1KUBERNETES(1)                      Jan 2015                      KUBERNETES(1)
2
3
4

NAME

6       kubectl  create  secret  generic  -  Create a secret from a local file,
7       directory or literal value
8
9
10

SYNOPSIS

12       kubectl create secret generic [OPTIONS]
13
14
15

DESCRIPTION

17       Create a secret based on a file, directory, or specified literal value.
18
19
20       A single secret may package one or more key/value pairs.
21
22
23       When creating a secret based on a file, the key  will  default  to  the
24       basename  of  the file, and the value will default to the file content.
25       If the basename is an invalid key or you wish to chose  your  own,  you
26       may specify an alternate key.
27
28
29       When  creating  a secret based on a directory, each file whose basename
30       is a valid key in the directory will be packaged into the  secret.  Any
31       directory  entries  except  regular files are ignored (e.g. subdirecto‐
32       ries, symlinks, devices, pipes, etc).
33
34
35

OPTIONS

37       --allow-missing-template-keys=true
38           If true, ignore any errors in templates when a field or map key  is
39       missing  in  the  template.  Only applies to golang and jsonpath output
40       formats.
41
42
43       --append-hash=false
44           Append a hash of the secret to its name.
45
46
47       --dry-run=false
48           If true, only print the object that would be sent, without  sending
49       it.
50
51
52       --from-env-file=""
53           Specify the path to a file to read lines of key=val pairs to create
54       a secret (i.e. a Docker .env file).
55
56
57       --from-file=[]
58           Key files can be specified using their file path, in which  case  a
59       default  name will be given to them, or optionally with a name and file
60       path, in which case the given name will be used.  Specifying  a  direc‐
61       tory  will  iterate  each  named  file in the directory that is a valid
62       secret key.
63
64
65       --from-literal=[]
66           Specify  a  key  and  literal  value  to  insert  in  secret  (i.e.
67       mykey=somevalue)
68
69
70       --generator="secret/v1"
71           The name of the API generator to use.
72
73
74       -o, --output=""
75           Output    format.    One   of:   json|yaml|name|go-template|go-tem‐
76       plate-file|template|templatefile|jsonpath|jsonpath-file.
77
78
79       --save-config=false
80           If true, the configuration of current object will be saved  in  its
81       annotation.  Otherwise,  the annotation will be unchanged. This flag is
82       useful when you want to perform kubectl apply on  this  object  in  the
83       future.
84
85
86       --template=""
87           Template  string  or  path  to template file to use when -o=go-tem‐
88       plate, -o=go-template-file. The template format is golang  templates  [
89http://golang.org/pkg/text/template/#pkg-overview⟩].
90
91
92       --type=""
93           The type of secret to create
94
95
96       --validate=true
97           If true, use a schema to validate the input before sending it
98
99
100

OPTIONS INHERITED FROM PARENT COMMANDS

102       --alsologtostderr=false
103           log to standard error as well as files
104
105
106       --application-metrics-count-limit=100
107           Max number of application metrics to store (per container)
108
109
110       --as=""
111           Username to impersonate for the operation
112
113
114       --as-group=[]
115           Group  to  impersonate for the operation, this flag can be repeated
116       to specify multiple groups.
117
118
119       --azure-container-registry-config=""
120           Path to the file containing Azure container registry  configuration
121       information.
122
123
124       --boot-id-file="/proc/sys/kernel/random/boot_id"
125           Comma-separated  list  of files to check for boot-id. Use the first
126       one that exists.
127
128
129       --cache-dir="/builddir/.kube/http-cache"
130           Default HTTP cache directory
131
132
133       --certificate-authority=""
134           Path to a cert file for the certificate authority
135
136
137       --client-certificate=""
138           Path to a client certificate file for TLS
139
140
141       --client-key=""
142           Path to a client key file for TLS
143
144
145       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
146           CIDRs opened in GCE firewall for LB traffic proxy  health checks
147
148
149       --cluster=""
150           The name of the kubeconfig cluster to use
151
152
153       --container-hints="/etc/cadvisor/container_hints.json"
154           location of the container hints file
155
156
157       --containerd="unix:///var/run/containerd.sock"
158           containerd endpoint
159
160
161       --context=""
162           The name of the kubeconfig context to use
163
164
165       --default-not-ready-toleration-seconds=300
166           Indicates    the    tolerationSeconds   of   the   toleration   for
167       notReady:NoExecute that is added by default to every pod that does  not
168       already have such a toleration.
169
170
171       --default-unreachable-toleration-seconds=300
172           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
173       able:NoExecute that is added by default to  every  pod  that  does  not
174       already have such a toleration.
175
176
177       --docker="unix:///var/run/docker.sock"
178           docker endpoint
179
180
181       --docker-env-metadata-whitelist=""
182           a  comma-separated  list of environment variable keys that needs to
183       be collected for docker containers
184
185
186       --docker-only=false
187           Only report docker containers in addition to root stats
188
189
190       --docker-root="/var/lib/docker"
191           DEPRECATED: docker root is read from docker info (this is  a  fall‐
192       back, default: /var/lib/docker)
193
194
195       --docker-tls=false
196           use TLS to connect to docker
197
198
199       --docker-tls-ca="ca.pem"
200           path to trusted CA
201
202
203       --docker-tls-cert="cert.pem"
204           path to client certificate
205
206
207       --docker-tls-key="key.pem"
208           path to private key
209
210
211       --enable-load-reader=false
212           Whether to enable cpu load reader
213
214
215       --event-storage-age-limit="default=0"
216           Max length of time for which to store events (per type). Value is a
217       comma separated list of key values, where  the  keys  are  event  types
218       (e.g.: creation, oom) or "default" and the value is a duration. Default
219       is applied to all non-specified event types
220
221
222       --event-storage-event-limit="default=0"
223           Max number of events to store (per type). Value is  a  comma  sepa‐
224       rated  list  of  key values, where the keys are event types (e.g.: cre‐
225       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
226       applied to all non-specified event types
227
228
229       --global-housekeeping-interval=1m0s
230           Interval between global housekeepings
231
232
233       --housekeeping-interval=10s
234           Interval between container housekeepings
235
236
237       --insecure-skip-tls-verify=false
238           If true, the server's certificate will not be checked for validity.
239       This will make your HTTPS connections insecure
240
241
242       --kubeconfig=""
243           Path to the kubeconfig file to use for CLI requests.
244
245
246       --log-backtrace-at=:0
247           when logging hits line file:N, emit a stack trace
248
249
250       --log-cadvisor-usage=false
251           Whether to log the usage of the cAdvisor container
252
253
254       --log-dir=""
255           If non-empty, write log files in this directory
256
257
258       --log-file=""
259           If non-empty, use this log file
260
261
262       --log-flush-frequency=5s
263           Maximum number of seconds between log flushes
264
265
266       --logtostderr=true
267           log to standard error instead of files
268
269
270       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
271           Comma-separated list of files to  check  for  machine-id.  Use  the
272       first one that exists.
273
274
275       --match-server-version=false
276           Require server version to match client version
277
278
279       --mesos-agent="127.0.0.1:5051"
280           Mesos agent address
281
282
283       --mesos-agent-timeout=10s
284           Mesos agent timeout
285
286
287       -n, --namespace=""
288           If present, the namespace scope for this CLI request
289
290
291       --password=""
292           Password for basic authentication to the API server
293
294
295       --profile="none"
296           Name of profile to capture. One of (none|cpu|heap|goroutine|thread‐
297       create|block|mutex)
298
299
300       --profile-output="profile.pprof"
301           Name of the file to write the profile to
302
303
304       --request-timeout="0"
305           The length of time to wait before giving  up  on  a  single  server
306       request. Non-zero values should contain a corresponding time unit (e.g.
307       1s, 2m, 3h). A value of zero means don't timeout requests.
308
309
310       -s, --server=""
311           The address and port of the Kubernetes API server
312
313
314       --skip-headers=false
315           If true, avoid header prefixes in the log messages
316
317
318       --stderrthreshold=2
319           logs at or above this threshold go to stderr
320
321
322       --storage-driver-buffer-duration=1m0s
323           Writes in the storage driver will be buffered  for  this  duration,
324       and committed to the non memory backends as a single transaction
325
326
327       --storage-driver-db="cadvisor"
328           database name
329
330
331       --storage-driver-host="localhost:8086"
332           database host:port
333
334
335       --storage-driver-password="root"
336           database password
337
338
339       --storage-driver-secure=false
340           use secure connection with database
341
342
343       --storage-driver-table="stats"
344           table name
345
346
347       --storage-driver-user="root"
348           database username
349
350
351       --token=""
352           Bearer token for authentication to the API server
353
354
355       --user=""
356           The name of the kubeconfig user to use
357
358
359       --username=""
360           Username for basic authentication to the API server
361
362
363       -v, --v=0
364           log level for V logs
365
366
367       --version=false
368           Print version information and quit
369
370
371       --vmodule=
372           comma-separated  list  of pattern=N settings for file-filtered log‐
373       ging
374
375
376

EXAMPLE

378                # Create a new secret named my-secret with keys for each file in folder bar
379                kubectl create secret generic my-secret --from-file=path/to/bar
380
381                # Create a new secret named my-secret with specified keys instead of names on disk
382                kubectl create secret generic my-secret --from-file=ssh-privatekey= /.ssh/id_rsa --from-file=ssh-publickey= /.ssh/id_rsa.pub
383
384                # Create a new secret named my-secret with key1=supersecret and key2=topsecret
385                kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
386
387                # Create a new secret named my-secret using a combination of a file and a literal
388                kubectl create secret generic my-secret --from-file=ssh-privatekey= /.ssh/id_rsa --from-literal=passphrase=topsecret
389
390                # Create a new secret named my-secret from an env file
391                kubectl create secret generic my-secret --from-env-file=path/to/bar.env
392
393
394
395

SEE ALSO

397       kubectl-create-secret(1),
398
399
400

HISTORY

402       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
403       com)  based  on the kubernetes source material, but hopefully they have
404       been automatically generated since!
405
406
407
408Eric Paris                  kubernetes User Manuals              KUBERNETES(1)
Impressum