Skip to main content

Certificate Management with cert

The cert command is used to generate the necessary certificate files for a Kubernetes cluster. In a Kubernetes cluster, certificates are used to ensure secure communication between components such as the API server, kubelet, and etcd. Certificates provide encryption using the Transport Layer Security (TLS) protocol to ensure the confidentiality and integrity of data during transit.

The sealctl cert command generates certificates automatically based on the provided parameters. These parameters include node IP, node name, service CIDR, DNS domain, and optional additional alternate names. By generating and configuring these certificates, you can ensure secure communication within your Kubernetes cluster.

The `cert` command is used to generate Kubernetes certificates.

--alt-names Alternate names, such as or Can specify multiple alternate names.
--node-name Node name, such as master0.
--service-cidr Service CIDR, such as
--node-ip IP address of the node, such as
--dns-domain DNS domain for the cluster. Default value is cluster.local.
--cert-path Path to Kubernetes certificate files. Default value is /etc/kubernetes/pki.
--cert-etcd-path Path to Kubernetes etcd certificate files. Default value is /etc/kubernetes/pki/etcd.

sealctl cert --alt-names --alt-names \
--node-name master0 --service-cidr \
--node-ip --dns-domain cluster.local