mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-31 13:50:01 +00:00
201 lines
4.9 KiB
Groff
201 lines
4.9 KiB
Groff
.TH "KUBERNETES" "1" " kubernetes User Manuals" "Eric Paris" "Jan 2015" ""
|
|
|
|
|
|
.SH NAME
|
|
.PP
|
|
kubectl create secret tls \- Create a TLS secret.
|
|
|
|
|
|
.SH SYNOPSIS
|
|
.PP
|
|
\fBkubectl create secret tls\fP [OPTIONS]
|
|
|
|
|
|
.SH DESCRIPTION
|
|
.PP
|
|
Create a TLS secret from the given public/private key pair.
|
|
|
|
.PP
|
|
The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.
|
|
|
|
|
|
.SH OPTIONS
|
|
.PP
|
|
\fB\-\-cert\fP=""
|
|
Path to PEM encoded public key certificate.
|
|
|
|
.PP
|
|
\fB\-\-dry\-run\fP=false
|
|
If true, only print the object that would be sent, without sending it.
|
|
|
|
.PP
|
|
\fB\-\-generator\fP="secret\-for\-tls/v1"
|
|
The name of the API generator to use.
|
|
|
|
.PP
|
|
\fB\-\-key\fP=""
|
|
Path to private key associated with given certificate.
|
|
|
|
.PP
|
|
\fB\-\-no\-headers\fP=false
|
|
When using the default output, don't print headers.
|
|
|
|
.PP
|
|
\fB\-o\fP, \fB\-\-output\fP=""
|
|
Output format. One of: json|yaml|wide|name|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See golang template [
|
|
\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [
|
|
\[la]http://releases.k8s.io/HEAD/docs/user-guide/jsonpath.md\[ra]].
|
|
|
|
.PP
|
|
\fB\-\-output\-version\fP=""
|
|
Output the formatted object with the given group version (for ex: 'extensions/v1beta1').
|
|
|
|
.PP
|
|
\fB\-\-save\-config\fP=false
|
|
If true, the configuration of current object will be saved in its annotation. This is useful when you want to perform kubectl apply on this object in the future.
|
|
|
|
.PP
|
|
\fB\-\-schema\-cache\-dir\fP="\~/.kube/schema"
|
|
If non\-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
|
|
|
|
.PP
|
|
\fB\-a\fP, \fB\-\-show\-all\fP=false
|
|
When printing, show all resources (default hide terminated pods.)
|
|
|
|
.PP
|
|
\fB\-\-show\-labels\fP=false
|
|
When printing, show all labels as the last column (default hide labels column)
|
|
|
|
.PP
|
|
\fB\-\-sort\-by\fP=""
|
|
If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
|
|
|
|
.PP
|
|
\fB\-\-template\fP=""
|
|
Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [
|
|
\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]].
|
|
|
|
.PP
|
|
\fB\-\-validate\fP=true
|
|
If true, use a schema to validate the input before sending it
|
|
|
|
|
|
.SH OPTIONS INHERITED FROM PARENT COMMANDS
|
|
.PP
|
|
\fB\-\-alsologtostderr\fP=false
|
|
log to standard error as well as files
|
|
|
|
.PP
|
|
\fB\-\-api\-version\fP=""
|
|
DEPRECATED: The API version to use when talking to the server
|
|
|
|
.PP
|
|
\fB\-\-as\fP=""
|
|
Username to impersonate for the operation.
|
|
|
|
.PP
|
|
\fB\-\-certificate\-authority\fP=""
|
|
Path to a cert. file for the certificate authority.
|
|
|
|
.PP
|
|
\fB\-\-client\-certificate\fP=""
|
|
Path to a client certificate file for TLS.
|
|
|
|
.PP
|
|
\fB\-\-client\-key\fP=""
|
|
Path to a client key file for TLS.
|
|
|
|
.PP
|
|
\fB\-\-cluster\fP=""
|
|
The name of the kubeconfig cluster to use
|
|
|
|
.PP
|
|
\fB\-\-context\fP=""
|
|
The name of the kubeconfig context to use
|
|
|
|
.PP
|
|
\fB\-\-insecure\-skip\-tls\-verify\fP=false
|
|
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.
|
|
|
|
.PP
|
|
\fB\-\-kubeconfig\fP=""
|
|
Path to the kubeconfig file to use for CLI requests.
|
|
|
|
.PP
|
|
\fB\-\-log\-backtrace\-at\fP=:0
|
|
when logging hits line file:N, emit a stack trace
|
|
|
|
.PP
|
|
\fB\-\-log\-dir\fP=""
|
|
If non\-empty, write log files in this directory
|
|
|
|
.PP
|
|
\fB\-\-log\-flush\-frequency\fP=5s
|
|
Maximum number of seconds between log flushes
|
|
|
|
.PP
|
|
\fB\-\-logtostderr\fP=true
|
|
log to standard error instead of files
|
|
|
|
.PP
|
|
\fB\-\-match\-server\-version\fP=false
|
|
Require server version to match client version
|
|
|
|
.PP
|
|
\fB\-\-namespace\fP=""
|
|
If present, the namespace scope for this CLI request.
|
|
|
|
.PP
|
|
\fB\-\-password\fP=""
|
|
Password for basic authentication to the API server.
|
|
|
|
.PP
|
|
\fB\-s\fP, \fB\-\-server\fP=""
|
|
The address and port of the Kubernetes API server
|
|
|
|
.PP
|
|
\fB\-\-stderrthreshold\fP=2
|
|
logs at or above this threshold go to stderr
|
|
|
|
.PP
|
|
\fB\-\-token\fP=""
|
|
Bearer token for authentication to the API server.
|
|
|
|
.PP
|
|
\fB\-\-user\fP=""
|
|
The name of the kubeconfig user to use
|
|
|
|
.PP
|
|
\fB\-\-username\fP=""
|
|
Username for basic authentication to the API server.
|
|
|
|
.PP
|
|
\fB\-\-v\fP=0
|
|
log level for V logs
|
|
|
|
.PP
|
|
\fB\-\-vmodule\fP=
|
|
comma\-separated list of pattern=N settings for file\-filtered logging
|
|
|
|
|
|
.SH EXAMPLE
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
# Create a new TLS secret named tls\-secret with the given key pair:
|
|
kubectl create secret tls tls\-secret \-\-cert=path/to/tls.cert \-\-key=path/to/tls.key
|
|
|
|
.fi
|
|
.RE
|
|
|
|
|
|
.SH SEE ALSO
|
|
.PP
|
|
\fBkubectl\-create\-secret(1)\fP,
|
|
|
|
|
|
.SH HISTORY
|
|
.PP
|
|
January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!
|