-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: promote the "kubeadm certs" command to GA #24410
Merged
k8s-ci-robot
merged 1 commit into
kubernetes:dev-1.20
from
neolit123:1.20-kubeadm-update-ref-docs
Nov 12, 2020
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
73 changes: 73 additions & 0 deletions
73
content/en/docs/reference/setup-tools/kubeadm/kubeadm-certs.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
--- | ||
title: kubeadm certs | ||
content_type: concept | ||
weight: 90 | ||
--- | ||
|
||
`kubeadm certs` provides utilities for managing certificates. | ||
For more details on how these commands can be used, see | ||
[Certificate Management with kubeadm](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/). | ||
|
||
## kubeadm certs {#cmd-certs} | ||
|
||
A collection of operations for operating Kubernetes certificates. | ||
|
||
{{< tabs name="tab-certs" >}} | ||
{{< tab name="overview" include="generated/kubeadm_certs.md" />}} | ||
{{< /tabs >}} | ||
|
||
## kubeadm certs renew {#cmd-certs-renew} | ||
|
||
You can renew all Kubernetes certificates using the `all` subcommand or renew them selectively. | ||
For more details see [Manual certificate renewal](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#manual-certificate-renewal). | ||
|
||
{{< tabs name="tab-certs-renew" >}} | ||
{{< tab name="renew" include="generated/kubeadm_certs_renew.md" />}} | ||
{{< tab name="all" include="generated/kubeadm_certs_renew_all.md" />}} | ||
{{< tab name="admin.conf" include="generated/kubeadm_certs_renew_admin.conf.md" />}} | ||
{{< tab name="apiserver-etcd-client" include="generated/kubeadm_certs_renew_apiserver-etcd-client.md" />}} | ||
{{< tab name="apiserver-kubelet-client" include="generated/kubeadm_certs_renew_apiserver-kubelet-client.md" />}} | ||
{{< tab name="apiserver" include="generated/kubeadm_certs_renew_apiserver.md" />}} | ||
{{< tab name="controller-manager.conf" include="generated/kubeadm_certs_renew_controller-manager.conf.md" />}} | ||
{{< tab name="etcd-healthcheck-client" include="generated/kubeadm_certs_renew_etcd-healthcheck-client.md" />}} | ||
{{< tab name="etcd-peer" include="generated/kubeadm_certs_renew_etcd-peer.md" />}} | ||
{{< tab name="etcd-server" include="generated/kubeadm_certs_renew_etcd-server.md" />}} | ||
{{< tab name="front-proxy-client" include="generated/kubeadm_certs_renew_front-proxy-client.md" />}} | ||
{{< tab name="scheduler.conf" include="generated/kubeadm_certs_renew_scheduler.conf.md" />}} | ||
{{< /tabs >}} | ||
|
||
## kubeadm certs certificate-key {#cmd-certs-certificate-key} | ||
|
||
This command can be used to generate a new control-plane certificate key. | ||
The key can be passed as `--certificate-key` to [`kubeadm init`](/docs/reference/setup-tools/kubeadm/kubeadm-init) | ||
and [`kubeadm join`](/docs/reference/setup-tools/kubeadm/kubeadm-join) | ||
to enable the automatic copy of certificates when joining additional control-plane nodes. | ||
|
||
{{< tabs name="tab-certs-certificate-key" >}} | ||
{{< tab name="certificate-key" include="generated/kubeadm_certs_certificate-key.md" />}} | ||
{{< /tabs >}} | ||
|
||
## kubeadm certs check-expiration {#cmd-certs-check-expiration} | ||
|
||
This command checks expiration for the certificates in the local PKI managed by kubeadm. | ||
For more details see | ||
[Check certificate expiration](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#check-certificate-expiration). | ||
|
||
{{< tabs name="tab-certs-check-expiration" >}} | ||
{{< tab name="check-expiration" include="generated/kubeadm_certs_check-expiration.md" />}} | ||
{{< /tabs >}} | ||
|
||
## kubeadm certs generate-csr {#cmd-certs-generate-csr} | ||
|
||
This command can be used to generate keys and CSRs for all control-plane certificates and kubeconfig files. | ||
The user can then sign the CSRs with a CA of their choice. | ||
|
||
{{< tabs name="tab-certs-generate-csr" >}} | ||
{{< tab name="generate-csr" include="generated/kubeadm_certs_generate-csr.md" />}} | ||
{{< /tabs >}} | ||
|
||
## {{% heading "whatsnext" %}} | ||
|
||
* [kubeadm init](/docs/reference/setup-tools/kubeadm/kubeadm-init/) to bootstrap a Kubernetes control-plane node | ||
* [kubeadm join](/docs/reference/setup-tools/kubeadm/kubeadm-join/) to connect a node to the cluster | ||
* [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) to revert any changes made to this host by `kubeadm init` or `kubeadm join` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -133,10 +133,10 @@ option. Your cluster requirements may need a different configuration. | |
... | ||
You can now join any number of control-plane node by running the following command on each as a root: | ||
kubeadm join 192.168.0.200:6443 --token 9vr73a.a8uxyaju799qwdjv --discovery-token-ca-cert-hash sha256:7c2e69131a36ae2a042a339b33381c6d0d43887e2de83720eff5359e26aec866 --control-plane --certificate-key f8902e114ef118304e561c3ecd4d0b543adc226b7a07f675f56564185ffe0c07 | ||
|
||
Please note that the certificate-key gives access to cluster sensitive data, keep it secret! | ||
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use kubeadm init phase upload-certs to reload certs afterward. | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. whitespace cleanup. hoping that this doesn't break anything. |
||
Then you can join any number of worker nodes by running the following on each as root: | ||
kubeadm join 192.168.0.200:6443 --token 9vr73a.a8uxyaju799qwdjv --discovery-token-ca-cert-hash sha256:7c2e69131a36ae2a042a339b33381c6d0d43887e2de83720eff5359e26aec866 | ||
``` | ||
|
@@ -155,7 +155,7 @@ option. Your cluster requirements may need a different configuration. | |
To generate such a key you can use the following command: | ||
|
||
```sh | ||
kubeadm alpha certs certificate-key | ||
kubeadm certs certificate-key | ||
``` | ||
|
||
{{< note >}} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cleaned these emeritus members from the "reviewers" block.