Linux command
kubectl-certificate 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Approve a certificate signing request
kubectl certificate approve [csr-name]
Deny a certificate signing request
kubectl certificate deny [csr-name]
Approve all pending certificate signing requests
kubectl get csr -o name | xargs kubectl certificate approve
Approve a CSR with a specific reason
kubectl certificate deny [csr-name] --reason="[Expired certificate]"
List certificate signing requests
kubectl get csr
说明
kubectl certificate manages certificate signing requests (CSRs) in Kubernetes. Used to approve or deny CSRs for kubelet client certificates and other TLS certificates. Part of the cluster's PKI management. When a new node joins a cluster, it generates a CSR that must be approved before the node can communicate with the API server.
参数
- approve _name_
- Approve a certificate signing request.
- deny _name_
- Deny a certificate signing request.
- --reason _string_
- Reason for approving or denying the CSR, stored in the status condition.
- --force
- Update the CSR even if it is already approved or denied.
- --allow-missing-template-keys
- If true, ignore errors in templates when a field or map key is missing. Default true.
- -o, --output _format_
- Output format. One of: json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file.
FAQ
What is the kubectl-certificate command used for?
kubectl certificate manages certificate signing requests (CSRs) in Kubernetes. Used to approve or deny CSRs for kubelet client certificates and other TLS certificates. Part of the cluster's PKI management. When a new node joins a cluster, it generates a CSR that must be approved before the node can communicate with the API server.
How do I run a basic kubectl-certificate example?
Run `kubectl certificate approve [csr-name]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does approve _name_ do in kubectl-certificate?
Approve a certificate signing request.