1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
3
4
6 kubectl create secret tls - Create a TLS secret
7
8
9
11 kubectl create secret tls [OPTIONS]
12
13
14
16 Create a TLS secret from the given public/private key pair.
17
18
19 The public/private key pair must exist before hand. The public key cer‐
20 tificate must be .PEM encoded and match the given private key.
21
22
23
25 --allow-missing-template-keys=true
26 If true, ignore any errors in templates when a field or map key is
27 missing in the template. Only applies to golang and jsonpath output
28 formats.
29
30
31 --append-hash=false
32 Append a hash of the secret to its name.
33
34
35 --cert=""
36 Path to PEM encoded public key certificate.
37
38
39 --dry-run=false
40 If true, only print the object that would be sent, without sending
41 it.
42
43
44 --generator="secret-for-tls/v1"
45 The name of the API generator to use.
46
47
48 --key=""
49 Path to private key associated with given certificate.
50
51
52 -o, --output=""
53 Output format. One of: json|yaml|name|go-template|go-tem‐
54 plate-file|template|templatefile|jsonpath|jsonpath-file.
55
56
57 --save-config=false
58 If true, the configuration of current object will be saved in its
59 annotation. Otherwise, the annotation will be unchanged. This flag is
60 useful when you want to perform kubectl apply on this object in the
61 future.
62
63
64 --template=""
65 Template string or path to template file to use when -o=go-tem‐
66 plate, -o=go-template-file. The template format is golang templates [
67 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
68
69
70 --validate=true
71 If true, use a schema to validate the input before sending it
72
73
74
76 --alsologtostderr=false
77 log to standard error as well as files
78
79
80 --application-metrics-count-limit=100
81 Max number of application metrics to store (per container)
82
83
84 --as=""
85 Username to impersonate for the operation
86
87
88 --as-group=[]
89 Group to impersonate for the operation, this flag can be repeated
90 to specify multiple groups.
91
92
93 --azure-container-registry-config=""
94 Path to the file containing Azure container registry configuration
95 information.
96
97
98 --boot-id-file="/proc/sys/kernel/random/boot_id"
99 Comma-separated list of files to check for boot-id. Use the first
100 one that exists.
101
102
103 --cache-dir="/builddir/.kube/http-cache"
104 Default HTTP cache directory
105
106
107 --certificate-authority=""
108 Path to a cert file for the certificate authority
109
110
111 --client-certificate=""
112 Path to a client certificate file for TLS
113
114
115 --client-key=""
116 Path to a client key file for TLS
117
118
119 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
120 CIDRs opened in GCE firewall for LB traffic proxy health checks
121
122
123 --cluster=""
124 The name of the kubeconfig cluster to use
125
126
127 --container-hints="/etc/cadvisor/container_hints.json"
128 location of the container hints file
129
130
131 --containerd="unix:///var/run/containerd.sock"
132 containerd endpoint
133
134
135 --context=""
136 The name of the kubeconfig context to use
137
138
139 --default-not-ready-toleration-seconds=300
140 Indicates the tolerationSeconds of the toleration for
141 notReady:NoExecute that is added by default to every pod that does not
142 already have such a toleration.
143
144
145 --default-unreachable-toleration-seconds=300
146 Indicates the tolerationSeconds of the toleration for unreach‐
147 able:NoExecute that is added by default to every pod that does not
148 already have such a toleration.
149
150
151 --docker="unix:///var/run/docker.sock"
152 docker endpoint
153
154
155 --docker-env-metadata-whitelist=""
156 a comma-separated list of environment variable keys that needs to
157 be collected for docker containers
158
159
160 --docker-only=false
161 Only report docker containers in addition to root stats
162
163
164 --docker-root="/var/lib/docker"
165 DEPRECATED: docker root is read from docker info (this is a fall‐
166 back, default: /var/lib/docker)
167
168
169 --docker-tls=false
170 use TLS to connect to docker
171
172
173 --docker-tls-ca="ca.pem"
174 path to trusted CA
175
176
177 --docker-tls-cert="cert.pem"
178 path to client certificate
179
180
181 --docker-tls-key="key.pem"
182 path to private key
183
184
185 --enable-load-reader=false
186 Whether to enable cpu load reader
187
188
189 --event-storage-age-limit="default=0"
190 Max length of time for which to store events (per type). Value is a
191 comma separated list of key values, where the keys are event types
192 (e.g.: creation, oom) or "default" and the value is a duration. Default
193 is applied to all non-specified event types
194
195
196 --event-storage-event-limit="default=0"
197 Max number of events to store (per type). Value is a comma sepa‐
198 rated list of key values, where the keys are event types (e.g.: cre‐
199 ation, oom) or "default" and the value is an integer. Default is
200 applied to all non-specified event types
201
202
203 --global-housekeeping-interval=1m0s
204 Interval between global housekeepings
205
206
207 --housekeeping-interval=10s
208 Interval between container housekeepings
209
210
211 --insecure-skip-tls-verify=false
212 If true, the server's certificate will not be checked for validity.
213 This will make your HTTPS connections insecure
214
215
216 --kubeconfig=""
217 Path to the kubeconfig file to use for CLI requests.
218
219
220 --log-backtrace-at=:0
221 when logging hits line file:N, emit a stack trace
222
223
224 --log-cadvisor-usage=false
225 Whether to log the usage of the cAdvisor container
226
227
228 --log-dir=""
229 If non-empty, write log files in this directory
230
231
232 --log-file=""
233 If non-empty, use this log file
234
235
236 --log-flush-frequency=5s
237 Maximum number of seconds between log flushes
238
239
240 --logtostderr=true
241 log to standard error instead of files
242
243
244 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
245 Comma-separated list of files to check for machine-id. Use the
246 first one that exists.
247
248
249 --match-server-version=false
250 Require server version to match client version
251
252
253 --mesos-agent="127.0.0.1:5051"
254 Mesos agent address
255
256
257 --mesos-agent-timeout=10s
258 Mesos agent timeout
259
260
261 -n, --namespace=""
262 If present, the namespace scope for this CLI request
263
264
265 --password=""
266 Password for basic authentication to the API server
267
268
269 --profile="none"
270 Name of profile to capture. One of (none|cpu|heap|goroutine|thread‐
271 create|block|mutex)
272
273
274 --profile-output="profile.pprof"
275 Name of the file to write the profile to
276
277
278 --request-timeout="0"
279 The length of time to wait before giving up on a single server
280 request. Non-zero values should contain a corresponding time unit (e.g.
281 1s, 2m, 3h). A value of zero means don't timeout requests.
282
283
284 -s, --server=""
285 The address and port of the Kubernetes API server
286
287
288 --skip-headers=false
289 If true, avoid header prefixes in the log messages
290
291
292 --stderrthreshold=2
293 logs at or above this threshold go to stderr
294
295
296 --storage-driver-buffer-duration=1m0s
297 Writes in the storage driver will be buffered for this duration,
298 and committed to the non memory backends as a single transaction
299
300
301 --storage-driver-db="cadvisor"
302 database name
303
304
305 --storage-driver-host="localhost:8086"
306 database host:port
307
308
309 --storage-driver-password="root"
310 database password
311
312
313 --storage-driver-secure=false
314 use secure connection with database
315
316
317 --storage-driver-table="stats"
318 table name
319
320
321 --storage-driver-user="root"
322 database username
323
324
325 --token=""
326 Bearer token for authentication to the API server
327
328
329 --user=""
330 The name of the kubeconfig user to use
331
332
333 --username=""
334 Username for basic authentication to the API server
335
336
337 -v, --v=0
338 log level for V logs
339
340
341 --version=false
342 Print version information and quit
343
344
345 --vmodule=
346 comma-separated list of pattern=N settings for file-filtered log‐
347 ging
348
349
350
352 # Create a new TLS secret named tls-secret with the given key pair:
353 kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
354
355
356
357
359 kubectl-create-secret(1),
360
361
362
364 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
365 com) based on the kubernetes source material, but hopefully they have
366 been automatically generated since!
367
368
369
370Eric Paris kubernetes User Manuals KUBERNETES(1)