Kops distrust keypair
kops distrust keypair
Distrust a keypair.
Synopsis
Distrust one or more keypairs in a keyset.
Distrusting removes the certificates of the specified keypairs from trust stores.
Only secondary keypairs may be distrusted.
If no keypair IDs are specified, all keypairs in the keyset that are older than the primary keypair will be distrusted.
If the keyset is specified as “all”, each rotatable keyset will have all keypairs older than their respective primary keypairs distrusted.
kops distrust keypair {KEYSET [ID]... | all} [flags]
Examples
# Distrust all cluster CA keypairs older than the primary.
kops distrust keypair ca
# Distrust a particular keypair.
kops distrust keypair ca 6977545226837259959403993899
# Distrust all rotatable keypairs older than their respective primaries.
kops distrust keypair all
Options
-h, --help help for keypair
Options inherited from parent commands
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files
--config string yaml config file (default is $HOME/.kops.yaml)
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory
--log_file string If non-empty, use this log file
--log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--name string Name of cluster. Overrides KOPS_CLUSTER_NAME environment variable
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level)
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--state string Location of state storage (kops 'config' file). Overrides KOPS_STATE_STORE environment variable
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
SEE ALSO
- kops distrust - Distrust keypairs.