1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
6 kubectl certificate deny - Deny a certificate signing request
7
11 kubectl certificate deny [OPTIONS]
12
16 Deny a certificate signing request.
17 kubectl certificate deny allows a cluster admin to deny a certificate
20 signing request (CSR). This action tells a certificate signing con‐
21 troller to not to issue a certificate to the requestor.
22
26 --allow-missing-template-keys=true
27 If true, ignore any errors in templates when a field or map key is
28 missing in the template. Only applies to golang and jsonpath output
29 formats.
30 -f, --filename=[]
33 Filename, directory, or URL to files identifying the resource to
34 update
35 --force=false
38 Update the CSR even if it is already denied.
39 -k, --kustomize=""
42 Process the kustomization directory. This flag can't be used
43 together with -f or -R.
44 -o, --output=""
47 Output format. One of: json|yaml|name|go-template|go-tem‐
48 plate-file|template|templatefile|jsonpath|jsonpath-file.
49 -R, --recursive=false
52 Process the directory used in -f, --filename recursively. Useful
53 when you want to manage related manifests organized within the same
54 directory.
55 --template=""
58 Template string or path to template file to use when -o=go-tem‐
59 plate, -o=go-template-file. The template format is golang templates [
60 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
61
65 --alsologtostderr=false
66 log to standard error as well as files
67 --application-metrics-count-limit=100
70 Max number of application metrics to store (per container)
71 --as=""
74 Username to impersonate for the operation
75 --as-group=[]
78 Group to impersonate for the operation, this flag can be repeated
79 to specify multiple groups.
80 --azure-container-registry-config=""
83 Path to the file containing Azure container registry configuration
84 information.
85 --boot-id-file="/proc/sys/kernel/random/boot_id"
88 Comma-separated list of files to check for boot-id. Use the first
89 one that exists.
90 --cache-dir="/builddir/.kube/http-cache"
93 Default HTTP cache directory
94 --certificate-authority=""
97 Path to a cert file for the certificate authority
98 --client-certificate=""
101 Path to a client certificate file for TLS
102 --client-key=""
105 Path to a client key file for TLS
106 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
109 CIDRs opened in GCE firewall for LB traffic proxy health checks
110 --cluster=""
113 The name of the kubeconfig cluster to use
114 --container-hints="/etc/cadvisor/container_hints.json"
117 location of the container hints file
118 --containerd="/run/containerd/containerd.sock"
121 containerd endpoint
122 --containerd-namespace="k8s.io"
125 containerd namespace
126 --context=""
129 The name of the kubeconfig context to use
130 --default-not-ready-toleration-seconds=300
133 Indicates the tolerationSeconds of the toleration for
134 notReady:NoExecute that is added by default to every pod that does not
135 already have such a toleration.
136 --default-unreachable-toleration-seconds=300
139 Indicates the tolerationSeconds of the toleration for unreach‐
140 able:NoExecute that is added by default to every pod that does not
141 already have such a toleration.
142 --docker="unix:///var/run/docker.sock"
145 docker endpoint
146 --docker-env-metadata-whitelist=""
149 a comma-separated list of environment variable keys that needs to
150 be collected for docker containers
151 --docker-only=false
154 Only report docker containers in addition to root stats
155 --docker-root="/var/lib/docker"
158 DEPRECATED: docker root is read from docker info (this is a fall‐
159 back, default: /var/lib/docker)
160 --docker-tls=false
163 use TLS to connect to docker
164 --docker-tls-ca="ca.pem"
167 path to trusted CA
168 --docker-tls-cert="cert.pem"
171 path to client certificate
172 --docker-tls-key="key.pem"
175 path to private key
176 --enable-load-reader=false
179 Whether to enable cpu load reader
180 --event-storage-age-limit="default=0"
183 Max length of time for which to store events (per type). Value is a
184 comma separated list of key values, where the keys are event types
185 (e.g.: creation, oom) or "default" and the value is a duration. Default
186 is applied to all non-specified event types
187 --event-storage-event-limit="default=0"
190 Max number of events to store (per type). Value is a comma sepa‐
191 rated list of key values, where the keys are event types (e.g.: cre‐
192 ation, oom) or "default" and the value is an integer. Default is
193 applied to all non-specified event types
194 --global-housekeeping-interval=1m0s
197 Interval between global housekeepings
198 --housekeeping-interval=10s
201 Interval between container housekeepings
202 --insecure-skip-tls-verify=false
205 If true, the server's certificate will not be checked for validity.
206 This will make your HTTPS connections insecure
207 --kubeconfig=""
210 Path to the kubeconfig file to use for CLI requests.
211 --log-backtrace-at=:0
214 when logging hits line file:N, emit a stack trace
215 --log-cadvisor-usage=false
218 Whether to log the usage of the cAdvisor container
219 --log-dir=""
222 If non-empty, write log files in this directory
223 --log-file=""
226 If non-empty, use this log file
227 --log-file-max-size=1800
230 Defines the maximum size a log file can grow to. Unit is megabytes.
231 If the value is 0, the maximum file size is unlimited.
232 --log-flush-frequency=5s
235 Maximum number of seconds between log flushes
236 --logtostderr=true
239 log to standard error instead of files
240 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
243 Comma-separated list of files to check for machine-id. Use the
244 first one that exists.
245 --match-server-version=false
248 Require server version to match client version
249 -n, --namespace=""
252 If present, the namespace scope for this CLI request
253 --password=""
256 Password for basic authentication to the API server
257 --profile="none"
260 Name of profile to capture. One of (none|cpu|heap|goroutine|thread‐
261 create|block|mutex)
262 --profile-output="profile.pprof"
265 Name of the file to write the profile to
266 --request-timeout="0"
269 The length of time to wait before giving up on a single server
270 request. Non-zero values should contain a corresponding time unit (e.g.
271 1s, 2m, 3h). A value of zero means don't timeout requests.
272 -s, --server=""
275 The address and port of the Kubernetes API server
276 --skip-headers=false
279 If true, avoid header prefixes in the log messages
280 --skip-log-headers=false
283 If true, avoid headers when opening log files
284 --stderrthreshold=2
287 logs at or above this threshold go to stderr
288 --storage-driver-buffer-duration=1m0s
291 Writes in the storage driver will be buffered for this duration,
292 and committed to the non memory backends as a single transaction
293 --storage-driver-db="cadvisor"
296 database name
297 --storage-driver-host="localhost:8086"
300 database host:port
301 --storage-driver-password="root"
304 database password
305 --storage-driver-secure=false
308 use secure connection with database
309 --storage-driver-table="stats"
312 table name
313 --storage-driver-user="root"
316 database username
317 --token=""
320 Bearer token for authentication to the API server
321 --update-machine-info-interval=5m0s
324 Interval between machine info updates.
325 --user=""
328 The name of the kubeconfig user to use
329 --username=""
332 Username for basic authentication to the API server
333 -v, --v=0
336 number for the log level verbosity
337 --version=false
340 Print version information and quit
341 --vmodule=
344 comma-separated list of pattern=N settings for file-filtered log‐
345 ging
346
350 kubectl-certificate(1),
351
355 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
356 com) based on the kubernetes source material, but hopefully they have
357 been automatically generated since!
358Eric Paris kubernetes User Manuals KUBERNETES(1)