.nh
.TH KUBERNETES(1) kubernetes User Manuals
Eric Paris
Jan 2015

.SH NAME
.PP
kubeadm token - Manage bootstrap tokens


.SH SYNOPSIS
.PP
\fBkubeadm token\fP [OPTIONS]


.SH DESCRIPTION
.PP
This command manages bootstrap tokens. It is optional and needed only for advanced use cases.

.PP
In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server.
A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs
to trust the server it is talking to. Then a bootstrap token with the "signing" usage can be used.
bootstrap tokens can also function as a way to allow short-lived authentication to the API Server
(the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.

.PP
What is a bootstrap token more exactly?
 - It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
 - A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
   while the latter is the Token Secret and it must be kept private at all circumstances!
 - The name of the Secret must be named "bootstrap-token-(token-id)".

.PP
You can read more about bootstrap tokens here:
  https://kubernetes.io/docs/admin/bootstrap-tokens/


.SH OPTIONS
.PP
\fB--dry-run\fP=false
	Whether to enable dry-run mode or not

.PP
\fB--kubeconfig\fP="/etc/kubernetes/admin.conf"
	The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.


.SH OPTIONS INHERITED FROM PARENT COMMANDS
.PP
\fB--rootfs\fP=""
	The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

.PP
\fB--version\fP=false
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version


.SH SEE ALSO
.PP
\fBkubeadm(1)\fP, \fBkubeadm-token-create(1)\fP, \fBkubeadm-token-delete(1)\fP, \fBkubeadm-token-generate(1)\fP, \fBkubeadm-token-list(1)\fP,


.SH HISTORY
.PP
January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!