Reference Documentation

Edit This Page

Generates an API server serving certificate and key


Generates the API server serving certificate and key and saves them into apiserver.crt and apiserver.key files.

The certificate includes default subject alternative names and additional SANs provided by the user; default SANs are: , , kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc. , (that is the .10 address in address space).

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs apiserver [flags]


--apiserver-advertise-address string
The IP address the API server is accessible on, to use for the API server serving cert
--apiserver-cert-extra-sans stringSlice
Optional extra altnames to use for the API server serving cert. Can be both IP addresses and dns names
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for apiserver
--service-cidr string     Default: ""
Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert
--service-dns-domain string     Default: "cluster.local"
Alternative domain for services, to use for the API server serving cert


Create an Issue Edit this Page