1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create secret tls - Create a TLS secret
10
14 kubectl create secret tls [OPTIONS]
15
19 Create a TLS secret from the given public/private key pair.
20 The public/private key pair must exist beforehand. The public key cer‐
23 tificate must be .PEM encoded and match the given private key.
24
28 --allow-missing-template-keys=true If true, ignore any errors in
29 templates when a field or map key is missing in the template. Only ap‐
30 plies to golang and jsonpath output formats.
31 --append-hash=false Append a hash of the secret to its name.
34 --cert="" Path to PEM encoded public key certificate.
37 --dry-run="none" Must be "none", "server", or "client". If client
40 strategy, only print the object that would be sent, without sending it.
41 If server strategy, submit server-side request without persisting the
42 resource.
43 --field-manager="kubectl-create" Name of the manager used to track
46 field ownership.
47 --key="" Path to private key associated with given certificate.
50 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
53 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
54 json, jsonpath-file).
55 --save-config=false If true, the configuration of current object
58 will be saved in its annotation. Otherwise, the annotation will be un‐
59 changed. This flag is useful when you want to perform kubectl apply on
60 this object in the future.
61 --show-managed-fields=false If true, keep the managedFields when
64 printing objects in JSON or YAML format.
65 --template="" Template string or path to template file to use when
68 -o=go-template, -o=go-template-file. The template format is golang tem‐
69 plates [http://golang.org/pkg/text/template/#pkg-overview].
70 --validate="strict" Must be one of: strict (or true), warn, ignore
73 (or false). "true" or "strict" will use a schema to validate
74 the input and fail the request if invalid. It will perform server side
75 validation if ServerSideFieldValidation is enabled on the api-server,
76 but will fall back to less reliable client-side validation if not.
77 "warn" will warn about unknown or duplicate fields without
78 blocking the request if server-side field validation is enabled on the
79 API server, and behave as "ignore" otherwise. "false" or
80 "ignore" will not perform any schema validation, silently dropping any
81 unknown or duplicate fields.
82
86 --as="" Username to impersonate for the operation. User could be a
87 regular user or a service account in a namespace.
88 --as-group=[] Group to impersonate for the operation, this flag
91 can be repeated to specify multiple groups.
92 --as-uid="" UID to impersonate for the operation.
95 --azure-container-registry-config="" Path to the file containing
98 Azure container registry configuration information.
99 --cache-dir="/builddir/.kube/cache" Default cache directory
102 --certificate-authority="" Path to a cert file for the certificate
105 authority
106 --client-certificate="" Path to a client certificate file for TLS
109 --client-key="" Path to a client key file for TLS
112 --cluster="" The name of the kubeconfig cluster to use
115 --context="" The name of the kubeconfig context to use
118 --disable-compression=false If true, opt-out of response compres‐
121 sion for all requests to the server
122 --insecure-skip-tls-verify=false If true, the server's certificate
125 will not be checked for validity. This will make your HTTPS connections
126 insecure
127 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
130 quests.
131 --match-server-version=false Require server version to match
134 client version
135 -n, --namespace="" If present, the namespace scope for this CLI
138 request
139 --password="" Password for basic authentication to the API server
142 --profile="none" Name of profile to capture. One of
145 (none|cpu|heap|goroutine|threadcreate|block|mutex)
146 --profile-output="profile.pprof" Name of the file to write the
149 profile to
150 --request-timeout="0" The length of time to wait before giving up
153 on a single server request. Non-zero values should contain a corre‐
154 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
155 out requests.
156 -s, --server="" The address and port of the Kubernetes API server
159 --tls-server-name="" Server name to use for server certificate
162 validation. If it is not provided, the hostname used to contact the
163 server is used
164 --token="" Bearer token for authentication to the API server
167 --user="" The name of the kubeconfig user to use
170 --username="" Username for basic authentication to the API server
173 --version=false Print version information and quit
176 --warnings-as-errors=false Treat warnings received from the server
179 as errors and exit with a non-zero exit code
180
184 # Create a new TLS secret named tls-secret with the given key pair
185 kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
186
191 kubectl-create-secret(1),
192
196 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
197 com) based on the kubernetes source material, but hopefully they have
198 been automatically generated since!
199Manuals User KUBERNETES(1)(kubernetes)