1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl create secret tls - Create a TLS secret
10
11
12

SYNOPSIS

14       kubectl create secret tls [OPTIONS]
15
16
17

DESCRIPTION

19       Create a TLS secret from the given public/private key pair.
20
21
22       The  public/private key pair must exist beforehand. The public key cer‐
23       tificate must be .PEM encoded and match the given private key.
24
25
26

OPTIONS

28       --allow-missing-template-keys=true      If true, ignore any  errors  in
29       templates  when a field or map key is missing in the template. Only ap‐
30       plies to golang and jsonpath output formats.
31
32
33       --append-hash=false      Append a hash of the secret to its name.
34
35
36       --cert=""      Path to PEM encoded public key certificate.
37
38
39       --dry-run="none"      Must be "none", "server", or "client". If  client
40       strategy, only print the object that would be sent, without sending it.
41       If server strategy, submit server-side request without  persisting  the
42       resource.
43
44
45       --field-manager="kubectl-create"      Name of the manager used to track
46       field ownership.
47
48
49       --key=""      Path to private key associated with given certificate.
50
51
52       -o, --output=""      Output format. One of: (json, yaml, name,  go-tem‐
53       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
54       json, jsonpath-file).
55
56
57       --save-config=false      If true, the configuration of  current  object
58       will  be saved in its annotation. Otherwise, the annotation will be un‐
59       changed. This flag is useful when you want to perform kubectl apply  on
60       this object in the future.
61
62
63       --show-managed-fields=false       If  true, keep the managedFields when
64       printing objects in JSON or YAML format.
65
66
67       --template=""      Template string or path to template file to use when
68       -o=go-template, -o=go-template-file. The template format is golang tem‐
69       plates [http://golang.org/pkg/text/template/#pkg-overview].
70
71
72       --validate="strict"      Must be one of: strict (or true), warn, ignore
73       (or false).            "true" or "strict" will use a schema to validate
74       the input and fail the request if invalid. It will perform server  side
75       validation  if  ServerSideFieldValidation is enabled on the api-server,
76       but will fall back to less  reliable  client-side  validation  if  not.
77                 "warn"  will  warn  about unknown or duplicate fields without
78       blocking the request if server-side field validation is enabled on  the
79       API  server,  and  behave  as "ignore" otherwise.            "false" or
80       "ignore" will not perform any schema validation, silently dropping  any
81       unknown or duplicate fields.
82
83
84

OPTIONS INHERITED FROM PARENT COMMANDS

86       --as=""      Username to impersonate for the operation. User could be a
87       regular user or a service account in a namespace.
88
89
90       --as-group=[]      Group to impersonate for the  operation,  this  flag
91       can be repeated to specify multiple groups.
92
93
94       --as-uid=""      UID to impersonate for the operation.
95
96
97       --azure-container-registry-config=""       Path  to the file containing
98       Azure container registry configuration information.
99
100
101       --cache-dir="/builddir/.kube/cache"      Default cache directory
102
103
104       --certificate-authority=""      Path to a cert file for the certificate
105       authority
106
107
108       --client-certificate=""      Path to a client certificate file for TLS
109
110
111       --client-key=""      Path to a client key file for TLS
112
113
114       --cluster=""      The name of the kubeconfig cluster to use
115
116
117       --context=""      The name of the kubeconfig context to use
118
119
120       --insecure-skip-tls-verify=false      If true, the server's certificate
121       will not be checked for validity. This will make your HTTPS connections
122       insecure
123
124
125       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
126       quests.
127
128
129       --match-server-version=false       Require  server  version  to   match
130       client version
131
132
133       -n,  --namespace=""       If  present, the namespace scope for this CLI
134       request
135
136
137       --password=""      Password for basic authentication to the API server
138
139
140       --profile="none"        Name   of   profile   to   capture.   One    of
141       (none|cpu|heap|goroutine|threadcreate|block|mutex)
142
143
144       --profile-output="profile.pprof"       Name  of  the  file to write the
145       profile to
146
147
148       --request-timeout="0"      The length of time to wait before giving  up
149       on  a  single  server  request. Non-zero values should contain a corre‐
150       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
151       out requests.
152
153
154       -s, --server=""      The address and port of the Kubernetes API server
155
156
157       --tls-server-name=""       Server  name  to  use for server certificate
158       validation. If it is not provided, the hostname  used  to  contact  the
159       server is used
160
161
162       --token=""      Bearer token for authentication to the API server
163
164
165       --user=""      The name of the kubeconfig user to use
166
167
168       --username=""      Username for basic authentication to the API server
169
170
171       --version=false      Print version information and quit
172
173
174       --warnings-as-errors=false      Treat warnings received from the server
175       as errors and exit with a non-zero exit code
176
177
178

EXAMPLE

180                # Create a new TLS secret named tls-secret with the given key pair
181                kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
182
183
184
185

SEE ALSO

187       kubectl-create-secret(1),
188
189
190

HISTORY

192       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
193       com)  based  on the kubernetes source material, but hopefully they have
194       been automatically generated since!
195
196
197
198Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum