1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create secret generic - Create a secret from a local file, di‐
10 rectory or literal value
11
15 kubectl create secret generic [OPTIONS]
16
20 Create a secret based on a file, directory, or specified literal value.
21 A single secret may package one or more key/value pairs.
24 When creating a secret based on a file, the key will default to the
27 basename of the file, and the value will default to the file content.
28 If the basename is an invalid key or you wish to chose your own, you
29 may specify an alternate key.
30 When creating a secret based on a directory, each file whose basename
33 is a valid key in the directory will be packaged into the secret. Any
34 directory entries except regular files are ignored (e.g. subdirecto‐
35 ries, symlinks, devices, pipes, etc).
36
40 --allow-missing-template-keys=true If true, ignore any errors in
41 templates when a field or map key is missing in the template. Only ap‐
42 plies to golang and jsonpath output formats.
43 --append-hash=false Append a hash of the secret to its name.
46 --dry-run="none" Must be "none", "server", or "client". If client
49 strategy, only print the object that would be sent, without sending it.
50 If server strategy, submit server-side request without persisting the
51 resource.
52 --field-manager="kubectl-create" Name of the manager used to track
55 field ownership.
56 --from-env-file="" Specify the path to a file to read lines of
59 key=val pairs to create a secret (i.e. a Docker .env file).
60 --from-file=[] Key files can be specified using their file path,
63 in which case a default name will be given to them, or optionally with
64 a name and file path, in which case the given name will be used. Spec‐
65 ifying a directory will iterate each named file in the directory that
66 is a valid secret key.
67 --from-literal=[] Specify a key and literal value to insert in se‐
70 cret (i.e. mykey=somevalue)
71 --generator="secret/v1" The name of the API generator to use.
74 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
77 plate|go-template-file|template|templatefile|jsonpath|json‐
78 path-as-json|jsonpath-file.
79 --save-config=false If true, the configuration of current object
82 will be saved in its annotation. Otherwise, the annotation will be un‐
83 changed. This flag is useful when you want to perform kubectl apply on
84 this object in the future.
85 --template="" Template string or path to template file to use when
88 -o=go-template, -o=go-template-file. The template format is golang tem‐
89 plates [http://golang.org/pkg/text/template/#pkg-overview].
90 --type="" The type of secret to create
93 --validate=true If true, use a schema to validate the input before
96 sending it
97
101 --add-dir-header=false If true, adds the file directory to the
102 header of the log messages
103 --alsologtostderr=false log to standard error as well as files
106 --application-metrics-count-limit=100 Max number of application
109 metrics to store (per container)
110 --as="" Username to impersonate for the operation
113 --as-group=[] Group to impersonate for the operation, this flag
116 can be repeated to specify multiple groups.
117 --azure-container-registry-config="" Path to the file containing
120 Azure container registry configuration information.
121 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
124 list of files to check for boot-id. Use the first one that exists.
125 --cache-dir="/builddir/.kube/cache" Default cache directory
128 --certificate-authority="" Path to a cert file for the certificate
131 authority
132 --client-certificate="" Path to a client certificate file for TLS
135 --client-key="" Path to a client key file for TLS
138 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
141 CIDRs opened in GCE firewall for L7 LB traffic proxy health
142 checks
143 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
146 CIDRs opened in GCE firewall for L4 LB traffic proxy health
147 checks
148 --cluster="" The name of the kubeconfig cluster to use
151 --container-hints="/etc/cadvisor/container_hints.json" location of
154 the container hints file
155 --containerd="/run/containerd/containerd.sock" containerd endpoint
158 --containerd-namespace="k8s.io" containerd namespace
161 --context="" The name of the kubeconfig context to use
164 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
167 tionSeconds of the toleration for notReady:NoExecute that is added by
168 default to every pod that does not already have such a toleration.
169 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
172 tionSeconds of the toleration for unreachable:NoExecute that is added
173 by default to every pod that does not already have such a toleration.
174 --disable-root-cgroup-stats=false Disable collecting root Cgroup
177 stats
178 --docker="unix:///var/run/docker.sock" docker endpoint
181 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
184 ronment variable keys matched with specified prefix that needs to be
185 collected for docker containers
186 --docker-only=false Only report docker containers in addition to
189 root stats
190 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
193 from docker info (this is a fallback, default: /var/lib/docker)
194 --docker-tls=false use TLS to connect to docker
197 --docker-tls-ca="ca.pem" path to trusted CA
200 --docker-tls-cert="cert.pem" path to client certificate
203 --docker-tls-key="key.pem" path to private key
206 --enable-load-reader=false Whether to enable cpu load reader
209 --event-storage-age-limit="default=0" Max length of time for which
212 to store events (per type). Value is a comma separated list of key val‐
213 ues, where the keys are event types (e.g.: creation, oom) or "default"
214 and the value is a duration. Default is applied to all non-specified
215 event types
216 --event-storage-event-limit="default=0" Max number of events to
219 store (per type). Value is a comma separated list of key values, where
220 the keys are event types (e.g.: creation, oom) or "default" and the
221 value is an integer. Default is applied to all non-specified event
222 types
223 --global-housekeeping-interval=1m0s Interval between global house‐
226 keepings
227 --housekeeping-interval=10s Interval between container housekeep‐
230 ings
231 --insecure-skip-tls-verify=false If true, the server's certificate
234 will not be checked for validity. This will make your HTTPS connections
235 insecure
236 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
239 quests.
240 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
243 trace
244 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
247 sor container
248 --log-dir="" If non-empty, write log files in this directory
251 --log-file="" If non-empty, use this log file
254 --log-file-max-size=1800 Defines the maximum size a log file can
257 grow to. Unit is megabytes. If the value is 0, the maximum file size is
258 unlimited.
259 --log-flush-frequency=5s Maximum number of seconds between log
262 flushes
263 --logtostderr=true log to standard error instead of files
266 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
269 Comma-separated list of files to check for machine-id. Use the
270 first one that exists.
271 --match-server-version=false Require server version to match
274 client version
275 -n, --namespace="" If present, the namespace scope for this CLI
278 request
279 --one-output=false If true, only write logs to their native sever‐
282 ity level (vs also writing to each lower severity level
283 --password="" Password for basic authentication to the API server
286 --profile="none" Name of profile to capture. One of
289 (none|cpu|heap|goroutine|threadcreate|block|mutex)
290 --profile-output="profile.pprof" Name of the file to write the
293 profile to
294 --referenced-reset-interval=0 Reset interval for referenced bytes
297 (container_referenced_bytes metric), number of measurement cycles after
298 which referenced bytes are cleared, if set to 0 referenced bytes are
299 never cleared (default: 0)
300 --request-timeout="0" The length of time to wait before giving up
303 on a single server request. Non-zero values should contain a corre‐
304 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
305 out requests.
306 -s, --server="" The address and port of the Kubernetes API server
309 --skip-headers=false If true, avoid header prefixes in the log
312 messages
313 --skip-log-headers=false If true, avoid headers when opening log
316 files
317 --stderrthreshold=2 logs at or above this threshold go to stderr
320 --storage-driver-buffer-duration=1m0s Writes in the storage driver
323 will be buffered for this duration, and committed to the non memory
324 backends as a single transaction
325 --storage-driver-db="cadvisor" database name
328 --storage-driver-host="localhost:8086" database host:port
331 --storage-driver-password="root" database password
334 --storage-driver-secure=false use secure connection with database
337 --storage-driver-table="stats" table name
340 --storage-driver-user="root" database username
343 --tls-server-name="" Server name to use for server certificate
346 validation. If it is not provided, the hostname used to contact the
347 server is used
348 --token="" Bearer token for authentication to the API server
351 --update-machine-info-interval=5m0s Interval between machine info
354 updates.
355 --user="" The name of the kubeconfig user to use
358 --username="" Username for basic authentication to the API server
361 -v, --v=0 number for the log level verbosity
364 --version=false Print version information and quit
367 --vmodule= comma-separated list of pattern=N settings for
370 file-filtered logging
371 --warnings-as-errors=false Treat warnings received from the server
374 as errors and exit with a non-zero exit code
375
379 # Create a new secret named my-secret with keys for each file in folder bar
380 kubectl create secret generic my-secret --from-file=path/to/bar
381 # Create a new secret named my-secret with specified keys instead of names on disk
383 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub
384 # Create a new secret named my-secret with key1=supersecret and key2=topsecret
386 kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
387 # Create a new secret named my-secret using a combination of a file and a literal
389 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret
390 # Create a new secret named my-secret from an env file
392 kubectl create secret generic my-secret --from-env-file=path/to/bar.env
393
398 kubectl-create-secret(1),
399
403 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
404 com) based on the kubernetes source material, but hopefully they have
405 been automatically generated since!
406Manuals User KUBERNETES(1)(kubernetes)