Page last modified on November 15, 2018 at 2:05 PM PST by Initial commit (Page history)
Generates an API server serving certificate and key
Generates the API server serving certificate and key and saves them into apiserver.crt and apiserver.key files.
The certificate includes default subject alternative names and additional SANs provided by the user; default SANs are:
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm alpha phase certs apiserver [flags]
| --apiserver-advertise-address string | |
| The IP address the API server is accessible on, to use for the API server serving cert | |
| --apiserver-cert-extra-sans stringSlice | |
| Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names | |
| --cert-dir string Default: "/etc/kubernetes/pki" | |
| The path where to save the certificates | |
| --config string | |
| Path to kubeadm config file. WARNING: Usage of a configuration file is experimental | |
| -h, --help | |
| help for apiserver | |
| --service-cidr string Default: "10.96.0.0/12" | |
| Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert | |
| --service-dns-domain string Default: "cluster.local" | |
| Alternative domain for services, to use for the API server serving cert | |