kubeadm-alpha-certs-renew-apiserver - Man Page

Renew the certificate for serving the Kubernetes API

Eric Paris Jan 2015


kubeadm alpha certs renew apiserver [Options]


Renew the certificate for serving the Kubernetes API.

Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.


--cert-dir="/etc/kubernetes/pki" The path where to save the certificates

--config="" Path to a kubeadm configuration file.

--csr-dir="" The path to output the CSRs and private keys to

--csr-only=false Create CSRs instead of generating certificates

--kubeconfig="/etc/kubernetes/admin.conf" The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

Options Inherited from Parent Commands

--azure-container-registry-config="" Path to the file containing Azure container registry configuration information.

--log-flush-frequency=5s Maximum number of seconds between log flushes

--rootfs="" [EXPERIMENTAL] The path to the 'real' host root filesystem.

--version=false Print version information and quit

See Also



January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!

Referenced By


User Manuals