我的书签
添加书签
移除书签certificate
Modify certificate resources.
Usage
$ kubectl certificate SUBCOMMAND
approve
Approve CSR ‘csr-sqgzp’
kubectl certificate approve csr-sqgzp
Approve a certificate signing request.
kubectl certificate approve allows a cluster admin to approve a certificate signing request (CSR). This action tells a certificate signing controller to issue a certificate to the requestor with the attributes requested in the CSR.
SECURITY NOTICE: Depending on the requested attributes, the issued certificate can potentially grant a requester access to cluster resources or to authenticate as a requested identity. Before approving a CSR, ensure you understand what the signed certificate can do.
Usage
$ kubectl certificate approve (-f FILENAME | NAME)
Flags
| Name | Shorthand | Default | Usage |
|---|---|---|---|
| allow-missing-template-keys | true | If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. | |
| filename | f | [] | Filename, directory, or URL to files identifying the resource to update |
| force | false | Update the CSR even if it is already approved. | |
| kustomize | k | Process the kustomization directory. This flag can’t be used together with -f or -R. | |
| output | o | Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file. | |
| recursive | R | false | Process the directory used in -f, —filename recursively. Useful when you want to manage related manifests organized within the same directory. |
| show-managed-fields | false | If true, keep the managedFields when printing objects in JSON or YAML format. | |
| template | Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. |
deny
Deny CSR ‘csr-sqgzp’
kubectl certificate deny csr-sqgzp
Deny a certificate signing request.
kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requestor.
Usage
$ kubectl certificate deny (-f FILENAME | NAME)
Flags
| Name | Shorthand | Default | Usage |
|---|---|---|---|
| allow-missing-template-keys | true | If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. | |
| filename | f | [] | Filename, directory, or URL to files identifying the resource to update |
| force | false | Update the CSR even if it is already denied. | |
| kustomize | k | Process the kustomization directory. This flag can’t be used together with -f or -R. | |
| output | o | Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file. | |
| recursive | R | false | Process the directory used in -f, —filename recursively. Useful when you want to manage related manifests organized within the same directory. |
| show-managed-fields | false | If true, keep the managedFields when printing objects in JSON or YAML format. | |
| template | Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. |
