1OC ADM CERTIFICATE(1) June 2016 OC ADM CERTIFICATE(1)
2
3
4
6 oc adm certificate approve - Approve a certificate signing request
7
8
9
11 oc adm certificate approve [OPTIONS]
12
13
14
16 Approve a certificate signing request.
17
18
19 kubectl certificate approve allows a cluster admin to approve a cer‐
20 tificate signing request (CSR). This action tells a certificate signing
21 controller to issue a certificate to the requestor with the attributes
22 requested in the CSR.
23
24
25 SECURITY NOTICE: Depending on the requested attributes, the issued cer‐
26 tificate can potentially grant a requester access to cluster resources
27 or to authenticate as a requested identity. Before approving a CSR,
28 ensure you understand what the signed certificate can do.
29
30
31
33 --allow-missing-template-keys=true
34 If true, ignore any errors in templates when a field or map key is
35 missing in the template. Only applies to golang and jsonpath output
36 formats.
37
38
39 -f, --filename=[]
40 Filename, directory, or URL to files identifying the resource to
41 update
42
43
44 --force=false
45 Update the CSR even if it is already approved.
46
47
48 -o, --output=""
49 Output format. One of: json|yaml|name|templatefile|template|go-tem‐
50 plate|go-template-file|jsonpath-file|jsonpath.
51
52
53 -R, --recursive=false
54 Process the directory used in -f, --filename recursively. Useful
55 when you want to manage related manifests organized within the same
56 directory.
57
58
59 --template=""
60 Template string or path to template file to use when -o=go-tem‐
61 plate, -o=go-template-file. The template format is golang templates [
62 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
63
64
65
67 --allow_verification_with_non_compliant_keys=false
68 Allow a SignatureVerifier to use keys which are technically
69 non-compliant with RFC6962.
70
71
72 --alsologtostderr=false
73 log to standard error as well as files
74
75
76 --application_metrics_count_limit=100
77 Max number of application metrics to store (per container)
78
79
80 --as=""
81 Username to impersonate for the operation
82
83
84 --as-group=[]
85 Group to impersonate for the operation, this flag can be repeated
86 to specify multiple groups.
87
88
89 --azure-container-registry-config=""
90 Path to the file containing Azure container registry configuration
91 information.
92
93
94 --boot_id_file="/proc/sys/kernel/random/boot_id"
95 Comma-separated list of files to check for boot-id. Use the first
96 one that exists.
97
98
99 --cache-dir="/builddir/.kube/http-cache"
100 Default HTTP cache directory
101
102
103 --certificate-authority=""
104 Path to a cert file for the certificate authority
105
106
107 --client-certificate=""
108 Path to a client certificate file for TLS
109
110
111 --client-key=""
112 Path to a client key file for TLS
113
114
115 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
116 CIDRs opened in GCE firewall for LB traffic proxy health checks
117
118
119 --cluster=""
120 The name of the kubeconfig cluster to use
121
122
123 --container_hints="/etc/cadvisor/container_hints.json"
124 location of the container hints file
125
126
127 --containerd="unix:///var/run/containerd.sock"
128 containerd endpoint
129
130
131 --context=""
132 The name of the kubeconfig context to use
133
134
135 --default-not-ready-toleration-seconds=300
136 Indicates the tolerationSeconds of the toleration for
137 notReady:NoExecute that is added by default to every pod that does not
138 already have such a toleration.
139
140
141 --default-unreachable-toleration-seconds=300
142 Indicates the tolerationSeconds of the toleration for unreach‐
143 able:NoExecute that is added by default to every pod that does not
144 already have such a toleration.
145
146
147 --docker="unix:///var/run/docker.sock"
148 docker endpoint
149
150
151 --docker-tls=false
152 use TLS to connect to docker
153
154
155 --docker-tls-ca="ca.pem"
156 path to trusted CA
157
158
159 --docker-tls-cert="cert.pem"
160 path to client certificate
161
162
163 --docker-tls-key="key.pem"
164 path to private key
165
166
167 --docker_env_metadata_whitelist=""
168 a comma-separated list of environment variable keys that needs to
169 be collected for docker containers
170
171
172 --docker_only=false
173 Only report docker containers in addition to root stats
174
175
176 --docker_root="/var/lib/docker"
177 DEPRECATED: docker root is read from docker info (this is a fall‐
178 back, default: /var/lib/docker)
179
180
181 --enable_load_reader=false
182 Whether to enable cpu load reader
183
184
185 --event_storage_age_limit="default=24h"
186 Max length of time for which to store events (per type). Value is a
187 comma separated list of key values, where the keys are event types
188 (e.g.: creation, oom) or "default" and the value is a duration. Default
189 is applied to all non-specified event types
190
191
192 --event_storage_event_limit="default=100000"
193 Max number of events to store (per type). Value is a comma sepa‐
194 rated list of key values, where the keys are event types (e.g.: cre‐
195 ation, oom) or "default" and the value is an integer. Default is
196 applied to all non-specified event types
197
198
199 --global_housekeeping_interval=0
200 Interval between global housekeepings
201
202
203 --housekeeping_interval=0
204 Interval between container housekeepings
205
206
207 --insecure-skip-tls-verify=false
208 If true, the server's certificate will not be checked for validity.
209 This will make your HTTPS connections insecure
210
211
212 --kubeconfig=""
213 Path to the kubeconfig file to use for CLI requests.
214
215
216 --log-flush-frequency=0
217 Maximum number of seconds between log flushes
218
219
220 --log_backtrace_at=:0
221 when logging hits line file:N, emit a stack trace
222
223
224 --log_cadvisor_usage=false
225 Whether to log the usage of the cAdvisor container
226
227
228 --log_dir=""
229 If non-empty, write log files in this directory
230
231
232 --logtostderr=true
233 log to standard error instead of files
234
235
236 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
237 Comma-separated list of files to check for machine-id. Use the
238 first one that exists.
239
240
241 --match-server-version=false
242 Require server version to match client version
243
244
245 -n, --namespace=""
246 If present, the namespace scope for this CLI request
247
248
249 --request-timeout="0"
250 The length of time to wait before giving up on a single server
251 request. Non-zero values should contain a corresponding time unit (e.g.
252 1s, 2m, 3h). A value of zero means don't timeout requests.
253
254
255 -s, --server=""
256 The address and port of the Kubernetes API server
257
258
259 --stderrthreshold=2
260 logs at or above this threshold go to stderr
261
262
263 --storage_driver_buffer_duration=0
264 Writes in the storage driver will be buffered for this duration,
265 and committed to the non memory backends as a single transaction
266
267
268 --storage_driver_db="cadvisor"
269 database name
270
271
272 --storage_driver_host="localhost:8086"
273 database host:port
274
275
276 --storage_driver_password="root"
277 database password
278
279
280 --storage_driver_secure=false
281 use secure connection with database
282
283
284 --storage_driver_table="stats"
285 table name
286
287
288 --storage_driver_user="root"
289 database username
290
291
292 --token=""
293 Bearer token for authentication to the API server
294
295
296 --user=""
297 The name of the kubeconfig user to use
298
299
300 -v, --v=0
301 log level for V logs
302
303
304 --version=false
305 Print version information and quit
306
307
308 --vmodule=
309 comma-separated list of pattern=N settings for file-filtered log‐
310 ging
311
312
313
315 oc-adm-certificate(1),
316
317
318
320 June 2016, Ported from the Kubernetes man-doc generator
321
322
323
324Openshift Openshift CLI User Manuals OC ADM CERTIFICATE(1)