cache"
88 Default HTTP cache directory
89 --certificate-authority=""
92 Path to a cert file for the certificate authority
93 --client-certificate=""
96 Path to a client certificate file for TLS
97 --client-key=""
100 Path to a client key file for TLS
101 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
104 CIDRs opened in GCE firewall for LB traffic proxy health checks
105 --cluster=""
108 The name of the kubeconfig cluster to use
109 --container-hints="/etc/cadvisor/container_hints.json"
112 location of the container hints file
113 --containerd="unix:///var/run/containerd.sock"
116 containerd endpoint
117 --context=""
120 The name of the kubeconfig context to use
121 --default-not-ready-toleration-seconds=300
124 Indicates the tolerationSeconds of the toleration for
125 notReady:NoExecute that is added by default to every pod that does not
126 already have such a toleration.
127 --default-unreachable-toleration-seconds=300
130 Indicates the tolerationSeconds of the toleration for unreach‐
131 able:NoExecute that is added by default to every pod that does not
132 already have such a toleration.
133 --docker="unix:///var/run/docker.sock"
136 docker endpoint
137 --docker-env-metadata-whitelist=""
140 a comma-separated list of environment variable keys that needs to
141 be collected for docker containers
142 --docker-only=false
145 Only report docker containers in addition to root stats
146 --docker-root="/var/lib/docker"
149 DEPRECATED: docker root is read from docker info (this is a fall‐
150 back, default: /var/lib/docker)
151 --docker-tls=false
154 use TLS to connect to docker
155 --docker-tls-ca="ca.pem"
158 path to trusted CA
159 --docker-tls-cert="cert.pem"
162 path to client certificate
163 --docker-tls-key="key.pem"
166 path to private key
167 --enable-load-reader=false
170 Whether to enable cpu load reader
171 --event-storage-age-limit="default=0"
174 Max length of time for which to store events (per type). Value is a
175 comma separated list of key values, where the keys are event types
176 (e.g.: creation, oom) or "default" and the value is a duration. Default
177 is applied to all non-specified event types
178 --event-storage-event-limit="default=0"
181 Max number of events to store (per type). Value is a comma sepa‐
182 rated list of key values, where the keys are event types (e.g.: cre‐
183 ation, oom) or "default" and the value is an integer. Default is
184 applied to all non-specified event types
185 --global-housekeeping-interval=1m0s
188 Interval between global housekeepings
189 --housekeeping-interval=10s
192 Interval between container housekeepings
193 --insecure-skip-tls-verify=false
196 If true, the server's certificate will not be checked for validity.
197 This will make your HTTPS connections insecure
198 --kubeconfig=""
201 Path to the kubeconfig file to use for CLI requests.
202 --log-backtrace-at=:0
205 when logging hits line file:N, emit a stack trace
206 --log-cadvisor-usage=false
209 Whether to log the usage of the cAdvisor container
210 --log-dir=""
213 If non-empty, write log files in this directory
214 --log-file=""
217 If non-empty, use this log file
218 --log-flush-frequency=5s
221 Maximum number of seconds between log flushes
222 --logtostderr=true
225 log to standard error instead of files
226 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
229 Comma-separated list of files to check for machine-id. Use the
230 first one that exists.
231 --match-server-version=false
234 Require server version to match client version
235 --mesos-agent="127.0.0.1:5051"
238 Mesos agent address
239 --mesos-agent-timeout=10s
242 Mesos agent timeout
243 -n, --namespace=""
246 If present, the namespace scope for this CLI request
247 --password=""
250 Password for basic authentication to the API server
251 --profile="none"
254 Name of profile to capture. One of (none|cpu|heap|goroutine|thread‐
255 create|block|mutex)
256 --profile-output="profile.pprof"
259 Name of the file to write the profile to
260 --request-timeout="0"
263 The length of time to wait before giving up on a single server
264 request. Non-zero values should contain a corresponding time unit (e.g.
265 1s, 2m, 3h). A value of zero means don't timeout requests.
266 -s, --server=""
269 The address and port of the Kubernetes API server
270 --skip-headers=false
273 If true, avoid header prefixes in the log messages
274 --stderrthreshold=2
277 logs at or above this threshold go to stderr
278 --storage-driver-buffer-duration=1m0s
281 Writes in the storage driver will be buffered for this duration,
282 and committed to the non memory backends as a single transaction
283 --storage-driver-db="cadvisor"
286 database name
287 --storage-driver-host="localhost:8086"
290 database host:port
291 --storage-driver-password="root"
294 database password
295 --storage-driver-secure=false
298 use secure connection with database
299 --storage-driver-table="stats"
302 table name
303 --storage-driver-user="root"
306 database username
307 --token=""
310 Bearer token for authentication to the API server
311 --user=""
314 The name of the kubeconfig user to use
315 --username=""
318 Username for basic authentication to the API server
319 -v, --v=0
322 log level for V logs
323 --version=false
326 Print version information and quit
327 --vmodule=
330 comma-separated list of pattern=N settings for file-filtered log‐
331 ging
332
336 kubectl-certificate(1),
337
341 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
342 com) based on the kubernetes source material, but hopefully they have
343 been automatically generated since!
344Eric Paris kubernetes User Manuals KUBERNETES(1)