1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl certificate - Modify certificate resources.
10
11
12

SYNOPSIS

14       kubectl certificate [OPTIONS]
15
16
17

DESCRIPTION

19       Modify certificate resources.
20
21
22

OPTIONS INHERITED FROM PARENT COMMANDS

24       --add-dir-header=false       If  true,  adds  the file directory to the
25       header of the log messages
26
27
28       --alsologtostderr=false      log to standard error as well as files
29
30
31       --application-metrics-count-limit=100      Max  number  of  application
32       metrics to store (per container)
33
34
35       --as=""      Username to impersonate for the operation
36
37
38       --as-group=[]       Group  to  impersonate for the operation, this flag
39       can be repeated to specify multiple groups.
40
41
42       --azure-container-registry-config=""      Path to the  file  containing
43       Azure container registry configuration information.
44
45
46       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
47       list of files to check for boot-id. Use the first one that exists.
48
49
50       --cache-dir="/builddir/.kube/cache"      Default cache directory
51
52
53       --certificate-authority=""      Path to a cert file for the certificate
54       authority
55
56
57       --client-certificate=""      Path to a client certificate file for TLS
58
59
60       --client-key=""      Path to a client key file for TLS
61
62
63       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
64            CIDRs opened in GCE firewall for  L7  LB  traffic  proxy    health
65       checks
66
67
68       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
69            CIDRs opened in GCE firewall for  L4  LB  traffic  proxy    health
70       checks
71
72
73       --cluster=""      The name of the kubeconfig cluster to use
74
75
76       --container-hints="/etc/cadvisor/container_hints.json"      location of
77       the container hints file
78
79
80       --containerd="/run/containerd/containerd.sock"      containerd endpoint
81
82
83       --containerd-namespace="k8s.io"      containerd namespace
84
85
86       --context=""      The name of the kubeconfig context to use
87
88
89       --default-not-ready-toleration-seconds=300      Indicates  the  tolera‐
90       tionSeconds  of  the toleration for notReady:NoExecute that is added by
91       default to every pod that does not already have such a toleration.
92
93
94       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
95       tionSeconds  of  the toleration for unreachable:NoExecute that is added
96       by default to every pod that does not already have such a toleration.
97
98
99       --disable-root-cgroup-stats=false      Disable collecting  root  Cgroup
100       stats
101
102
103       --docker="unix:///var/run/docker.sock"      docker endpoint
104
105
106       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
107       ronment variable keys matched with specified prefix that  needs  to  be
108       collected for docker containers
109
110
111       --docker-only=false       Only  report docker containers in addition to
112       root stats
113
114
115       --docker-root="/var/lib/docker"      DEPRECATED: docker  root  is  read
116       from docker info (this is a fallback, default: /var/lib/docker)
117
118
119       --docker-tls=false      use TLS to connect to docker
120
121
122       --docker-tls-ca="ca.pem"      path to trusted CA
123
124
125       --docker-tls-cert="cert.pem"      path to client certificate
126
127
128       --docker-tls-key="key.pem"      path to private key
129
130
131       --enable-load-reader=false      Whether to enable cpu load reader
132
133
134       --event-storage-age-limit="default=0"      Max length of time for which
135       to store events (per type). Value is a comma separated list of key val‐
136       ues,  where the keys are event types (e.g.: creation, oom) or "default"
137       and the value is a duration. Default is applied  to  all  non-specified
138       event types
139
140
141       --event-storage-event-limit="default=0"       Max  number  of events to
142       store (per type). Value is a comma separated list of key values,  where
143       the  keys  are  event  types (e.g.: creation, oom) or "default" and the
144       value is an integer. Default is  applied  to  all  non-specified  event
145       types
146
147
148       --global-housekeeping-interval=1m0s      Interval between global house‐
149       keepings
150
151
152       --housekeeping-interval=10s      Interval between container  housekeep‐
153       ings
154
155
156       --insecure-skip-tls-verify=false      If true, the server's certificate
157       will not be checked for validity. This will make your HTTPS connections
158       insecure
159
160
161       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
162       quests.
163
164
165       --log-backtrace-at=:0      when logging hits line file:N, emit a  stack
166       trace
167
168
169       --log-cadvisor-usage=false       Whether to log the usage of the cAdvi‐
170       sor container
171
172
173       --log-dir=""      If non-empty, write log files in this directory
174
175
176       --log-file=""      If non-empty, use this log file
177
178
179       --log-file-max-size=1800      Defines the maximum size a log  file  can
180       grow to. Unit is megabytes. If the value is 0, the maximum file size is
181       unlimited.
182
183
184       --log-flush-frequency=5s      Maximum number  of  seconds  between  log
185       flushes
186
187
188       --logtostderr=true      log to standard error instead of files
189
190
191       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
192            Comma-separated list of files to check  for  machine-id.  Use  the
193       first one that exists.
194
195
196       --match-server-version=false        Require  server  version  to  match
197       client version
198
199
200       -n, --namespace=""      If present, the namespace scope  for  this  CLI
201       request
202
203
204       --one-output=false      If true, only write logs to their native sever‐
205       ity level (vs also writing to each lower severity level
206
207
208       --password=""      Password for basic authentication to the API server
209
210
211       --profile="none"        Name   of   profile   to   capture.   One    of
212       (none|cpu|heap|goroutine|threadcreate|block|mutex)
213
214
215       --profile-output="profile.pprof"       Name  of  the  file to write the
216       profile to
217
218
219       --referenced-reset-interval=0      Reset interval for referenced  bytes
220       (container_referenced_bytes metric), number of measurement cycles after
221       which referenced bytes are cleared, if set to 0  referenced  bytes  are
222       never cleared (default: 0)
223
224
225       --request-timeout="0"       The length of time to wait before giving up
226       on a single server request. Non-zero values  should  contain  a  corre‐
227       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
228       out requests.
229
230
231       -s, --server=""      The address and port of the Kubernetes API server
232
233
234       --skip-headers=false      If true, avoid header  prefixes  in  the  log
235       messages
236
237
238       --skip-log-headers=false       If  true, avoid headers when opening log
239       files
240
241
242       --stderrthreshold=2      logs at or above this threshold go to stderr
243
244
245       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
246       will  be  buffered  for  this duration, and committed to the non memory
247       backends as a single transaction
248
249
250       --storage-driver-db="cadvisor"      database name
251
252
253       --storage-driver-host="localhost:8086"      database host:port
254
255
256       --storage-driver-password="root"      database password
257
258
259       --storage-driver-secure=false      use secure connection with database
260
261
262       --storage-driver-table="stats"      table name
263
264
265       --storage-driver-user="root"      database username
266
267
268       --tls-server-name=""      Server name to  use  for  server  certificate
269       validation.  If  it  is  not provided, the hostname used to contact the
270       server is used
271
272
273       --token=""      Bearer token for authentication to the API server
274
275
276       --update-machine-info-interval=5m0s      Interval between machine  info
277       updates.
278
279
280       --user=""      The name of the kubeconfig user to use
281
282
283       --username=""      Username for basic authentication to the API server
284
285
286       -v, --v=0      number for the log level verbosity
287
288
289       --version=false      Print version information and quit
290
291
292       --vmodule=        comma-separated   list   of  pattern=N  settings  for
293       file-filtered logging
294
295
296       --warnings-as-errors=false      Treat warnings received from the server
297       as errors and exit with a non-zero exit code
298
299
300

SEE ALSO

302       kubectl(1),       kubectl-certificate-approve(1),      kubectl-certifi‐
303       cate-deny(1),
304
305
306

HISTORY

308       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
309       com)  based  on the kubernetes source material, but hopefully they have
310       been automatically generated since!
311
312
313
314Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum