1OC CREATE SECRET(1)                June 2016               OC CREATE SECRET(1)
2
3
4

NAME

6       oc create secret tls - Create a TLS secret
7
8
9

SYNOPSIS

11       oc create secret tls [OPTIONS]
12
13
14

DESCRIPTION

16       Create a TLS secret from the given public/private key pair.
17
18
19       The public/private key pair must exist before hand. The public key cer‐
20       tificate must be .PEM encoded and match the given private key.
21
22
23

OPTIONS

25       --allow-missing-template-keys=true
26           If true, ignore any errors in templates when a field or map key  is
27       missing  in  the  template.  Only applies to golang and jsonpath output
28       formats.
29
30
31       --append-hash=false
32           Append a hash of the secret to its name.
33
34
35       --cert=""
36           Path to PEM encoded public key certificate.
37
38
39       --dry-run=false
40           If true, only print the object that would be sent, without  sending
41       it.
42
43
44       --generator="secret-for-tls/v1"
45           The name of the API generator to use.
46
47
48       --key=""
49           Path to private key associated with given certificate.
50
51
52       -o, --output=""
53           Output  format.  One  of: json|yaml|name|go-template-file|template‐
54       file|template|go-template|jsonpath|jsonpath-file.
55
56
57       --save-config=false
58           If true, the configuration of current object will be saved  in  its
59       annotation.  Otherwise,  the annotation will be unchanged. This flag is
60       useful when you want to perform kubectl apply on  this  object  in  the
61       future.
62
63
64       --template=""
65           Template  string  or  path  to template file to use when -o=go-tem‐
66       plate, -o=go-template-file. The template format is golang  templates  [
67http://golang.org/pkg/text/template/#pkg-overview⟩].
68
69
70       --validate=false
71           If true, use a schema to validate the input before sending it
72
73
74

OPTIONS INHERITED FROM PARENT COMMANDS

76       --allow_verification_with_non_compliant_keys=false
77           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
78       non-compliant with RFC6962.
79
80
81       --alsologtostderr=false
82           log to standard error as well as files
83
84
85       --application_metrics_count_limit=100
86           Max number of application metrics to store (per container)
87
88
89       --as=""
90           Username to impersonate for the operation
91
92
93       --as-group=[]
94           Group to impersonate for the operation, this flag can  be  repeated
95       to specify multiple groups.
96
97
98       --azure-container-registry-config=""
99           Path  to the file containing Azure container registry configuration
100       information.
101
102
103       --boot_id_file="/proc/sys/kernel/random/boot_id"
104           Comma-separated list of files to check for boot-id. Use  the  first
105       one that exists.
106
107
108       --cache-dir="/builddir/.kube/http-cache"
109           Default HTTP cache directory
110
111
112       --certificate-authority=""
113           Path to a cert file for the certificate authority
114
115
116       --client-certificate=""
117           Path to a client certificate file for TLS
118
119
120       --client-key=""
121           Path to a client key file for TLS
122
123
124       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
125           CIDRs opened in GCE firewall for LB traffic proxy  health checks
126
127
128       --cluster=""
129           The name of the kubeconfig cluster to use
130
131
132       --container_hints="/etc/cadvisor/container_hints.json"
133           location of the container hints file
134
135
136       --containerd="unix:///var/run/containerd.sock"
137           containerd endpoint
138
139
140       --context=""
141           The name of the kubeconfig context to use
142
143
144       --default-not-ready-toleration-seconds=300
145           Indicates   the   tolerationSeconds   of   the    toleration    for
146       notReady:NoExecute  that is added by default to every pod that does not
147       already have such a toleration.
148
149
150       --default-unreachable-toleration-seconds=300
151           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
152       able:NoExecute  that  is  added  by  default to every pod that does not
153       already have such a toleration.
154
155
156       --docker="unix:///var/run/docker.sock"
157           docker endpoint
158
159
160       --docker-tls=false
161           use TLS to connect to docker
162
163
164       --docker-tls-ca="ca.pem"
165           path to trusted CA
166
167
168       --docker-tls-cert="cert.pem"
169           path to client certificate
170
171
172       --docker-tls-key="key.pem"
173           path to private key
174
175
176       --docker_env_metadata_whitelist=""
177           a comma-separated list of environment variable keys that  needs  to
178       be collected for docker containers
179
180
181       --docker_only=false
182           Only report docker containers in addition to root stats
183
184
185       --docker_root="/var/lib/docker"
186           DEPRECATED:  docker  root is read from docker info (this is a fall‐
187       back, default: /var/lib/docker)
188
189
190       --enable_load_reader=false
191           Whether to enable cpu load reader
192
193
194       --event_storage_age_limit="default=24h"
195           Max length of time for which to store events (per type). Value is a
196       comma  separated  list  of  key  values, where the keys are event types
197       (e.g.: creation, oom) or "default" and the value is a duration. Default
198       is applied to all non-specified event types
199
200
201       --event_storage_event_limit="default=100000"
202           Max  number  of  events to store (per type). Value is a comma sepa‐
203       rated list of key values, where the keys are event  types  (e.g.:  cre‐
204       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
205       applied to all non-specified event types
206
207
208       --global_housekeeping_interval=0
209           Interval between global housekeepings
210
211
212       --housekeeping_interval=0
213           Interval between container housekeepings
214
215
216       --insecure-skip-tls-verify=false
217           If true, the server's certificate will not be checked for validity.
218       This will make your HTTPS connections insecure
219
220
221       --kubeconfig=""
222           Path to the kubeconfig file to use for CLI requests.
223
224
225       --log-flush-frequency=0
226           Maximum number of seconds between log flushes
227
228
229       --log_backtrace_at=:0
230           when logging hits line file:N, emit a stack trace
231
232
233       --log_cadvisor_usage=false
234           Whether to log the usage of the cAdvisor container
235
236
237       --log_dir=""
238           If non-empty, write log files in this directory
239
240
241       --logtostderr=true
242           log to standard error instead of files
243
244
245       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
246           Comma-separated  list  of  files  to  check for machine-id. Use the
247       first one that exists.
248
249
250       --match-server-version=false
251           Require server version to match client version
252
253
254       -n, --namespace=""
255           If present, the namespace scope for this CLI request
256
257
258       --request-timeout="0"
259           The length of time to wait before giving  up  on  a  single  server
260       request. Non-zero values should contain a corresponding time unit (e.g.
261       1s, 2m, 3h). A value of zero means don't timeout requests.
262
263
264       -s, --server=""
265           The address and port of the Kubernetes API server
266
267
268       --stderrthreshold=2
269           logs at or above this threshold go to stderr
270
271
272       --storage_driver_buffer_duration=0
273           Writes in the storage driver will be buffered  for  this  duration,
274       and committed to the non memory backends as a single transaction
275
276
277       --storage_driver_db="cadvisor"
278           database name
279
280
281       --storage_driver_host="localhost:8086"
282           database host:port
283
284
285       --storage_driver_password="root"
286           database password
287
288
289       --storage_driver_secure=false
290           use secure connection with database
291
292
293       --storage_driver_table="stats"
294           table name
295
296
297       --storage_driver_user="root"
298           database username
299
300
301       --token=""
302           Bearer token for authentication to the API server
303
304
305       --user=""
306           The name of the kubeconfig user to use
307
308
309       -v, --v=0
310           log level for V logs
311
312
313       --version=false
314           Print version information and quit
315
316
317       --vmodule=
318           comma-separated  list  of pattern=N settings for file-filtered log‐
319       ging
320
321
322

EXAMPLE

324                # Create a new TLS secret named tls-secret with the given key pair:
325                oc create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
326
327
328
329

SEE ALSO

331       oc-create-secret(1),
332
333
334

HISTORY

336       June 2016, Ported from the Kubernetes man-doc generator
337
338
339
340Openshift                  Openshift CLI User Manuals      OC CREATE SECRET(1)
Impressum