Generates all PKI assets necessary to establish the control plane
Synopsis
Generates a self-signed CA to provision identities for each component in the cluster (including nodes) and client certificates to be used by various components.
If a given certificate and private key pair both exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm alpha phase certs all [flags]
Examples
# Creates all PKI assets necessary to establish the control plane,
# functionally equivalent to what generated by kubeadm init.
kubeadm alpha phase certs all
# Creates all PKI assets using options read from a configuration file.
kubeadm alpha phase certs all --config masterconfiguration.yaml
Options
| --apiserver-advertise-address string | |
| The IP address the API server is accessible on, to use for the API server serving cert | |
| --apiserver-cert-extra-sans stringSlice | |
| Optional extra altnames to use for the API server serving cert. Can be both IP addresses and dns names | |
| --cert-dir string Default: "/etc/kubernetes/pki" | |
| The path where to save the certificates | |
| --config string | |
| Path to kubeadm config file (WARNING: Usage of a configuration file is experimental) | |
| -h, --help | |
| help for all | |
| --service-cidr string Default: "10.96.0.0/12" | |
| Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert | |
| --service-dns-domain string Default: "cluster.local" | |
| Alternative domain for services, to use for the API server serving cert | |