1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl certificate approve - Approve a certificate signing request
10
11
12

SYNOPSIS

14       kubectl certificate approve [OPTIONS]
15
16
17

DESCRIPTION

19       Approve a certificate signing request.
20
21
22       kubectl  certificate  approve  allows a cluster admin to approve a cer‐
23       tificate signing request (CSR). This action tells a certificate signing
24       controller  to issue a certificate to the requestor with the attributes
25       requested in the CSR.
26
27
28       SECURITY NOTICE: Depending on the requested attributes, the issued cer‐
29       tificate  can potentially grant a requester access to cluster resources
30       or to authenticate as a requested identity. Before approving a CSR, en‐
31       sure you understand what the signed certificate can do.
32
33
34

OPTIONS

36       --allow-missing-template-keys=true       If  true, ignore any errors in
37       templates when a field or map key is missing in the template. Only  ap‐
38       plies to golang and jsonpath output formats.
39
40
41       -f, --filename=[]      Filename, directory, or URL to files identifying
42       the resource to update
43
44
45       --force=false      Update the CSR even if it is already approved.
46
47
48       -k, --kustomize=""      Process the kustomization directory. This  flag
49       can't be used together with -f or -R.
50
51
52       -o,  --output=""       Output  format.  One  of: json|yaml|name|go-tem‐
53       plate|go-template-file|template|templatefile|jsonpath|json‐
54       path-as-json|jsonpath-file.
55
56
57       -R, --recursive=false      Process the directory used in -f, --filename
58       recursively. Useful when you want to manage related manifests organized
59       within the same directory.
60
61
62       --template=""      Template string or path to template file to use when
63       -o=go-template, -o=go-template-file. The template format is golang tem‐
64       plates [http://golang.org/pkg/text/template/#pkg-overview].
65
66
67

OPTIONS INHERITED FROM PARENT COMMANDS

69       --add-dir-header=false       If  true,  adds  the file directory to the
70       header of the log messages
71
72
73       --alsologtostderr=false      log to standard error as well as files
74
75
76       --application-metrics-count-limit=100      Max  number  of  application
77       metrics to store (per container)
78
79
80       --as=""      Username to impersonate for the operation
81
82
83       --as-group=[]       Group  to  impersonate for the operation, this flag
84       can be repeated to specify multiple groups.
85
86
87       --azure-container-registry-config=""      Path to the  file  containing
88       Azure container registry configuration information.
89
90
91       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
92       list of files to check for boot-id. Use the first one that exists.
93
94
95       --cache-dir="/builddir/.kube/cache"      Default cache directory
96
97
98       --certificate-authority=""      Path to a cert file for the certificate
99       authority
100
101
102       --client-certificate=""      Path to a client certificate file for TLS
103
104
105       --client-key=""      Path to a client key file for TLS
106
107
108       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
109            CIDRs opened in GCE firewall for  L7  LB  traffic  proxy    health
110       checks
111
112
113       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
114            CIDRs opened in GCE firewall for  L4  LB  traffic  proxy    health
115       checks
116
117
118       --cluster=""      The name of the kubeconfig cluster to use
119
120
121       --container-hints="/etc/cadvisor/container_hints.json"      location of
122       the container hints file
123
124
125       --containerd="/run/containerd/containerd.sock"      containerd endpoint
126
127
128       --containerd-namespace="k8s.io"      containerd namespace
129
130
131       --context=""      The name of the kubeconfig context to use
132
133
134       --default-not-ready-toleration-seconds=300      Indicates  the  tolera‐
135       tionSeconds  of  the toleration for notReady:NoExecute that is added by
136       default to every pod that does not already have such a toleration.
137
138
139       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
140       tionSeconds  of  the toleration for unreachable:NoExecute that is added
141       by default to every pod that does not already have such a toleration.
142
143
144       --disable-root-cgroup-stats=false      Disable collecting  root  Cgroup
145       stats
146
147
148       --docker="unix:///var/run/docker.sock"      docker endpoint
149
150
151       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
152       ronment variable keys matched with specified prefix that  needs  to  be
153       collected for docker containers
154
155
156       --docker-only=false       Only  report docker containers in addition to
157       root stats
158
159
160       --docker-root="/var/lib/docker"      DEPRECATED: docker  root  is  read
161       from docker info (this is a fallback, default: /var/lib/docker)
162
163
164       --docker-tls=false      use TLS to connect to docker
165
166
167       --docker-tls-ca="ca.pem"      path to trusted CA
168
169
170       --docker-tls-cert="cert.pem"      path to client certificate
171
172
173       --docker-tls-key="key.pem"      path to private key
174
175
176       --enable-load-reader=false      Whether to enable cpu load reader
177
178
179       --event-storage-age-limit="default=0"      Max length of time for which
180       to store events (per type). Value is a comma separated list of key val‐
181       ues,  where the keys are event types (e.g.: creation, oom) or "default"
182       and the value is a duration. Default is applied  to  all  non-specified
183       event types
184
185
186       --event-storage-event-limit="default=0"       Max  number  of events to
187       store (per type). Value is a comma separated list of key values,  where
188       the  keys  are  event  types (e.g.: creation, oom) or "default" and the
189       value is an integer. Default is  applied  to  all  non-specified  event
190       types
191
192
193       --global-housekeeping-interval=1m0s      Interval between global house‐
194       keepings
195
196
197       --housekeeping-interval=10s      Interval between container  housekeep‐
198       ings
199
200
201       --insecure-skip-tls-verify=false      If true, the server's certificate
202       will not be checked for validity. This will make your HTTPS connections
203       insecure
204
205
206       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
207       quests.
208
209
210       --log-backtrace-at=:0      when logging hits line file:N, emit a  stack
211       trace
212
213
214       --log-cadvisor-usage=false       Whether to log the usage of the cAdvi‐
215       sor container
216
217
218       --log-dir=""      If non-empty, write log files in this directory
219
220
221       --log-file=""      If non-empty, use this log file
222
223
224       --log-file-max-size=1800      Defines the maximum size a log  file  can
225       grow to. Unit is megabytes. If the value is 0, the maximum file size is
226       unlimited.
227
228
229       --log-flush-frequency=5s      Maximum number  of  seconds  between  log
230       flushes
231
232
233       --logtostderr=true      log to standard error instead of files
234
235
236       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
237            Comma-separated list of files to check  for  machine-id.  Use  the
238       first one that exists.
239
240
241       --match-server-version=false        Require  server  version  to  match
242       client version
243
244
245       -n, --namespace=""      If present, the namespace scope  for  this  CLI
246       request
247
248
249       --one-output=false      If true, only write logs to their native sever‐
250       ity level (vs also writing to each lower severity level
251
252
253       --password=""      Password for basic authentication to the API server
254
255
256       --profile="none"        Name   of   profile   to   capture.   One    of
257       (none|cpu|heap|goroutine|threadcreate|block|mutex)
258
259
260       --profile-output="profile.pprof"       Name  of  the  file to write the
261       profile to
262
263
264       --referenced-reset-interval=0      Reset interval for referenced  bytes
265       (container_referenced_bytes metric), number of measurement cycles after
266       which referenced bytes are cleared, if set to 0  referenced  bytes  are
267       never cleared (default: 0)
268
269
270       --request-timeout="0"       The length of time to wait before giving up
271       on a single server request. Non-zero values  should  contain  a  corre‐
272       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
273       out requests.
274
275
276       -s, --server=""      The address and port of the Kubernetes API server
277
278
279       --skip-headers=false      If true, avoid header  prefixes  in  the  log
280       messages
281
282
283       --skip-log-headers=false       If  true, avoid headers when opening log
284       files
285
286
287       --stderrthreshold=2      logs at or above this threshold go to stderr
288
289
290       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
291       will  be  buffered  for  this duration, and committed to the non memory
292       backends as a single transaction
293
294
295       --storage-driver-db="cadvisor"      database name
296
297
298       --storage-driver-host="localhost:8086"      database host:port
299
300
301       --storage-driver-password="root"      database password
302
303
304       --storage-driver-secure=false      use secure connection with database
305
306
307       --storage-driver-table="stats"      table name
308
309
310       --storage-driver-user="root"      database username
311
312
313       --tls-server-name=""      Server name to  use  for  server  certificate
314       validation.  If  it  is  not provided, the hostname used to contact the
315       server is used
316
317
318       --token=""      Bearer token for authentication to the API server
319
320
321       --update-machine-info-interval=5m0s      Interval between machine  info
322       updates.
323
324
325       --user=""      The name of the kubeconfig user to use
326
327
328       --username=""      Username for basic authentication to the API server
329
330
331       -v, --v=0      number for the log level verbosity
332
333
334       --version=false      Print version information and quit
335
336
337       --vmodule=        comma-separated   list   of  pattern=N  settings  for
338       file-filtered logging
339
340
341       --warnings-as-errors=false      Treat warnings received from the server
342       as errors and exit with a non-zero exit code
343
344
345

SEE ALSO

347       kubectl-certificate(1),
348
349
350

HISTORY

352       January  2015,  Originally compiled by Eric Paris (eparis at redhat dot
353       com) based on the kubernetes source material, but hopefully  they  have
354       been automatically generated since!
355
356
357
358Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum