1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl create secret generic - Create a secret from a local file, di‐
10 rectory, or literal value
11
12
13
15 kubectl create secret generic [OPTIONS]
16
17
18
20 Create a secret based on a file, directory, or specified literal value.
21
22
23 A single secret may package one or more key/value pairs.
24
25
26 When creating a secret based on a file, the key will default to the
27 basename of the file, and the value will default to the file content.
28 If the basename is an invalid key or you wish to chose your own, you
29 may specify an alternate key.
30
31
32 When creating a secret based on a directory, each file whose basename
33 is a valid key in the directory will be packaged into the secret. Any
34 directory entries except regular files are ignored (e.g. subdirecto‐
35 ries, symlinks, devices, pipes, etc).
36
37
38
40 --allow-missing-template-keys=true If true, ignore any errors in
41 templates when a field or map key is missing in the template. Only ap‐
42 plies to golang and jsonpath output formats.
43
44
45 --append-hash=false Append a hash of the secret to its name.
46
47
48 --dry-run="none" Must be "none", "server", or "client". If client
49 strategy, only print the object that would be sent, without sending it.
50 If server strategy, submit server-side request without persisting the
51 resource.
52
53
54 --field-manager="kubectl-create" Name of the manager used to track
55 field ownership.
56
57
58 --from-env-file=[] Specify the path to a file to read lines of
59 key=val pairs to create a secret.
60
61
62 --from-file=[] Key files can be specified using their file path,
63 in which case a default name will be given to them, or optionally with
64 a name and file path, in which case the given name will be used. Spec‐
65 ifying a directory will iterate each named file in the directory that
66 is a valid secret key.
67
68
69 --from-literal=[] Specify a key and literal value to insert in se‐
70 cret (i.e. mykey=somevalue)
71
72
73 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
74 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
75 json, jsonpath-file).
76
77
78 --save-config=false If true, the configuration of current object
79 will be saved in its annotation. Otherwise, the annotation will be un‐
80 changed. This flag is useful when you want to perform kubectl apply on
81 this object in the future.
82
83
84 --show-managed-fields=false If true, keep the managedFields when
85 printing objects in JSON or YAML format.
86
87
88 --template="" Template string or path to template file to use when
89 -o=go-template, -o=go-template-file. The template format is golang tem‐
90 plates [http://golang.org/pkg/text/template/#pkg-overview].
91
92
93 --type="" The type of secret to create
94
95
96 --validate="strict" Must be one of: strict (or true), warn, ignore
97 (or false). "true" or "strict" will use a schema to validate
98 the input and fail the request if invalid. It will perform server side
99 validation if ServerSideFieldValidation is enabled on the api-server,
100 but will fall back to less reliable client-side validation if not.
101 "warn" will warn about unknown or duplicate fields without
102 blocking the request if server-side field validation is enabled on the
103 API server, and behave as "ignore" otherwise. "false" or
104 "ignore" will not perform any schema validation, silently dropping any
105 unknown or duplicate fields.
106
107
108
110 --as="" Username to impersonate for the operation. User could be a
111 regular user or a service account in a namespace.
112
113
114 --as-group=[] Group to impersonate for the operation, this flag
115 can be repeated to specify multiple groups.
116
117
118 --as-uid="" UID to impersonate for the operation.
119
120
121 --azure-container-registry-config="" Path to the file containing
122 Azure container registry configuration information.
123
124
125 --cache-dir="/builddir/.kube/cache" Default cache directory
126
127
128 --certificate-authority="" Path to a cert file for the certificate
129 authority
130
131
132 --client-certificate="" Path to a client certificate file for TLS
133
134
135 --client-key="" Path to a client key file for TLS
136
137
138 --cluster="" The name of the kubeconfig cluster to use
139
140
141 --context="" The name of the kubeconfig context to use
142
143
144 --insecure-skip-tls-verify=false If true, the server's certificate
145 will not be checked for validity. This will make your HTTPS connections
146 insecure
147
148
149 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
150 quests.
151
152
153 --match-server-version=false Require server version to match
154 client version
155
156
157 -n, --namespace="" If present, the namespace scope for this CLI
158 request
159
160
161 --password="" Password for basic authentication to the API server
162
163
164 --profile="none" Name of profile to capture. One of
165 (none|cpu|heap|goroutine|threadcreate|block|mutex)
166
167
168 --profile-output="profile.pprof" Name of the file to write the
169 profile to
170
171
172 --request-timeout="0" The length of time to wait before giving up
173 on a single server request. Non-zero values should contain a corre‐
174 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
175 out requests.
176
177
178 -s, --server="" The address and port of the Kubernetes API server
179
180
181 --tls-server-name="" Server name to use for server certificate
182 validation. If it is not provided, the hostname used to contact the
183 server is used
184
185
186 --token="" Bearer token for authentication to the API server
187
188
189 --user="" The name of the kubeconfig user to use
190
191
192 --username="" Username for basic authentication to the API server
193
194
195 --version=false Print version information and quit
196
197
198 --warnings-as-errors=false Treat warnings received from the server
199 as errors and exit with a non-zero exit code
200
201
202
204 # Create a new secret named my-secret with keys for each file in folder bar
205 kubectl create secret generic my-secret --from-file=path/to/bar
206
207 # Create a new secret named my-secret with specified keys instead of names on disk
208 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub
209
210 # Create a new secret named my-secret with key1=supersecret and key2=topsecret
211 kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
212
213 # Create a new secret named my-secret using a combination of a file and a literal
214 kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret
215
216 # Create a new secret named my-secret from env files
217 kubectl create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env
218
219
220
221
223 kubectl-create-secret(1),
224
225
226
228 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
229 com) based on the kubernetes source material, but hopefully they have
230 been automatically generated since!
231
232
233
234Manuals User KUBERNETES(1)(kubernetes)