KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
Eric Paris Jan 2015

kubeadm token - Manage bootstrap tokens

kubeadm token [OPTIONS]

This command manages bootstrap tokens. It is optional and needed only for advanced use cases.

In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server. A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs to trust the server it is talking to. Then a bootstrap token with the "signing" usage can be used. bootstrap tokens can also function as a way to allow short-lived authentication to the API Server (the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.

What is a bootstrap token more exactly?
- It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
- A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
while the latter is the Token Secret and it must be kept private at all circumstances!
- The name of the Secret must be named "bootstrap-token-(token-id)".

You can read more about bootstrap tokens here:
https://kubernetes.io/docs/admin/bootstrap-tokens/

--dry-run=false Whether to enable dry-run mode or not

--kubeconfig="/etc/kubernetes/admin.conf" The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

--rootfs="" The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

--version=false --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

kubeadm(1), kubeadm-token-create(1), kubeadm-token-delete(1), kubeadm-token-generate(1), kubeadm-token-list(1),

January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!

User Manuals