mirror of https://github.com/kubernetes/kops.git
73 lines
3.5 KiB
Markdown
73 lines
3.5 KiB
Markdown
|
|
<!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
|
|
|
|
## kops create keypair
|
|
|
|
Add a CA certificate and private key to a keyset.
|
|
|
|
### Synopsis
|
|
|
|
Add a CA certificate and private key to a keyset.
|
|
|
|
If neither a certificate nor a private key is provided, a new self-signed certificate and private key will be generated.
|
|
|
|
If no certificate is provided but a private key is, a self-signed certificate will be generated from the provided private key.
|
|
|
|
If a certificate is provided but no private key is, the certificate will be added to the keyset without a private key. Such a certificate cannot be made primary.
|
|
|
|
One of the certificate/private key pairs in each keyset must be primary. The primary keypair is the one used to issue certificates (or, for the "service-account" keyset, service-account tokens). As a consequence, a keypair added to an empty keyset must be made primary.
|
|
|
|
If the keyset is specified as "all", a newly generated secondary certificate and private key will be added to each rotatable keyset.
|
|
|
|
```
|
|
kops create keypair {KEYSET | all} [flags]
|
|
```
|
|
|
|
### Examples
|
|
|
|
```
|
|
# Add a CA certificate and private key to a keyset.
|
|
kops create keypair ca \
|
|
--cert ~/ca.pem --key ~/ca-key.pem \
|
|
--name k8s-cluster.example.com --state s3://my-state-store
|
|
|
|
# Add a newly generated certificate and private key to each rotatable keyset.
|
|
kops create keypair all \
|
|
--name k8s-cluster.example.com --state s3://my-state-store
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
--cert string Path to CA certificate
|
|
-h, --help help for keypair
|
|
--key string Path to CA private key
|
|
--primary Make the keypair the one used to issue certificates
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--add_dir_header If true, adds the file directory to the header of the log messages
|
|
--alsologtostderr log to standard error as well as files
|
|
--config string yaml config file (default is $HOME/.kops.yaml)
|
|
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
|
|
--log_dir string If non-empty, write log files in this directory
|
|
--log_file string If non-empty, use this log file
|
|
--log_file_max_size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
|
|
--logtostderr log to standard error instead of files (default true)
|
|
--name string Name of cluster. Overrides KOPS_CLUSTER_NAME environment variable
|
|
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level)
|
|
--skip_headers If true, avoid header prefixes in the log messages
|
|
--skip_log_headers If true, avoid headers when opening log files
|
|
--state string Location of state storage (kops 'config' file). Overrides KOPS_STATE_STORE environment variable
|
|
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
|
|
-v, --v Level number for the log level verbosity
|
|
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
|
|
```
|
|
|
|
### SEE ALSO
|
|
|
|
* [kops create](kops_create.md) - Create a resource by command line, filename or stdin.
|
|
|