kubectl-certificate-approve(1)

1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl certificate approve - Approve a certificate signing request
10
11
12

SYNOPSIS

14       kubectl certificate approve [OPTIONS]
15
16
17

DESCRIPTION

19       Approve a certificate signing request.
20
21
22       kubectl  certificate  approve  allows a cluster admin to approve a cer‐
23       tificate signing request (CSR). This action tells a certificate signing
24       controller  to issue a certificate to the requestor with the attributes
25       requested in the CSR.
26
27
28       SECURITY NOTICE: Depending on the requested attributes, the issued cer‐
29       tificate  can potentially grant a requester access to cluster resources
30       or to authenticate as a requested identity. Before approving a CSR, en‐
31       sure you understand what the signed certificate can do.
32
33
34

OPTIONS

36       --allow-missing-template-keys=true       If  true, ignore any errors in
37       templates when a field or map key is missing in the template. Only  ap‐
38       plies to golang and jsonpath output formats.
39
40
41       -f, --filename=[]      Filename, directory, or URL to files identifying
42       the resource to update
43
44
45       --force=false      Update the CSR even if it is already approved.
46
47
48       -k, --kustomize=""      Process the kustomization directory. This  flag
49       can't be used together with -f or -R.
50
51
52       -o,  --output=""      Output format. One of: (json, yaml, name, go-tem‐
53       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
54       json, jsonpath-file).
55
56
57       -R, --recursive=false      Process the directory used in -f, --filename
58       recursively. Useful when you want to manage related manifests organized
59       within the same directory.
60
61
62       --show-managed-fields=false       If  true, keep the managedFields when
63       printing objects in JSON or YAML format.
64
65
66       --template=""      Template string or path to template file to use when
67       -o=go-template, -o=go-template-file. The template format is golang tem‐
68       plates [http://golang.org/pkg/text/template/#pkg-overview].
69
70
71

OPTIONS INHERITED FROM PARENT COMMANDS

73       --as=""      Username to impersonate for the operation. User could be a
74       regular user or a service account in a namespace.
75
76
77       --as-group=[]       Group  to  impersonate for the operation, this flag
78       can be repeated to specify multiple groups.
79
80
81       --as-uid=""      UID to impersonate for the operation.
82
83
84       --azure-container-registry-config=""      Path to the  file  containing
85       Azure container registry configuration information.
86
87
88       --cache-dir="/builddir/.kube/cache"      Default cache directory
89
90
91       --certificate-authority=""      Path to a cert file for the certificate
92       authority
93
94
95       --client-certificate=""      Path to a client certificate file for TLS
96
97
98       --client-key=""      Path to a client key file for TLS
99
100
101       --cluster=""      The name of the kubeconfig cluster to use
102
103
104       --context=""      The name of the kubeconfig context to use
105
106
107       --disable-compression=false      If true, opt-out of response  compres‐
108       sion for all requests to the server
109
110
111       --insecure-skip-tls-verify=false      If true, the server's certificate
112       will not be checked for validity. This will make your HTTPS connections
113       insecure
114
115
116       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
117       quests.
118
119
120       --match-server-version=false       Require  server  version  to   match
121       client version
122
123
124       -n,  --namespace=""       If  present, the namespace scope for this CLI
125       request
126
127
128       --password=""      Password for basic authentication to the API server
129
130
131       --profile="none"        Name   of   profile   to   capture.   One    of
132       (none|cpu|heap|goroutine|threadcreate|block|mutex)
133
134
135       --profile-output="profile.pprof"       Name  of  the  file to write the
136       profile to
137
138
139       --request-timeout="0"      The length of time to wait before giving  up
140       on  a  single  server  request. Non-zero values should contain a corre‐
141       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
142       out requests.
143
144
145       -s, --server=""      The address and port of the Kubernetes API server
146
147
148       --tls-server-name=""       Server  name  to  use for server certificate
149       validation. If it is not provided, the hostname  used  to  contact  the
150       server is used
151
152
153       --token=""      Bearer token for authentication to the API server
154
155
156       --user=""      The name of the kubeconfig user to use
157
158
159       --username=""      Username for basic authentication to the API server
160
161
162       --version=false      Print version information and quit
163
164
165       --warnings-as-errors=false      Treat warnings received from the server
166       as errors and exit with a non-zero exit code
167
168
169

EXAMPLE

171                # Approve CSR 'csr-sqgzp'
172                kubectl certificate approve csr-sqgzp
173
174
175
176

HISTORY

183       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
184       com)  based  on the kubernetes source material, but hopefully they have
185       been automatically generated since!
186
187
188
189Manuals                              User            KUBERNETES(1)(kubernetes)