kubeadm token - Manage bootstrap tokens
kubeadm token [OPTIONS]
This command manages bootstrap tokens. It is optional and needed only for advanced use cases.
In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server. A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs to trust the server it is talking to. Then a bootstrap token with the "signing" usage can be used. bootstrap tokens can also function as a way to allow short-lived authentication to the API Server (the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.
What is a bootstrap token more exactly?
- It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
- A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
while the latter is the Token Secret and it must be kept private at all circumstances!
- The name of the Secret must be named "bootstrap-token-(token-id)".
You can read more about bootstrap tokens here:
<https://kubernetes.io/docs/admin/bootstrap-tokens/>
--dry-run=false
Whether to enable dry-run mode or not
--kubeconfig="/etc/kubernetes/admin.conf"
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
--azure-container-registry-config=""
Path to the file containing Azure container registry configuration information.
--log-flush-frequency=5s
Maximum number of seconds between log flushes
--rootfs=""
[EXPERIMENTAL] The path to the 'real' host root filesystem.
--version=false
Print version information and quit
kubeadm(1), kubeadm-token-create(1), kubeadm-token-delete(1), kubeadm-token-generate(1), kubeadm-token-list(1),
January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!