# kubectl create secret tls 命令详解

从给定的(public/private)公钥/私钥对创建 TLS secret。

公共密钥证书必须是.PEM 编码并匹配指定的私钥。

# 语法

$ tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run]

# 示例

使用指定的 key 创建名为 tls-secret 的 TLS secret:

kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key

# Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
cert Path to PEM encoded public key certificate.
dry-run false If true, only print the object that would be sent, without sending it.
generator secret-for-tls/v1 The name of the API generator to use.
key Path to private key associated with given certificate.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it
Last Updated: 4/15/2023, 8:33:17 PM