1OC ADM(1) June 2016 OC ADM(1)
2
6 oc adm create-server-cert -
7
11 oc adm create-server-cert [OPTIONS]
12
16 Create a key and server certificate
17 Create a key and server certificate valid for the specified hostnames,
20 signed by the specified CA. These are useful for securing infrastruc‐
21 ture components such as the router, authentication server, etc.
22 Example: Creating a secure router certificate.
25 CA=openshift.local.config/master
28 oc adm create-server-cert --signer-cert=$CA/ca.crt \
29 --signer-key=$CA/ca.key --signer-serial=$CA/ca.serial.txt \
30 --hostnames='*.cloudapps.example.com' \
31 --cert=cloudapps.crt --key=cloudapps.key
32 cat cloudapps.crt cloudapps.key $CA/ca.crt > cloudapps.router.pem
33
37 --cert=""
38 The certificate file. Choose a name that indicates what the service
39 is.
40 --expire-days=730
43 Validity of the certificate in days (defaults to 2 years). WARNING:
44 extending this above default value is highly discouraged.
45 --hostnames=[]
48 Every hostname or IP you want server certs to be valid for. Comma
49 delimited list
50 --key=""
53 The key file. Choose a name that indicates what the service is.
54 --overwrite=true
57 Overwrite existing cert files if found. If false, any existing
58 file will be left as-is.
59 --signer-cert="openshift.local.config/master/ca.crt"
62 The certificate file.
63 --signer-key="openshift.local.config/master/ca.key"
66 The key file.
67 --signer-serial="openshift.local.config/master/ca.serial.txt"
70 The serial file that keeps track of how many certs have been
71 signed.
72
76 --allow_verification_with_non_compliant_keys=false
77 Allow a SignatureVerifier to use keys which are technically
78 non-compliant with RFC6962.
79 --alsologtostderr=false
82 log to standard error as well as files
83 --application_metrics_count_limit=100
86 Max number of application metrics to store (per container)
87 --as=""
90 Username to impersonate for the operation
91 --as-group=[]
94 Group to impersonate for the operation, this flag can be repeated
95 to specify multiple groups.
96 --azure-container-registry-config=""
99 Path to the file containing Azure container registry configuration
100 information.
101 --boot_id_file="/proc/sys/kernel/random/boot_id"
104 Comma-separated list of files to check for boot-id. Use the first
105 one that exists.
106 --cache-dir="/builddir/.kube/http-cache"
109 Default HTTP cache directory
110 --certificate-authority=""
113 Path to a cert file for the certificate authority
114 --client-certificate=""
117 Path to a client certificate file for TLS
118 --client-key=""
121 Path to a client key file for TLS
122 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
125 CIDRs opened in GCE firewall for LB traffic proxy health checks
126 --cluster=""
129 The name of the kubeconfig cluster to use
130 --container_hints="/etc/cadvisor/container_hints.json"
133 location of the container hints file
134 --containerd="unix:///var/run/containerd.sock"
137 containerd endpoint
138 --context=""
141 The name of the kubeconfig context to use
142 --default-not-ready-toleration-seconds=300
145 Indicates the tolerationSeconds of the toleration for
146 notReady:NoExecute that is added by default to every pod that does not
147 already have such a toleration.
148 --default-unreachable-toleration-seconds=300
151 Indicates the tolerationSeconds of the toleration for unreach‐
152 able:NoExecute that is added by default to every pod that does not
153 already have such a toleration.
154 --docker="unix:///var/run/docker.sock"
157 docker endpoint
158 --docker-tls=false
161 use TLS to connect to docker
162 --docker-tls-ca="ca.pem"
165 path to trusted CA
166 --docker-tls-cert="cert.pem"
169 path to client certificate
170 --docker-tls-key="key.pem"
173 path to private key
174 --docker_env_metadata_whitelist=""
177 a comma-separated list of environment variable keys that needs to
178 be collected for docker containers
179 --docker_only=false
182 Only report docker containers in addition to root stats
183 --docker_root="/var/lib/docker"
186 DEPRECATED: docker root is read from docker info (this is a fall‐
187 back, default: /var/lib/docker)
188 --enable_load_reader=false
191 Whether to enable cpu load reader
192 --event_storage_age_limit="default=24h"
195 Max length of time for which to store events (per type). Value is a
196 comma separated list of key values, where the keys are event types
197 (e.g.: creation, oom) or "default" and the value is a duration. Default
198 is applied to all non-specified event types
199 --event_storage_event_limit="default=100000"
202 Max number of events to store (per type). Value is a comma sepa‐
203 rated list of key values, where the keys are event types (e.g.: cre‐
204 ation, oom) or "default" and the value is an integer. Default is
205 applied to all non-specified event types
206 --global_housekeeping_interval=0
209 Interval between global housekeepings
210 --housekeeping_interval=0
213 Interval between container housekeepings
214 --httptest.serve=""
217 if non-empty, httptest.NewServer serves on this address and blocks
218 --insecure-skip-tls-verify=false
221 If true, the server's certificate will not be checked for validity.
222 This will make your HTTPS connections insecure
223 --kubeconfig=""
226 Path to the kubeconfig file to use for CLI requests.
227 --log-flush-frequency=0
230 Maximum number of seconds between log flushes
231 --log_backtrace_at=:0
234 when logging hits line file:N, emit a stack trace
235 --log_cadvisor_usage=false
238 Whether to log the usage of the cAdvisor container
239 --log_dir=""
242 If non-empty, write log files in this directory
243 --logtostderr=true
246 log to standard error instead of files
247 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
250 Comma-separated list of files to check for machine-id. Use the
251 first one that exists.
252 --match-server-version=false
255 Require server version to match client version
256 -n, --namespace=""
259 If present, the namespace scope for this CLI request
260 --request-timeout="0"
263 The length of time to wait before giving up on a single server
264 request. Non-zero values should contain a corresponding time unit (e.g.
265 1s, 2m, 3h). A value of zero means don't timeout requests.
266 -s, --server=""
269 The address and port of the Kubernetes API server
270 --stderrthreshold=2
273 logs at or above this threshold go to stderr
274 --storage_driver_buffer_duration=0
277 Writes in the storage driver will be buffered for this duration,
278 and committed to the non memory backends as a single transaction
279 --storage_driver_db="cadvisor"
282 database name
283 --storage_driver_host="localhost:8086"
286 database host:port
287 --storage_driver_password="root"
290 database password
291 --storage_driver_secure=false
294 use secure connection with database
295 --storage_driver_table="stats"
298 table name
299 --storage_driver_user="root"
302 database username
303 --token=""
306 Bearer token for authentication to the API server
307 --user=""
310 The name of the kubeconfig user to use
311 -v, --v=0
314 log level for V logs
315 --version=false
318 Print version information and quit
319 --vmodule=
322 comma-separated list of pattern=N settings for file-filtered log‐
323 ging
324
328 oc-adm(1),
329
333 June 2016, Ported from the Kubernetes man-doc generator
334Openshift Openshift CLI User Manuals OC ADM(1)