1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
6 kubectl certificate deny - Deny a certificate signing request
7
11 kubectl certificate deny [OPTIONS]
12
16 Deny a certificate signing request.
17 kubectl certificate deny allows a cluster admin to deny a certificate
20 signing request (CSR). This action tells a certificate signing con‐
21 troller to not to issue a certificate to the requestor.
22
26 --allow-missing-template-keys=true
27 If true, ignore any errors in templates when a field or map key is
28 missing in the template. Only applies to golang and jsonpath output
29 formats.
30 -f, --filename=[]
33 Filename, directory, or URL to files identifying the resource to
34 update
35 --force=false
38 Update the CSR even if it is already denied.
39 -o, --output=""
42 Output format. One of: json|yaml|name|template|go-template|go-tem‐
43 plate-file|templatefile|jsonpath|jsonpath-file.
44 -R, --recursive=false
47 Process the directory used in -f, --filename recursively. Useful
48 when you want to manage related manifests organized within the same
49 directory.
50 --template=""
53 Template string or path to template file to use when -o=go-tem‐
54 plate, -o=go-template-file. The template format is golang templates [
55 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
56
60 --allow-verification-with-non-compliant-keys=false
61 Allow a SignatureVerifier to use keys which are technically
62 non-compliant with RFC6962.
63 --alsologtostderr=false
66 log to standard error as well as files
67 --application-metrics-count-limit=100
70 Max number of application metrics to store (per container)
71 --as=""
74 Username to impersonate for the operation
75 --as-group=[]
78 Group to impersonate for the operation, this flag can be repeated
79 to specify multiple groups.
80 --azure-container-registry-config=""
83 Path to the file containing Azure container registry configuration
84 information.
85 --boot-id-file="/proc/sys/kernel/random/boot_id"
88 Comma-separated list of files to check for boot-id. Use the first
89 one that exists.
90 --cache-dir="/builddir/.kube/http-cache"
93 Default HTTP cache directory
94 --certificate-authority=""
97 Path to a cert file for the certificate authority
98 --client-certificate=""
101 Path to a client certificate file for TLS
102 --client-key=""
105 Path to a client key file for TLS
106 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
109 CIDRs opened in GCE firewall for LB traffic proxy health checks
110 --cluster=""
113 The name of the kubeconfig cluster to use
114 --container-hints="/etc/cadvisor/container_hints.json"
117 location of the container hints file
118 --containerd="unix:///var/run/containerd.sock"
121 containerd endpoint
122 --context=""
125 The name of the kubeconfig context to use
126 --default-not-ready-toleration-seconds=300
129 Indicates the tolerationSeconds of the toleration for
130 notReady:NoExecute that is added by default to every pod that does not
131 already have such a toleration.
132 --default-unreachable-toleration-seconds=300
135 Indicates the tolerationSeconds of the toleration for unreach‐
136 able:NoExecute that is added by default to every pod that does not
137 already have such a toleration.
138 --docker="unix:///var/run/docker.sock"
141 docker endpoint
142 --docker-env-metadata-whitelist=""
145 a comma-separated list of environment variable keys that needs to
146 be collected for docker containers
147 --docker-only=false
150 Only report docker containers in addition to root stats
151 --docker-root="/var/lib/docker"
154 DEPRECATED: docker root is read from docker info (this is a fall‐
155 back, default: /var/lib/docker)
156 --docker-tls=false
159 use TLS to connect to docker
160 --docker-tls-ca="ca.pem"
163 path to trusted CA
164 --docker-tls-cert="cert.pem"
167 path to client certificate
168 --docker-tls-key="key.pem"
171 path to private key
172 --enable-load-reader=false
175 Whether to enable cpu load reader
176 --event-storage-age-limit="default=0"
179 Max length of time for which to store events (per type). Value is a
180 comma separated list of key values, where the keys are event types
181 (e.g.: creation, oom) or "default" and the value is a duration. Default
182 is applied to all non-specified event types
183 --event-storage-event-limit="default=0"
186 Max number of events to store (per type). Value is a comma sepa‐
187 rated list of key values, where the keys are event types (e.g.: cre‐
188 ation, oom) or "default" and the value is an integer. Default is
189 applied to all non-specified event types
190 --global-housekeeping-interval=1m0s
193 Interval between global housekeepings
194 --google-json-key=""
197 The Google Cloud Platform Service Account JSON Key to use for
198 authentication.
199 --housekeeping-interval=10s
202 Interval between container housekeepings
203 --insecure-skip-tls-verify=false
206 If true, the server's certificate will not be checked for validity.
207 This will make your HTTPS connections insecure
208 --kubeconfig=""
211 Path to the kubeconfig file to use for CLI requests.
212 --log-backtrace-at=:0
215 when logging hits line file:N, emit a stack trace
216 --log-cadvisor-usage=false
219 Whether to log the usage of the cAdvisor container
220 --log-dir=""
223 If non-empty, write log files in this directory
224 --log-flush-frequency=5s
227 Maximum number of seconds between log flushes
228 --logtostderr=true
231 log to standard error instead of files
232 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
235 Comma-separated list of files to check for machine-id. Use the
236 first one that exists.
237 --match-server-version=false
240 Require server version to match client version
241 --mesos-agent="127.0.0.1:5051"
244 Mesos agent address
245 --mesos-agent-timeout=10s
248 Mesos agent timeout
249 -n, --namespace=""
252 If present, the namespace scope for this CLI request
253 --request-timeout="0"
256 The length of time to wait before giving up on a single server
257 request. Non-zero values should contain a corresponding time unit (e.g.
258 1s, 2m, 3h). A value of zero means don't timeout requests.
259 -s, --server=""
262 The address and port of the Kubernetes API server
263 --stderrthreshold=2
266 logs at or above this threshold go to stderr
267 --storage-driver-buffer-duration=1m0s
270 Writes in the storage driver will be buffered for this duration,
271 and committed to the non memory backends as a single transaction
272 --storage-driver-db="cadvisor"
275 database name
276 --storage-driver-host="localhost:8086"
279 database host:port
280 --storage-driver-password="root"
283 database password
284 --storage-driver-secure=false
287 use secure connection with database
288 --storage-driver-table="stats"
291 table name
292 --storage-driver-user="root"
295 database username
296 --token=""
299 Bearer token for authentication to the API server
300 --user=""
303 The name of the kubeconfig user to use
304 -v, --v=0
307 log level for V logs
308 --version=false
311 Print version information and quit
312 --vmodule=
315 comma-separated list of pattern=N settings for file-filtered log‐
316 ging
317
321 kubectl-certificate(1),
322
326 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
327 com) based on the kubernetes source material, but hopefully they have
328 been automatically generated since!
329Eric Paris kubernetes User Manuals KUBERNETES(1)