mirror of https://github.com/kubernetes/kops.git
63 lines
2.9 KiB
Markdown
63 lines
2.9 KiB
Markdown
|
|
<!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
|
|
|
|
## kops create secret encryptionconfig
|
|
|
|
Create an encryption config.
|
|
|
|
### Synopsis
|
|
|
|
Create a new encryption config, and store it in the state store. Used to configure encryption-at-rest by the kube-apiserver process on each of the master nodes. The config is not updated by this command.
|
|
|
|
```
|
|
kops create secret encryptionconfig [flags]
|
|
```
|
|
|
|
### Examples
|
|
|
|
```
|
|
# Create a new encryption config.
|
|
kops create secret encryptionconfig -f config.yaml \
|
|
--name k8s-cluster.example.com --state s3://my-state-store
|
|
# Create a new encryption config via stdin.
|
|
generate-encryption-config.sh | kops create secret encryptionconfig -f - \
|
|
--name k8s-cluster.example.com --state s3://my-state-store
|
|
# Replace an existing encryption config secret.
|
|
kops create secret encryptionconfig -f config.yaml --force \
|
|
--name k8s-cluster.example.com --state s3://my-state-store
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-f, -- string Path to encryption config yaml file
|
|
--force Force replace the kOps secret if it already exists
|
|
-h, --help help for encryptionconfig
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--add_dir_header If true, adds the file directory to the header of the log messages
|
|
--alsologtostderr log to standard error as well as files
|
|
--config string yaml config file (default is $HOME/.kops.yaml)
|
|
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
|
|
--log_dir string If non-empty, write log files in this directory
|
|
--log_file string If non-empty, use this log file
|
|
--log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
|
|
--logtostderr log to standard error instead of files (default true)
|
|
--name string Name of cluster. Overrides KOPS_CLUSTER_NAME environment variable
|
|
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level
|
|
--skip_headers If true, avoid header prefixes in the log messages
|
|
--skip_log_headers If true, avoid headers when opening log files
|
|
--state string Location of state storage (kops 'config' file). Overrides KOPS_STATE_STORE environment variable
|
|
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
|
|
-v, --v Level number for the log level verbosity
|
|
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
|
|
```
|
|
|
|
### SEE ALSO
|
|
|
|
* [kops create secret](kops_create_secret.md) - Create a secret.
|
|
|