Edit This Page

Generates all PKI assets necessary to establish the control plane

Synopsis

Generates a self-signed CA to provision identities for each component in the cluster (including nodes) and client certificates to be used by various components.

If a given certificate and private key pair both exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs all [flags]

Examples

  # Creates all PKI assets necessary to establish the control plane,
  # functionally equivalent to what generated by kubeadm init.
  kubeadm alpha phase certs all
  
  # Creates all PKI assets using options read from a configuration file.
  kubeadm alpha phase certs all --config masterconfiguration.yaml

Options

      --apiserver-advertise-address string   The IP address the API server is accessible on, to use for the API server serving cert
      --apiserver-cert-extra-sans strings    Optional extra altnames to use for the API server serving cert. Can be both IP addresses and dns names
      --cert-dir string                      The path where to save the certificates (default "/etc/kubernetes/pki")
      --config string                        Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
  -h, --help                                 help for all
      --service-cidr string                  Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert (default "10.96.0.0/12")
      --service-dns-domain string            Alternative domain for services, to use for the API server serving cert (default "cluster.local")

Analytics

Create an Issue Edit this Page