Add command for creating TLS secrets

The image-reflector controller now accepts a secret containing a client certificate and key, and/or a CA certificate; so it's useful to have a command for creating them. `flux create secret helm` is close, but accepts username/password (which would be ignored), and has the wrong name of course. Happily though, much can be shared between the implementations. Signed-off-by: Michael Bridgen <michael@weave.works>
2026-02-06 19:05:55 +00:00 · 2021-01-26 16:26:47 +00:00
parent 9f39fadb9e
commit b12c4c22fb
5 changed files with 200 additions and 28 deletions
--- a/docs/cmd/flux_create_secret.md
+++ b/docs/cmd/flux_create_secret.md
@@ -30,4 +30,5 @@ The create source sub-commands generate Kubernetes secrets specific to Flux.
 * [flux create](flux_create.md)	 - Create or update sources and resources
 * [flux create secret git](flux_create_secret_git.md)	 - Create or update a Kubernetes secret for Git authentication
 * [flux create secret helm](flux_create_secret_helm.md)	 - Create or update a Kubernetes secret for Helm repository authentication
+* [flux create secret tls](flux_create_secret_tls.md)	 - Create or update a Kubernetes secret with TLS certificates

--- a/docs/cmd/flux_create_secret_tls.md
+++ b/docs/cmd/flux_create_secret_tls.md
@@ -0,0 +1,56 @@
+## flux create secret tls
+
+Create or update a Kubernetes secret with TLS certificates
+
+### Synopsis
+
+
+The create secret tls command generates a Kubernetes secret with certificates for use with TLS.
+
+```
+flux create secret tls [name] [flags]
+```
+
+### Examples
+
+```
+
+  # Create a TLS secret on disk and encrypt it with Mozilla SOPS.
+  # Files are expected to be PEM-encoded.
+  flux create secret tls certs \
+    --namespace=my-namespace \
+    --cert-file=./client.crt \
+    --key-file=./client.key \
+    --export > certs.yaml
+
+  sops --encrypt --encrypted-regex '^(data|stringData)$' \
+    --in-place certs.yaml
+
+```
+
+### Options
+
+```
+      --ca-file string     TLS authentication CA file path
+      --cert-file string   TLS authentication cert file path
+  -h, --help               help for tls
+      --key-file string    TLS authentication key file path
+```
+
+### Options inherited from parent commands
+
+```
+      --context string      kubernetes context to use
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "flux-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [flux create secret](flux_create_secret.md)	 - Create or update Kubernetes secrets
+