Generates the certificate for serving the Kubernetes API
Synopsis
Generates the certificate for serving the Kubernetes API, and saves them into apiserver.cert and apiserver.key files.
Default SANs are kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, 10.96.0.1, 127.0.0.1
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs apiserver [flags]
Options
| --apiserver-advertise-address string | |
| The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
| --apiserver-cert-extra-sans stringSlice | |
| Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names. | |
| --cert-dir string Default: "/etc/kubernetes/pki" | |
| The path where to save and store the certificates. | |
| --config string | |
| Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
| --csr-dir string | |
| The path to output the CSRs and private keys to | |
| --csr-only | |
| Create CSRs instead of generating certificates | |
| -h, --help | |
| help for apiserver | |
| --service-cidr string Default: "10.96.0.0/12" | |
| Use alternative range of IP address for service VIPs. | |
| --service-dns-domain string Default: "cluster.local" | |
| Use alternative domain for services, e.g. "myorg.internal". | |
Options inherited from parent commands
| --rootfs string | |
| [EXPERIMENTAL] The path to the 'real' host root filesystem. | |
Feedback
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.
Page last modified on April 03, 2019 at 3:57 PM PST by
网站初步实现预期效果 (Page History)