1OC ADM(1)                          June 2016                         OC ADM(1)
2
3
4

NAME

6       oc adm create-signer-cert -
7
8
9

SYNOPSIS

11       oc adm create-signer-cert [OPTIONS]
12
13
14

DESCRIPTION

16       Create  a  self-signed  CA  key/cert  for  signing certificates used by
17       server components.
18
19
20

OPTIONS

22       --cert="openshift.local.config/master/ca.crt"
23           The certificate file.
24
25
26       --expire-days=1825
27           Validity of the certificate in days (defaults to 5 years). WARNING:
28       extending this above default value is highly discouraged.
29
30
31       --key="openshift.local.config/master/ca.key"
32           The key file.
33
34
35       --name="openshift-signer@<current_timestamp>"
36           The name of the signer.
37
38
39       --overwrite=true
40           Overwrite  existing  cert  files  if found.  If false, any existing
41       file will be left as-is.
42
43
44       --serial="openshift.local.config/master/ca.serial.txt"
45           The serial file that keeps  track  of  how  many  certs  have  been
46       signed.
47
48
49

OPTIONS INHERITED FROM PARENT COMMANDS

51       --allow_verification_with_non_compliant_keys=false
52           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
53       non-compliant with RFC6962.
54
55
56       --alsologtostderr=false
57           log to standard error as well as files
58
59
60       --application_metrics_count_limit=100
61           Max number of application metrics to store (per container)
62
63
64       --as=""
65           Username to impersonate for the operation
66
67
68       --as-group=[]
69           Group to impersonate for the operation, this flag can  be  repeated
70       to specify multiple groups.
71
72
73       --azure-container-registry-config=""
74           Path  to the file containing Azure container registry configuration
75       information.
76
77
78       --boot_id_file="/proc/sys/kernel/random/boot_id"
79           Comma-separated list of files to check for boot-id. Use  the  first
80       one that exists.
81
82
83       --cache-dir="/builddir/.kube/http-cache"
84           Default HTTP cache directory
85
86
87       --certificate-authority=""
88           Path to a cert file for the certificate authority
89
90
91       --client-certificate=""
92           Path to a client certificate file for TLS
93
94
95       --client-key=""
96           Path to a client key file for TLS
97
98
99       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
100           CIDRs opened in GCE firewall for LB traffic proxy  health checks
101
102
103       --cluster=""
104           The name of the kubeconfig cluster to use
105
106
107       --container_hints="/etc/cadvisor/container_hints.json"
108           location of the container hints file
109
110
111       --containerd="unix:///var/run/containerd.sock"
112           containerd endpoint
113
114
115       --context=""
116           The name of the kubeconfig context to use
117
118
119       --default-not-ready-toleration-seconds=300
120           Indicates   the   tolerationSeconds   of   the    toleration    for
121       notReady:NoExecute  that is added by default to every pod that does not
122       already have such a toleration.
123
124
125       --default-unreachable-toleration-seconds=300
126           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
127       able:NoExecute  that  is  added  by  default to every pod that does not
128       already have such a toleration.
129
130
131       --docker="unix:///var/run/docker.sock"
132           docker endpoint
133
134
135       --docker-tls=false
136           use TLS to connect to docker
137
138
139       --docker-tls-ca="ca.pem"
140           path to trusted CA
141
142
143       --docker-tls-cert="cert.pem"
144           path to client certificate
145
146
147       --docker-tls-key="key.pem"
148           path to private key
149
150
151       --docker_env_metadata_whitelist=""
152           a comma-separated list of environment variable keys that  needs  to
153       be collected for docker containers
154
155
156       --docker_only=false
157           Only report docker containers in addition to root stats
158
159
160       --docker_root="/var/lib/docker"
161           DEPRECATED:  docker  root is read from docker info (this is a fall‐
162       back, default: /var/lib/docker)
163
164
165       --enable_load_reader=false
166           Whether to enable cpu load reader
167
168
169       --event_storage_age_limit="default=24h"
170           Max length of time for which to store events (per type). Value is a
171       comma  separated  list  of  key  values, where the keys are event types
172       (e.g.: creation, oom) or "default" and the value is a duration. Default
173       is applied to all non-specified event types
174
175
176       --event_storage_event_limit="default=100000"
177           Max  number  of  events to store (per type). Value is a comma sepa‐
178       rated list of key values, where the keys are event  types  (e.g.:  cre‐
179       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
180       applied to all non-specified event types
181
182
183       --global_housekeeping_interval=0
184           Interval between global housekeepings
185
186
187       --housekeeping_interval=0
188           Interval between container housekeepings
189
190
191       --insecure-skip-tls-verify=false
192           If true, the server's certificate will not be checked for validity.
193       This will make your HTTPS connections insecure
194
195
196       --kubeconfig=""
197           Path to the kubeconfig file to use for CLI requests.
198
199
200       --log-flush-frequency=0
201           Maximum number of seconds between log flushes
202
203
204       --log_backtrace_at=:0
205           when logging hits line file:N, emit a stack trace
206
207
208       --log_cadvisor_usage=false
209           Whether to log the usage of the cAdvisor container
210
211
212       --log_dir=""
213           If non-empty, write log files in this directory
214
215
216       --logtostderr=true
217           log to standard error instead of files
218
219
220       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
221           Comma-separated  list  of  files  to  check for machine-id. Use the
222       first one that exists.
223
224
225       --match-server-version=false
226           Require server version to match client version
227
228
229       -n, --namespace=""
230           If present, the namespace scope for this CLI request
231
232
233       --request-timeout="0"
234           The length of time to wait before giving  up  on  a  single  server
235       request. Non-zero values should contain a corresponding time unit (e.g.
236       1s, 2m, 3h). A value of zero means don't timeout requests.
237
238
239       -s, --server=""
240           The address and port of the Kubernetes API server
241
242
243       --stderrthreshold=2
244           logs at or above this threshold go to stderr
245
246
247       --storage_driver_buffer_duration=0
248           Writes in the storage driver will be buffered  for  this  duration,
249       and committed to the non memory backends as a single transaction
250
251
252       --storage_driver_db="cadvisor"
253           database name
254
255
256       --storage_driver_host="localhost:8086"
257           database host:port
258
259
260       --storage_driver_password="root"
261           database password
262
263
264       --storage_driver_secure=false
265           use secure connection with database
266
267
268       --storage_driver_table="stats"
269           table name
270
271
272       --storage_driver_user="root"
273           database username
274
275
276       --token=""
277           Bearer token for authentication to the API server
278
279
280       --user=""
281           The name of the kubeconfig user to use
282
283
284       -v, --v=0
285           log level for V logs
286
287
288       --version=false
289           Print version information and quit
290
291
292       --vmodule=
293           comma-separated  list  of pattern=N settings for file-filtered log‐
294       ging
295
296
297

SEE ALSO

299       oc-adm(1),
300
301
302

HISTORY

304       June 2016, Ported from the Kubernetes man-doc generator
305
306
307
308Openshift                  Openshift CLI User Manuals                OC ADM(1)