1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl certificate deny - Deny a certificate signing request
10
11
12
14 kubectl certificate deny [OPTIONS]
15
16
17
19 Deny a certificate signing request.
20
21
22 kubectl certificate deny allows a cluster admin to deny a certificate
23 signing request (CSR). This action tells a certificate signing con‐
24 troller to not to issue a certificate to the requestor.
25
26
27
29 --allow-missing-template-keys=true If true, ignore any errors in
30 templates when a field or map key is missing in the template. Only ap‐
31 plies to golang and jsonpath output formats.
32
33
34 -f, --filename=[] Filename, directory, or URL to files identifying
35 the resource to update
36
37
38 --force=false Update the CSR even if it is already denied.
39
40
41 -k, --kustomize="" Process the kustomization directory. This flag
42 can't be used together with -f or -R.
43
44
45 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
46 plate|go-template-file|template|templatefile|jsonpath|json‐
47 path-as-json|jsonpath-file.
48
49
50 -R, --recursive=false Process the directory used in -f, --filename
51 recursively. Useful when you want to manage related manifests organized
52 within the same directory.
53
54
55 --template="" Template string or path to template file to use when
56 -o=go-template, -o=go-template-file. The template format is golang tem‐
57 plates [http://golang.org/pkg/text/template/#pkg-overview].
58
59
60
62 --add-dir-header=false If true, adds the file directory to the
63 header of the log messages
64
65
66 --alsologtostderr=false log to standard error as well as files
67
68
69 --application-metrics-count-limit=100 Max number of application
70 metrics to store (per container)
71
72
73 --as="" Username to impersonate for the operation
74
75
76 --as-group=[] Group to impersonate for the operation, this flag
77 can be repeated to specify multiple groups.
78
79
80 --azure-container-registry-config="" Path to the file containing
81 Azure container registry configuration information.
82
83
84 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
85 list of files to check for boot-id. Use the first one that exists.
86
87
88 --cache-dir="/builddir/.kube/cache" Default cache directory
89
90
91 --certificate-authority="" Path to a cert file for the certificate
92 authority
93
94
95 --client-certificate="" Path to a client certificate file for TLS
96
97
98 --client-key="" Path to a client key file for TLS
99
100
101 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
102 CIDRs opened in GCE firewall for L7 LB traffic proxy health
103 checks
104
105
106 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
107 CIDRs opened in GCE firewall for L4 LB traffic proxy health
108 checks
109
110
111 --cluster="" The name of the kubeconfig cluster to use
112
113
114 --container-hints="/etc/cadvisor/container_hints.json" location of
115 the container hints file
116
117
118 --containerd="/run/containerd/containerd.sock" containerd endpoint
119
120
121 --containerd-namespace="k8s.io" containerd namespace
122
123
124 --context="" The name of the kubeconfig context to use
125
126
127 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
128 tionSeconds of the toleration for notReady:NoExecute that is added by
129 default to every pod that does not already have such a toleration.
130
131
132 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
133 tionSeconds of the toleration for unreachable:NoExecute that is added
134 by default to every pod that does not already have such a toleration.
135
136
137 --disable-root-cgroup-stats=false Disable collecting root Cgroup
138 stats
139
140
141 --docker="unix:///var/run/docker.sock" docker endpoint
142
143
144 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
145 ronment variable keys matched with specified prefix that needs to be
146 collected for docker containers
147
148
149 --docker-only=false Only report docker containers in addition to
150 root stats
151
152
153 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
154 from docker info (this is a fallback, default: /var/lib/docker)
155
156
157 --docker-tls=false use TLS to connect to docker
158
159
160 --docker-tls-ca="ca.pem" path to trusted CA
161
162
163 --docker-tls-cert="cert.pem" path to client certificate
164
165
166 --docker-tls-key="key.pem" path to private key
167
168
169 --enable-load-reader=false Whether to enable cpu load reader
170
171
172 --event-storage-age-limit="default=0" Max length of time for which
173 to store events (per type). Value is a comma separated list of key val‐
174 ues, where the keys are event types (e.g.: creation, oom) or "default"
175 and the value is a duration. Default is applied to all non-specified
176 event types
177
178
179 --event-storage-event-limit="default=0" Max number of events to
180 store (per type). Value is a comma separated list of key values, where
181 the keys are event types (e.g.: creation, oom) or "default" and the
182 value is an integer. Default is applied to all non-specified event
183 types
184
185
186 --global-housekeeping-interval=1m0s Interval between global house‐
187 keepings
188
189
190 --housekeeping-interval=10s Interval between container housekeep‐
191 ings
192
193
194 --insecure-skip-tls-verify=false If true, the server's certificate
195 will not be checked for validity. This will make your HTTPS connections
196 insecure
197
198
199 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
200 quests.
201
202
203 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
204 trace
205
206
207 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
208 sor container
209
210
211 --log-dir="" If non-empty, write log files in this directory
212
213
214 --log-file="" If non-empty, use this log file
215
216
217 --log-file-max-size=1800 Defines the maximum size a log file can
218 grow to. Unit is megabytes. If the value is 0, the maximum file size is
219 unlimited.
220
221
222 --log-flush-frequency=5s Maximum number of seconds between log
223 flushes
224
225
226 --logtostderr=true log to standard error instead of files
227
228
229 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
230 Comma-separated list of files to check for machine-id. Use the
231 first one that exists.
232
233
234 --match-server-version=false Require server version to match
235 client version
236
237
238 -n, --namespace="" If present, the namespace scope for this CLI
239 request
240
241
242 --one-output=false If true, only write logs to their native sever‐
243 ity level (vs also writing to each lower severity level
244
245
246 --password="" Password for basic authentication to the API server
247
248
249 --profile="none" Name of profile to capture. One of
250 (none|cpu|heap|goroutine|threadcreate|block|mutex)
251
252
253 --profile-output="profile.pprof" Name of the file to write the
254 profile to
255
256
257 --referenced-reset-interval=0 Reset interval for referenced bytes
258 (container_referenced_bytes metric), number of measurement cycles after
259 which referenced bytes are cleared, if set to 0 referenced bytes are
260 never cleared (default: 0)
261
262
263 --request-timeout="0" The length of time to wait before giving up
264 on a single server request. Non-zero values should contain a corre‐
265 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
266 out requests.
267
268
269 -s, --server="" The address and port of the Kubernetes API server
270
271
272 --skip-headers=false If true, avoid header prefixes in the log
273 messages
274
275
276 --skip-log-headers=false If true, avoid headers when opening log
277 files
278
279
280 --stderrthreshold=2 logs at or above this threshold go to stderr
281
282
283 --storage-driver-buffer-duration=1m0s Writes in the storage driver
284 will be buffered for this duration, and committed to the non memory
285 backends as a single transaction
286
287
288 --storage-driver-db="cadvisor" database name
289
290
291 --storage-driver-host="localhost:8086" database host:port
292
293
294 --storage-driver-password="root" database password
295
296
297 --storage-driver-secure=false use secure connection with database
298
299
300 --storage-driver-table="stats" table name
301
302
303 --storage-driver-user="root" database username
304
305
306 --tls-server-name="" Server name to use for server certificate
307 validation. If it is not provided, the hostname used to contact the
308 server is used
309
310
311 --token="" Bearer token for authentication to the API server
312
313
314 --update-machine-info-interval=5m0s Interval between machine info
315 updates.
316
317
318 --user="" The name of the kubeconfig user to use
319
320
321 --username="" Username for basic authentication to the API server
322
323
324 -v, --v=0 number for the log level verbosity
325
326
327 --version=false Print version information and quit
328
329
330 --vmodule= comma-separated list of pattern=N settings for
331 file-filtered logging
332
333
334 --warnings-as-errors=false Treat warnings received from the server
335 as errors and exit with a non-zero exit code
336
337
338
340 kubectl-certificate(1),
341
342
343
345 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
346 com) based on the kubernetes source material, but hopefully they have
347 been automatically generated since!
348
349
350
351Manuals User KUBERNETES(1)(kubernetes)