You are viewing documentation for Kubernetes version: v1.29
Kubernetes v1.29 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date information, see the latest version.
Generate the certificate for serving the Kubernetes API
Synopsis
Generate the certificate for serving the Kubernetes API, and save them into apiserver.crt and apiserver.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
kubeadm init phase certs apiserver [flags]
Options
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. If not set the default network interface will be used. | |
--apiserver-cert-extra-sans strings | |
Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to a kubeadm configuration file. | |
--control-plane-endpoint string | |
Specify a stable IP address or DNS name for the control plane. | |
--dry-run | |
Don't apply any changes; just output what would be done. | |
-h, --help | |
help for apiserver | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--service-cidr string Default: "10.96.0.0/12" | |
Use alternative range of IP address for service VIPs. | |
--service-dns-domain string Default: "cluster.local" | |
Use alternative domain for services, e.g. "myorg.internal". |
Options inherited from parent commands
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |