glooctl create secret tls

glooctl create secret tls

Create a secret with the given name

Synopsis

Create a secret with the given name. The format of the secret data is: {"tls" : { "ca.crt": [root ca], "tls.crt": [cert chain], "tls.key": [private key], "tls.ocsp-staple": [ocsp staple]}}.

glooctl create secret tls [flags]

Options

      --certchain string    filename of certchain for secret
  -h, --help                help for tls
      --ocspstaple string   filename of ocspstaple for secret
      --privatekey string   filename of privatekey for secret
      --rootca string       filename of rootca for secret

Options inherited from parent commands

  -c, --config string                  set the path to the glooctl config file (default "<home_directory>/.gloo/glooctl-config.yaml")
      --consul-address string          address of the Consul server. Use with --use-consul (default "127.0.0.1:8500")
      --consul-allow-stale-reads       Allows reading using Consul's stale consistency mode.
      --consul-datacenter string       Datacenter to use. If not provided, the default agent datacenter is used. Use with --use-consul
      --consul-root-key string         key prefix for for Consul key-value storage. (default "gloo")
      --consul-scheme string           URI scheme for the Consul server. Use with --use-consul (default "http")
      --consul-token string            Token is used to provide a per-request ACL token which overrides the agent's default token. Use with --use-consul
      --dry-run                        print kubernetes-formatted yaml rather than creating or updating a resource
  -i, --interactive                    use interactive mode
      --kube-context string            kube context to use when interacting with kubernetes
      --kubeconfig string              kubeconfig to use, if not standard one
      --name string                    name of the resource to read or write
  -n, --namespace string               namespace for reading or writing resources (default "gloo-system")
  -o, --output OutputType              output format: (yaml, json, table, kube-yaml, wide) (default table)
      --use-consul                     use Consul Key-Value storage as the backend for reading and writing config (VirtualServices, Upstreams, and Proxies)
      --use-vault                      use Vault Key-Value storage as the backend for reading and writing secrets
      --vault-address string           address of the Vault server. This should be a complete URL such as "http://vault.example.com". Use with --use-vault (default "https://127.0.0.1:8200")
      --vault-ca-cert string           CACert is the path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.Use with --use-vault
      --vault-ca-path string           CAPath is the path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate.Use with --use-vault
      --vault-client-cert string       ClientCert is the path to the certificate for Vault communication.Use with --use-vault
      --vault-client-key string        ClientKey is the path to the private key for Vault communication.Use with --use-vault
      --vault-path-prefix string       The Secrets Engine to which Vault should route traffic. (default "secret")
      --vault-root-key string          key prefix for Vault key-value storage inside a storage engine. (default "gloo")
      --vault-tls-insecure             Insecure enables or disables SSL verification.Use with --use-vault
      --vault-tls-server-name string   TLSServerName, if set, is used to set the SNI host when connecting via TLS.Use with --use-vault
      --vault-token string             The root token to authenticate with a Vault server. Use with --use-vault

SEE ALSO