oadm-ca-create-signer-cert man page

oadm ca create-signer-cert — Create a signer (certificate authority/CA) certificate and key

Synopsis

oadm ca create-signer-cert [Options]

Description

Create a self-signed CA key/cert for signing certificates used by server components.

Options

--cert="openshift.local.config/master/ca.crt"

The certificate file.

--expire-days=1825

Validity of the certificate in days (defaults to 5 years). WARNING: extending this above default value is highly discouraged.

--key="openshift.local.config/master/ca.key"

The key file.

--name="openshift-signer@<current_timestamp>"

The name of the signer.

--overwrite=true

Overwrite existing cert files if found.  If false, any existing file will be left as-is.

--serial="openshift.local.config/master/ca.serial.txt"

The serial file that keeps track of how many certs have been signed.

Options Inherited from Parent Commands

--api-version=""

DEPRECATED: The API version to use when talking to the server

--as=""

Username to impersonate for the operation

--azure-container-registry-config=""

Path to the file container Azure container registry configuration information.

--certificate-authority=""

Path to a cert. file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cluster=""

The name of the kubeconfig cluster to use

--config=""

Path to the config file to use for CLI requests.

--context=""

The name of the kubeconfig context to use

--google-json-key=""

The Google Cloud Platform Service Account JSON Key to use for authentication.

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--log-flush-frequency=0

Maximum number of seconds between log flushes

--match-server-version=false

Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

--server=""

The address and port of the Kubernetes API server

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

See Also

oadm-ca(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

oadm-ca(1).

Openshift CLI User Manuals June 2016