1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
6 kubectl create secret tls - Create a TLS secret
7
11 kubectl create secret tls [OPTIONS]
12
16 Create a TLS secret from the given public/private key pair.
17 The public/private key pair must exist before hand. The public key
20 certificate must be .PEM encoded and match the given private key.
21
25 --allow-missing-template-keys=true
26 If true, ignore any errors in templates when a field or map key is
27 missing in the template. Only applies to golang and jsonpath output
28 formats.
29 --append-hash=false
32 Append a hash of the secret to its name.
33 --cert=""
36 Path to PEM encoded public key certificate.
37 --dry-run="none"
40 Must be "none", "server", or "client". If client strategy, only
41 print the object that would be sent, without sending it. If server
42 strategy, submit server-side request without persisting the resource.
43 --generator="secret-for-tls/v1"
46 The name of the API generator to use.
47 --key=""
50 Path to private key associated with given certificate.
51 -o, --output=""
54 Output format. One of:
55 json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
56 --save-config=false
59 If true, the configuration of current object will be saved in its
60 annotation. Otherwise, the annotation will be unchanged. This flag is
61 useful when you want to perform kubectl apply on this object in the
62 future.
63 --template=""
66 Template string or path to template file to use when
67 -o=go-template, -o=go-template-file. The template format is golang
68 templates [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
69 --validate=true
72 If true, use a schema to validate the input before sending it
73
77 --add-dir-header=false
78 If true, adds the file directory to the header
79 --alsologtostderr=false
82 log to standard error as well as files
83 --application-metrics-count-limit=100
86 Max number of application metrics to store (per container)
87 --as=""
90 Username to impersonate for the operation
91 --as-group=[]
94 Group to impersonate for the operation, this flag can be repeated
95 to specify multiple groups.
96 --azure-container-registry-config=""
99 Path to the file containing Azure container registry configuration
100 information.
101 --boot-id-file="/proc/sys/kernel/random/boot_id"
104 Comma-separated list of files to check for boot-id. Use the first
105 one that exists.
106 --cache-dir="/builddir/.kube/http-cache"
109 Default HTTP cache directory
110 --certificate-authority=""
113 Path to a cert file for the certificate authority
114 --client-certificate=""
117 Path to a client certificate file for TLS
118 --client-key=""
121 Path to a client key file for TLS
122 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
125 CIDRs opened in GCE firewall for L7 LB traffic proxy health checks
126 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
129 CIDRs opened in GCE firewall for L4 LB traffic proxy health checks
130 --cluster=""
133 The name of the kubeconfig cluster to use
134 --container-hints="/etc/cadvisor/container_hints.json"
137 location of the container hints file
138 --containerd="/run/containerd/containerd.sock"
141 containerd endpoint
142 --containerd-namespace="k8s.io"
145 containerd namespace
146 --context=""
149 The name of the kubeconfig context to use
150 --default-not-ready-toleration-seconds=300
153 Indicates the tolerationSeconds of the toleration for
154 notReady:NoExecute that is added by default to every pod that does not
155 already have such a toleration.
156 --default-unreachable-toleration-seconds=300
159 Indicates the tolerationSeconds of the toleration for
160 unreachable:NoExecute that is added by default to every pod that does
161 not already have such a toleration.
162 --disable-root-cgroup-stats=false
165 Disable collecting root Cgroup stats
166 --docker="unix:///var/run/docker.sock"
169 docker endpoint
170 --docker-env-metadata-whitelist=""
173 a comma-separated list of environment variable keys that needs to
174 be collected for docker containers
175 --docker-only=false
178 Only report docker containers in addition to root stats
179 --docker-root="/var/lib/docker"
182 DEPRECATED: docker root is read from docker info (this is a
183 fallback, default: /var/lib/docker)
184 --docker-tls=false
187 use TLS to connect to docker
188 --docker-tls-ca="ca.pem"
191 path to trusted CA
192 --docker-tls-cert="cert.pem"
195 path to client certificate
196 --docker-tls-key="key.pem"
199 path to private key
200 --enable-load-reader=false
203 Whether to enable cpu load reader
204 --event-storage-age-limit="default=0"
207 Max length of time for which to store events (per type). Value is a
208 comma separated list of key values, where the keys are event types
209 (e.g.: creation, oom) or "default" and the value is a duration. Default
210 is applied to all non-specified event types
211 --event-storage-event-limit="default=0"
214 Max number of events to store (per type). Value is a comma
215 separated list of key values, where the keys are event types (e.g.:
216 creation, oom) or "default" and the value is an integer. Default is
217 applied to all non-specified event types
218 --global-housekeeping-interval=1m0s
221 Interval between global housekeepings
222 --housekeeping-interval=10s
225 Interval between container housekeepings
226 --insecure-skip-tls-verify=false
229 If true, the server's certificate will not be checked for validity.
230 This will make your HTTPS connections insecure
231 --kubeconfig=""
234 Path to the kubeconfig file to use for CLI requests.
235 --log-backtrace-at=:0
238 when logging hits line file:N, emit a stack trace
239 --log-cadvisor-usage=false
242 Whether to log the usage of the cAdvisor container
243 --log-dir=""
246 If non-empty, write log files in this directory
247 --log-file=""
250 If non-empty, use this log file
251 --log-file-max-size=1800
254 Defines the maximum size a log file can grow to. Unit is megabytes.
255 If the value is 0, the maximum file size is unlimited.
256 --log-flush-frequency=5s
259 Maximum number of seconds between log flushes
260 --logtostderr=true
263 log to standard error instead of files
264 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
267 Comma-separated list of files to check for machine-id. Use the
268 first one that exists.
269 --match-server-version=false
272 Require server version to match client version
273 -n, --namespace=""
276 If present, the namespace scope for this CLI request
277 --password=""
280 Password for basic authentication to the API server
281 --profile="none"
284 Name of profile to capture. One of
285 (none|cpu|heap|goroutine|threadcreate|block|mutex)
286 --profile-output="profile.pprof"
289 Name of the file to write the profile to
290 --request-timeout="0"
293 The length of time to wait before giving up on a single server
294 request. Non-zero values should contain a corresponding time unit (e.g.
295 1s, 2m, 3h). A value of zero means don't timeout requests.
296 -s, --server=""
299 The address and port of the Kubernetes API server
300 --skip-headers=false
303 If true, avoid header prefixes in the log messages
304 --skip-log-headers=false
307 If true, avoid headers when opening log files
308 --stderrthreshold=2
311 logs at or above this threshold go to stderr
312 --storage-driver-buffer-duration=1m0s
315 Writes in the storage driver will be buffered for this duration,
316 and committed to the non memory backends as a single transaction
317 --storage-driver-db="cadvisor"
320 database name
321 --storage-driver-host="localhost:8086"
324 database host:port
325 --storage-driver-password="root"
328 database password
329 --storage-driver-secure=false
332 use secure connection with database
333 --storage-driver-table="stats"
336 table name
337 --storage-driver-user="root"
340 database username
341 --tls-server-name=""
344 Server name to use for server certificate validation. If it is not
345 provided, the hostname used to contact the server is used
346 --token=""
349 Bearer token for authentication to the API server
350 --update-machine-info-interval=5m0s
353 Interval between machine info updates.
354 --user=""
357 The name of the kubeconfig user to use
358 --username=""
361 Username for basic authentication to the API server
362 -v, --v=0
365 number for the log level verbosity
366 --version=false
369 Print version information and quit
370 --vmodule=
373 comma-separated list of pattern=N settings for file-filtered
374 logging
375
379 # Create a new TLS secret named tls-secret with the given key pair:
380 kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
381
386 kubectl-create-secret(1),
387
391 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
392 com) based on the kubernetes source material, but hopefully they have
393 been automatically generated since!
394Eric Paris kubernetes User Manuals KUBERNETES(1)