1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl certificate deny - Deny a certificate signing request
10
11
12

SYNOPSIS

14       kubectl certificate deny [OPTIONS]
15
16
17

DESCRIPTION

19       Deny a certificate signing request.
20
21
22       kubectl  certificate  deny allows a cluster admin to deny a certificate
23       signing request (CSR). This action tells  a  certificate  signing  con‐
24       troller to not to issue a certificate to the requestor.
25
26
27

OPTIONS

29       --allow-missing-template-keys=true       If  true, ignore any errors in
30       templates when a field or map key is missing in the template. Only  ap‐
31       plies to golang and jsonpath output formats.
32
33
34       -f, --filename=[]      Filename, directory, or URL to files identifying
35       the resource to update
36
37
38       --force=false      Update the CSR even if it is already denied.
39
40
41       -k, --kustomize=""      Process the kustomization directory. This  flag
42       can't be used together with -f or -R.
43
44
45       -o,  --output=""       Output  format.  One  of: json|yaml|name|go-tem‐
46       plate|go-template-file|template|templatefile|jsonpath|json‐
47       path-as-json|jsonpath-file.
48
49
50       -R, --recursive=false      Process the directory used in -f, --filename
51       recursively. Useful when you want to manage related manifests organized
52       within the same directory.
53
54
55       --template=""      Template string or path to template file to use when
56       -o=go-template, -o=go-template-file. The template format is golang tem‐
57       plates [http://golang.org/pkg/text/template/#pkg-overview].
58
59
60

OPTIONS INHERITED FROM PARENT COMMANDS

62       --add-dir-header=false       If  true,  adds  the file directory to the
63       header of the log messages
64
65
66       --alsologtostderr=false      log to standard error as well as files
67
68
69       --application-metrics-count-limit=100      Max  number  of  application
70       metrics to store (per container)
71
72
73       --as=""      Username to impersonate for the operation
74
75
76       --as-group=[]       Group  to  impersonate for the operation, this flag
77       can be repeated to specify multiple groups.
78
79
80       --azure-container-registry-config=""      Path to the  file  containing
81       Azure container registry configuration information.
82
83
84       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
85       list of files to check for boot-id. Use the first one that exists.
86
87
88       --cache-dir="/builddir/.kube/cache"      Default cache directory
89
90
91       --certificate-authority=""      Path to a cert file for the certificate
92       authority
93
94
95       --client-certificate=""      Path to a client certificate file for TLS
96
97
98       --client-key=""      Path to a client key file for TLS
99
100
101       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
102            CIDRs opened in GCE firewall for  L7  LB  traffic  proxy    health
103       checks
104
105
106       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
107            CIDRs opened in GCE firewall for  L4  LB  traffic  proxy    health
108       checks
109
110
111       --cluster=""      The name of the kubeconfig cluster to use
112
113
114       --container-hints="/etc/cadvisor/container_hints.json"      location of
115       the container hints file
116
117
118       --containerd="/run/containerd/containerd.sock"      containerd endpoint
119
120
121       --containerd-namespace="k8s.io"      containerd namespace
122
123
124       --context=""      The name of the kubeconfig context to use
125
126
127       --default-not-ready-toleration-seconds=300      Indicates  the  tolera‐
128       tionSeconds  of  the toleration for notReady:NoExecute that is added by
129       default to every pod that does not already have such a toleration.
130
131
132       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
133       tionSeconds  of  the toleration for unreachable:NoExecute that is added
134       by default to every pod that does not already have such a toleration.
135
136
137       --disable-root-cgroup-stats=false      Disable collecting  root  Cgroup
138       stats
139
140
141       --docker="unix:///var/run/docker.sock"      docker endpoint
142
143
144       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
145       ronment variable keys matched with specified prefix that  needs  to  be
146       collected for docker containers
147
148
149       --docker-only=false       Only  report docker containers in addition to
150       root stats
151
152
153       --docker-root="/var/lib/docker"      DEPRECATED: docker  root  is  read
154       from docker info (this is a fallback, default: /var/lib/docker)
155
156
157       --docker-tls=false      use TLS to connect to docker
158
159
160       --docker-tls-ca="ca.pem"      path to trusted CA
161
162
163       --docker-tls-cert="cert.pem"      path to client certificate
164
165
166       --docker-tls-key="key.pem"      path to private key
167
168
169       --enable-load-reader=false      Whether to enable cpu load reader
170
171
172       --event-storage-age-limit="default=0"      Max length of time for which
173       to store events (per type). Value is a comma separated list of key val‐
174       ues,  where the keys are event types (e.g.: creation, oom) or "default"
175       and the value is a duration. Default is applied  to  all  non-specified
176       event types
177
178
179       --event-storage-event-limit="default=0"       Max  number  of events to
180       store (per type). Value is a comma separated list of key values,  where
181       the  keys  are  event  types (e.g.: creation, oom) or "default" and the
182       value is an integer. Default is  applied  to  all  non-specified  event
183       types
184
185
186       --global-housekeeping-interval=1m0s      Interval between global house‐
187       keepings
188
189
190       --housekeeping-interval=10s      Interval between container  housekeep‐
191       ings
192
193
194       --insecure-skip-tls-verify=false      If true, the server's certificate
195       will not be checked for validity. This will make your HTTPS connections
196       insecure
197
198
199       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
200       quests.
201
202
203       --log-backtrace-at=:0      when logging hits line file:N, emit a  stack
204       trace
205
206
207       --log-cadvisor-usage=false       Whether to log the usage of the cAdvi‐
208       sor container
209
210
211       --log-dir=""      If non-empty, write log files in this directory
212
213
214       --log-file=""      If non-empty, use this log file
215
216
217       --log-file-max-size=1800      Defines the maximum size a log  file  can
218       grow to. Unit is megabytes. If the value is 0, the maximum file size is
219       unlimited.
220
221
222       --log-flush-frequency=5s      Maximum number  of  seconds  between  log
223       flushes
224
225
226       --logtostderr=true      log to standard error instead of files
227
228
229       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
230            Comma-separated list of files to check  for  machine-id.  Use  the
231       first one that exists.
232
233
234       --match-server-version=false        Require  server  version  to  match
235       client version
236
237
238       -n, --namespace=""      If present, the namespace scope  for  this  CLI
239       request
240
241
242       --one-output=false      If true, only write logs to their native sever‐
243       ity level (vs also writing to each lower severity level
244
245
246       --password=""      Password for basic authentication to the API server
247
248
249       --profile="none"        Name   of   profile   to   capture.   One    of
250       (none|cpu|heap|goroutine|threadcreate|block|mutex)
251
252
253       --profile-output="profile.pprof"       Name  of  the  file to write the
254       profile to
255
256
257       --referenced-reset-interval=0      Reset interval for referenced  bytes
258       (container_referenced_bytes metric), number of measurement cycles after
259       which referenced bytes are cleared, if set to 0  referenced  bytes  are
260       never cleared (default: 0)
261
262
263       --request-timeout="0"       The length of time to wait before giving up
264       on a single server request. Non-zero values  should  contain  a  corre‐
265       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
266       out requests.
267
268
269       -s, --server=""      The address and port of the Kubernetes API server
270
271
272       --skip-headers=false      If true, avoid header  prefixes  in  the  log
273       messages
274
275
276       --skip-log-headers=false       If  true, avoid headers when opening log
277       files
278
279
280       --stderrthreshold=2      logs at or above this threshold go to stderr
281
282
283       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
284       will  be  buffered  for  this duration, and committed to the non memory
285       backends as a single transaction
286
287
288       --storage-driver-db="cadvisor"      database name
289
290
291       --storage-driver-host="localhost:8086"      database host:port
292
293
294       --storage-driver-password="root"      database password
295
296
297       --storage-driver-secure=false      use secure connection with database
298
299
300       --storage-driver-table="stats"      table name
301
302
303       --storage-driver-user="root"      database username
304
305
306       --tls-server-name=""      Server name to  use  for  server  certificate
307       validation.  If  it  is  not provided, the hostname used to contact the
308       server is used
309
310
311       --token=""      Bearer token for authentication to the API server
312
313
314       --update-machine-info-interval=5m0s      Interval between machine  info
315       updates.
316
317
318       --user=""      The name of the kubeconfig user to use
319
320
321       --username=""      Username for basic authentication to the API server
322
323
324       -v, --v=0      number for the log level verbosity
325
326
327       --version=false      Print version information and quit
328
329
330       --vmodule=        comma-separated   list   of  pattern=N  settings  for
331       file-filtered logging
332
333
334       --warnings-as-errors=false      Treat warnings received from the server
335       as errors and exit with a non-zero exit code
336
337
338

SEE ALSO

340       kubectl-certificate(1),
341
342
343

HISTORY

345       January  2015,  Originally compiled by Eric Paris (eparis at redhat dot
346       com) based on the kubernetes source material, but hopefully  they  have
347       been automatically generated since!
348
349
350
351Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum