This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Kubeadm Generated

  • 1:
  • 2:
  • 3:
  • 4:
  • 5:
  • 6:
  • 7:
  • 8:
  • 9:
  • 10:
  • 11:
  • 12:
  • 13:
  • 14:
  • 15:
  • 16:
  • 17:
  • 18:
  • 19:
  • 20:
  • 21:
  • 22:
  • 23:
  • 24:
  • 25:
  • 26:
  • 27:
  • 28:
  • 29:
  • 30:
  • 31:
  • 32:
  • 33:
  • 34:
  • 35:
    • 36:
      • 36.1:
      • 36.2:
      • 36.3:
      • 36.4:
      • 36.5:
      • 36.6:
      • 36.7:
      • 36.8:
      • 36.9:
      • 36.10:
    • 37:
    • 38:
    • 39:
    • 40:
    • 41:
    • 42:
    • 43:
    • 44:
    • 45:
    • 46:
      • 46.1:
      • 46.2:
      • 46.3:
      • 46.4:
      • 46.5:
      • 46.6:
      • 46.7:
      • 46.8:
      • 46.9:
      • 46.10:
      • 46.11:
      • 46.12:
      • 46.13:
      • 46.14:
      • 46.15:
      • 46.16:
      • 46.17:
      • 46.18:
      • 46.19:
      • 46.20:
      • 46.21:
      • 46.22:
      • 46.23:
      • 46.24:
      • 46.25:
      • 46.26:
      • 46.27:
      • 46.28:
      • 46.29:
      • 46.30:
      • 46.31:
      • 46.32:
      • 46.33:
      • 46.34:
      • 46.35:
      • 46.36:
      • 46.37:
      • 46.38:
      • 46.39:
      • 46.40:
      • 46.41:
      • 46.42:
      • 46.43:
      • 46.44:
      • 46.45:
      • 46.46:
    • 47:
    • 48:
    • 49:
    • 50:
    • 51:
    • 52:
    • 53:
    • 54:
    • 55:
    • 56:
    • 57:
    • 58:
    • 59:
    • 60:
    • 61:
    • 62:
    • 63:
    • 64:
    • 65:
    • 66:
    • 67:
    • 68:
    • 69:
    • 70:
    • 71:
    • 72:
    • 73:
    • 74:
    • 75:
    • 76:
    • 77:
    • 78:
    • 79:
    • 80:
    • 81:
    • 82:
    • 83:
    • 84:
    • 85:
    • 86:
    • 87:
    • 88:
    • 89:
    • 90:
    • 91:
    • 92:
      • 92.1:
      • 92.2:
      • 92.3:
      • 92.4:
      • 92.5:
      • 92.6:
      • 92.7:
      • 92.8:
      • 92.9:
      • 92.10:
      • 92.11:
      • 92.12:
      • 92.13:
      • 92.14:
    • 93:
    • 94:
    • 95:
    • 96:
    • 97:
    • 98:
    • 99:
    • 100:
    • 101:
    • 102:
    • 103:
    • 104:
    • 105:
    • 106:
    • 107:
    • 108:
      • 108.1:
    • 109:
    • 110:
      • 110.1:
      • 110.2:
      • 110.3:
      • 110.4:
    • 111:
    • 112:
    • 113:
    • 114:
    • 115:
      • 115.1:
      • 115.2:
      • 115.3:
      • 115.4:
    • 116:
    • 117:
    • 118:
    • 119:
    • 120:
      • 120.1:
      • 120.2:
      • 120.3:
      • 120.4:
      • 120.5:
      • 120.6:
      • 120.7:
      • 120.8:
    • 121:
    • 122:
    • 123:
    • 124:
    • 125:
    • 126:
    • 127:
    • 128:
    • 129:
      • 130:

      1 -

      kubeadm: easily bootstrap a secure Kubernetes cluster

      Synopsis

      ┌──────────────────────────────────────────────────────────┐
      │ KUBEADM                                                  │
      │ Easily bootstrap a secure Kubernetes cluster             │
      │                                                          │
      │ Please give us feedback at:                              │
      │ https://github.com/kubernetes/kubeadm/issues             │
      └──────────────────────────────────────────────────────────┘
      

      Example usage:

      Create a two-machine cluster with one control-plane node
      (which controls the cluster), and one worker node
      (where your workloads, like Pods and Deployments run).
      
      ┌──────────────────────────────────────────────────────────┐
      │ On the first machine:                                    │
      ├──────────────────────────────────────────────────────────┤
      │ control-plane# kubeadm init                              │
      └──────────────────────────────────────────────────────────┘
      
      ┌──────────────────────────────────────────────────────────┐
      │ On the second machine:                                   │
      ├──────────────────────────────────────────────────────────┤
      │ worker# kubeadm join <arguments-returned-from-init>      │
      └──────────────────────────────────────────────────────────┘
      
      You can then repeat the second step on as many other machines as you like.
      

      Options

      -h, --help

      help for kubeadm

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      2 -

      Commands related to handling kubernetes certificates

      Synopsis

      Commands related to handling kubernetes certificates

      kubeadm certs [flags]
      

      Options

      -h, --help

      help for certs

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      3 -

      Generate certificate keys

      Synopsis

      This command will print out a secure randomly-generated certificate key that can be used with the "init" command.

      You can also use "kubeadm init --upload-certs" without specifying a certificate key and it will generate and print one for you.

      kubeadm certs certificate-key [flags]
      

      Options

      -h, --help

      help for certificate-key

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      4 -

      Check certificates expiration for a Kubernetes cluster

      Synopsis

      Checks expiration for the certificates in the local PKI managed by kubeadm.

      kubeadm certs check-expiration [flags]
      

      Options

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for check-expiration

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      -o, --output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      5 -

      Generate keys and certificate signing requests

      Synopsis

      Generates keys and certificate signing requests (CSRs) for all the certificates required to run the control plane. This command also generates partial kubeconfig files with private key data in the "users > user > client-key-data" field, and for each kubeconfig file an accompanying ".csr" file is created.

      This command is designed for use in Kubeadm External CA Mode. It generates CSRs which you can then submit to your external certificate authority for signing.

      The PEM encoded signed certificates should then be saved alongside the key files, using ".crt" as the file extension, or in the case of kubeconfig files, the PEM encoded signed certificate should be base64 encoded and added to the kubeconfig file in the "users > user > client-certificate-data" field.

      kubeadm certs generate-csr [flags]
      

      Examples

        # The following command will generate keys and CSRs for all control-plane certificates and kubeconfig files:
        kubeadm certs generate-csr --kubeconfig-dir /tmp/etc-k8s --cert-dir /tmp/etc-k8s/pki
      

      Options

      --cert-dir string

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for generate-csr

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      6 -

      Renew certificates for a Kubernetes cluster

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm certs renew [flags]
      

      Options

      -h, --help

      help for renew

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      7 -

      Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew admin.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for admin.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      8 -

      Renew all available certificates

      Synopsis

      Renew all known certificates necessary to run the control plane. Renewals are run unconditionally, regardless of expiration date. Renewals can also be run individually for more control.

      kubeadm certs renew all [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for all

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      9 -

      Renew the certificate the apiserver uses to access etcd

      Synopsis

      Renew the certificate the apiserver uses to access etcd.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew apiserver-etcd-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for apiserver-etcd-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      10 -

      Renew the certificate for the API server to connect to kubelet

      Synopsis

      Renew the certificate for the API server to connect to kubelet.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew apiserver-kubelet-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for apiserver-kubelet-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      11 -

      Renew the certificate for serving the Kubernetes API

      Synopsis

      Renew the certificate for serving the Kubernetes API.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew apiserver [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for apiserver

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      12 -

      Renew the certificate embedded in the kubeconfig file for the controller manager to use

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the controller manager to use.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew controller-manager.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for controller-manager.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      13 -

      Renew the certificate for liveness probes to healthcheck etcd

      Synopsis

      Renew the certificate for liveness probes to healthcheck etcd.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew etcd-healthcheck-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for etcd-healthcheck-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      14 -

      Renew the certificate for etcd nodes to communicate with each other

      Synopsis

      Renew the certificate for etcd nodes to communicate with each other.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew etcd-peer [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for etcd-peer

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      15 -

      Renew the certificate for serving etcd

      Synopsis

      Renew the certificate for serving etcd.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew etcd-server [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for etcd-server

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      16 -

      Renew the certificate for the front proxy client

      Synopsis

      Renew the certificate for the front proxy client.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew front-proxy-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for front-proxy-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      17 -

      Renew the certificate embedded in the kubeconfig file for the scheduler manager to use

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the scheduler manager to use.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew scheduler.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for scheduler.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      18 -

      Renew the certificate embedded in the kubeconfig file for the super-admin

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the super-admin.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew super-admin.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for super-admin.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      19 -

      Generate certificate keys

      Synopsis

      This command will print out a secure randomly-generated certificate key that can be used with the "init" command.

      You can also use "kubeadm init --upload-certs" without specifying a certificate key and it will generate and print one for you.

      kubeadm certs certificate-key [flags]
      

      Options

      -h, --help

      help for certificate-key

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      20 -

      Check certificates expiration for a Kubernetes cluster

      Synopsis

      Checks expiration for the certificates in the local PKI managed by kubeadm.

      kubeadm certs check-expiration [flags]
      

      Options

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -o, --experimental-output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      -h, --help

      help for check-expiration

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      21 -

      Generate keys and certificate signing requests

      Synopsis

      Generates keys and certificate signing requests (CSRs) for all the certificates required to run the control plane. This command also generates partial kubeconfig files with private key data in the "users > user > client-key-data" field, and for each kubeconfig file an accompanying ".csr" file is created.

      This command is designed for use in Kubeadm External CA Mode. It generates CSRs which you can then submit to your external certificate authority for signing.

      The PEM encoded signed certificates should then be saved alongside the key files, using ".crt" as the file extension, or in the case of kubeconfig files, the PEM encoded signed certificate should be base64 encoded and added to the kubeconfig file in the "users > user > client-certificate-data" field.

      kubeadm certs generate-csr [flags]
      

      Examples

        # The following command will generate keys and CSRs for all control-plane certificates and kubeconfig files:
        kubeadm certs generate-csr --kubeconfig-dir /tmp/etc-k8s --cert-dir /tmp/etc-k8s/pki
      

      Options

      --cert-dir string

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for generate-csr

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      22 -

      Renew certificates for a Kubernetes cluster

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm certs renew [flags]
      

      Options

      -h, --help

      help for renew

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      23 -

      Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew admin.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for admin.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      24 -

      Renew all available certificates

      Synopsis

      Renew all known certificates necessary to run the control plane. Renewals are run unconditionally, regardless of expiration date. Renewals can also be run individually for more control.

      kubeadm certs renew all [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for all

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      25 -

      Renew the certificate the apiserver uses to access etcd

      Synopsis

      Renew the certificate the apiserver uses to access etcd.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew apiserver-etcd-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for apiserver-etcd-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      26 -

      Renew the certificate for the API server to connect to kubelet

      Synopsis

      Renew the certificate for the API server to connect to kubelet.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew apiserver-kubelet-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for apiserver-kubelet-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      27 -

      Renew the certificate for serving the Kubernetes API

      Synopsis

      Renew the certificate for serving the Kubernetes API.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew apiserver [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for apiserver

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      28 -

      Renew the certificate embedded in the kubeconfig file for the controller manager to use

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the controller manager to use.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew controller-manager.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for controller-manager.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      29 -

      Renew the certificate for liveness probes to healthcheck etcd

      Synopsis

      Renew the certificate for liveness probes to healthcheck etcd.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew etcd-healthcheck-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for etcd-healthcheck-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      30 -

      Renew the certificate for etcd nodes to communicate with each other

      Synopsis

      Renew the certificate for etcd nodes to communicate with each other.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew etcd-peer [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for etcd-peer

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      31 -

      Renew the certificate for serving etcd

      Synopsis

      Renew the certificate for serving etcd.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew etcd-server [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for etcd-server

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      32 -

      Renew the certificate for the front proxy client

      Synopsis

      Renew the certificate for the front proxy client.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew front-proxy-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for front-proxy-client

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      33 -

      Renew the certificate embedded in the kubeconfig file for the scheduler manager to use

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the scheduler manager to use.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew scheduler.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for scheduler.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      34 -

      Renew the certificate embedded in the kubeconfig file for the super-admin

      Synopsis

      Renew the certificate embedded in the kubeconfig file for the super-admin.

      Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them.

      Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request.

      After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere.

      kubeadm certs renew super-admin.conf [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save the certificates

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for super-admin.conf

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      35 -

      Output shell completion code for the specified shell (bash or zsh)

      Synopsis

      Output shell completion code for the specified shell (bash or zsh). The shell code must be evaluated to provide interactive completion of kubeadm commands. This can be done by sourcing it from the .bash_profile.

      Note: this requires the bash-completion framework.

      To install it on Mac use homebrew: $ brew install bash-completion Once installed, bash_completion must be evaluated. This can be done by adding the following line to the .bash_profile $ source $(brew --prefix)/etc/bash_completion

      If bash-completion is not installed on Linux, please install the 'bash-completion' package via your distribution's package manager.

      Note for zsh users: [1] zsh completions are only supported in versions of zsh >= 5.2

      kubeadm completion SHELL [flags]
      

      Examples

      
      # Install bash completion on a Mac using homebrew
      brew install bash-completion
      printf "\n# Bash completion support\nsource $(brew --prefix)/etc/bash_completion\n" >> $HOME/.bash_profile
      source $HOME/.bash_profile
      
      # Load the kubeadm completion code for bash into the current shell
      source <(kubeadm completion bash)
      
      # Write bash completion code to a file and source it from .bash_profile
      kubeadm completion bash > ~/.kube/kubeadm_completion.bash.inc
      printf "\n# Kubeadm shell completion\nsource '$HOME/.kube/kubeadm_completion.bash.inc'\n" >> $HOME/.bash_profile
      source $HOME/.bash_profile
      
      # Load the kubeadm completion code for zsh[1] into the current shell
      source <(kubeadm completion zsh)
      

      Options

      -h, --help

      help for completion

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36 -

      Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster

      Synopsis

      There is a ConfigMap in the kube-system namespace called "kubeadm-config" that kubeadm uses to store internal configuration about the cluster. kubeadm CLI v1.8.0+ automatically creates this ConfigMap with the config used with 'kubeadm init', but if you initialized your cluster using kubeadm v1.7.x or lower, you must use the 'kubeadm init phase upload-config' command to create this ConfigMap. This is required so that 'kubeadm upgrade' can configure your upgraded cluster correctly.

      kubeadm config [flags]
      

      Options

      -h, --help

      help for config

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.1 -

      Interact with container images used by kubeadm

      Synopsis

      Interact with container images used by kubeadm

      kubeadm config images [flags]
      

      Options

      -h, --help

      help for images

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.2 -

      Print a list of images kubeadm will use. The configuration file is used in case any images or image repositories are customized

      Synopsis

      Print a list of images kubeadm will use. The configuration file is used in case any images or image repositories are customized

      kubeadm config images list [flags]
      

      Options

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --config string

      Path to a kubeadm configuration file.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for list

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      -o, --output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.3 -

      Pull images used by kubeadm

      Synopsis

      Pull images used by kubeadm

      kubeadm config images pull [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for pull

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.4 -

      Read an older version of the kubeadm configuration API types from a file, and output the similar config object for the newer version

      Synopsis

      This command lets you convert configuration objects of older versions to the latest supported version, locally in the CLI tool without ever touching anything in the cluster. In this version of kubeadm, the following API versions are supported:

      • kubeadm.k8s.io/v1beta4

      Further, kubeadm can only write out config of version "kubeadm.k8s.io/v1beta4", but read both types. So regardless of what version you pass to the --old-config parameter here, the API object will be read, deserialized, defaulted, converted, validated, and re-serialized when written to stdout or --new-config if specified.

      In other words, the output of this command is what kubeadm actually would read internally if you submitted this file to "kubeadm init"

      kubeadm config migrate [flags]
      

      Options

      --allow-experimental-api

      Allow migration to experimental, unreleased APIs.

      -h, --help

      help for migrate

      --new-config string

      Path to the resulting equivalent kubeadm config file using the new API version. Optional, if not specified output will be sent to STDOUT.

      --old-config string

      Path to the kubeadm config file that is using an old API version and should be converted. This flag is mandatory.

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.5 -

      Print configuration

      Synopsis

      This command prints configurations for subcommands provided. For details, see: https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#section-directories

      kubeadm config print [flags]
      

      Options

      -h, --help

      help for print

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.6 -

      Print default init configuration, that can be used for 'kubeadm init'

      Synopsis

      This command prints objects such as the default init configuration that is used for 'kubeadm init'.

      Note that sensitive values like the Bootstrap Token fields are replaced with placeholder values like "abcdef.0123456789abcdef" in order to pass validation but not perform the real computation for creating a token.

      kubeadm config print init-defaults [flags]
      

      Options

      --component-configs strings

      A comma-separated list for component config API objects to print the default values for. Available values: [KubeProxyConfiguration KubeletConfiguration]. If this flag is not set, no component configs will be printed.

      -h, --help

      help for init-defaults

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.7 -

      Print default join configuration, that can be used for 'kubeadm join'

      Synopsis

      This command prints objects such as the default join configuration that is used for 'kubeadm join'.

      Note that sensitive values like the Bootstrap Token fields are replaced with placeholder values like "abcdef.0123456789abcdef" in order to pass validation but not perform the real computation for creating a token.

      kubeadm config print join-defaults [flags]
      

      Options

      -h, --help

      help for join-defaults

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.8 -

      Print default reset configuration, that can be used for 'kubeadm reset'

      Synopsis

      This command prints objects such as the default reset configuration that is used for 'kubeadm reset'.

      Note that sensitive values like the Bootstrap Token fields are replaced with placeholder values like "abcdef.0123456789abcdef" in order to pass validation but not perform the real computation for creating a token.

      kubeadm config print reset-defaults [flags]
      

      Options

      -h, --help

      help for reset-defaults

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.9 -

      Print default upgrade configuration, that can be used for 'kubeadm upgrade'

      Synopsis

      This command prints objects such as the default upgrade configuration that is used for 'kubeadm upgrade'.

      Note that sensitive values like the Bootstrap Token fields are replaced with placeholder values like "abcdef.0123456789abcdef" in order to pass validation but not perform the real computation for creating a token.

      kubeadm config print upgrade-defaults [flags]
      

      Options

      -h, --help

      help for upgrade-defaults

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      36.10 -

      Read a file containing the kubeadm configuration API and report any validation problems

      Synopsis

      This command lets you validate a kubeadm configuration API file and report any warnings and errors. If there are no errors the exit status will be zero, otherwise it will be non-zero. Any unmarshaling problems such as unknown API fields will trigger errors. Unknown API versions and fields with invalid values will also trigger errors. Any other errors or warnings may be reported depending on contents of the input file.

      In this version of kubeadm, the following API versions are supported:

      • kubeadm.k8s.io/v1beta4
      kubeadm config validate [flags]
      

      Options

      --allow-experimental-api

      Allow validation of experimental, unreleased APIs.

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for validate

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      37 -

      Interact with container images used by kubeadm

      Synopsis

      Interact with container images used by kubeadm

      kubeadm config images [flags]
      

      Options

      -h, --help

      help for images

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      38 -

      Print a list of images kubeadm will use. The configuration file is used in case any images or image repositories are customized

      Synopsis

      Print a list of images kubeadm will use. The configuration file is used in case any images or image repositories are customized

      kubeadm config images list [flags]
      

      Options

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --config string

      Path to a kubeadm configuration file.

      -o, --experimental-output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for list

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      39 -

      Pull images used by kubeadm

      Synopsis

      Pull images used by kubeadm

      kubeadm config images pull [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for pull

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      40 -

      Read an older version of the kubeadm configuration API types from a file, and output the similar config object for the newer version

      Synopsis

      This command lets you convert configuration objects of older versions to the latest supported version, locally in the CLI tool without ever touching anything in the cluster. In this version of kubeadm, the following API versions are supported:

      • kubeadm.k8s.io/v1beta3

      Further, kubeadm can only write out config of version "kubeadm.k8s.io/v1beta3", but read both types. So regardless of what version you pass to the --old-config parameter here, the API object will be read, deserialized, defaulted, converted, validated, and re-serialized when written to stdout or --new-config if specified.

      In other words, the output of this command is what kubeadm actually would read internally if you submitted this file to "kubeadm init"

      kubeadm config migrate [flags]
      

      Options

      --allow-experimental-api

      Allow migration to experimental, unreleased APIs.

      -h, --help

      help for migrate

      --new-config string

      Path to the resulting equivalent kubeadm config file using the new API version. Optional, if not specified output will be sent to STDOUT.

      --old-config string

      Path to the kubeadm config file that is using an old API version and should be converted. This flag is mandatory.

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      41 -

      Print configuration

      Synopsis

      This command prints configurations for subcommands provided. For details, see: https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#section-directories

      kubeadm config print [flags]
      

      Options

      -h, --help

      help for print

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      42 -

      Print default init configuration, that can be used for 'kubeadm init'

      Synopsis

      This command prints objects such as the default init configuration that is used for 'kubeadm init'.

      Note that sensitive values like the Bootstrap Token fields are replaced with placeholder values like "abcdef.0123456789abcdef" in order to pass validation but not perform the real computation for creating a token.

      kubeadm config print init-defaults [flags]
      

      Options

      --component-configs strings

      A comma-separated list for component config API objects to print the default values for. Available values: [KubeProxyConfiguration KubeletConfiguration]. If this flag is not set, no component configs will be printed.

      -h, --help

      help for init-defaults

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      43 -

      Print default join configuration, that can be used for 'kubeadm join'

      Synopsis

      This command prints objects such as the default join configuration that is used for 'kubeadm join'.

      Note that sensitive values like the Bootstrap Token fields are replaced with placeholder values like "abcdef.0123456789abcdef" in order to pass validation but not perform the real computation for creating a token.

      kubeadm config print join-defaults [flags]
      

      Options

      -h, --help

      help for join-defaults

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      44 -

      Print default reset configuration, that can be used for 'kubeadm reset'

      Synopsis

      This command prints objects such as the default reset configuration that is used for 'kubeadm reset'.

      Note that sensitive values like the Bootstrap Token fields are replaced with placeholder values like "abcdef.0123456789abcdef" in order to pass validation but not perform the real computation for creating a token.

      kubeadm config print reset-defaults [flags]
      

      Options

      -h, --help

      help for reset-defaults

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      45 -

      Read a file containing the kubeadm configuration API and report any validation problems

      Synopsis

      This command lets you validate a kubeadm configuration API file and report any warnings and errors. If there are no errors the exit status will be zero, otherwise it will be non-zero. Any unmarshaling problems such as unknown API fields will trigger errors. Unknown API versions and fields with invalid values will also trigger errors. Any other errors or warnings may be reported depending on contents of the input file.

      In this version of kubeadm, the following API versions are supported:

      • kubeadm.k8s.io/v1beta3
      kubeadm config validate [flags]
      

      Options

      --allow-experimental-api

      Allow validation of experimental, unreleased APIs.

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for validate

      Options inherited from parent commands

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      46 -

      Run this command in order to set up the Kubernetes control plane

      Synopsis

      Run this command in order to set up the Kubernetes control plane

      The "init" command executes the following phases:

      preflight                     Run pre-flight checks
      certs                         Certificate generation
        /ca                           Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
        /apiserver                    Generate the certificate for serving the Kubernetes API
        /apiserver-kubelet-client     Generate the certificate for the API server to connect to kubelet
        /front-proxy-ca               Generate the self-signed CA to provision identities for front proxy
        /front-proxy-client           Generate the certificate for the front proxy client
        /etcd-ca                      Generate the self-signed CA to provision identities for etcd
        /etcd-server                  Generate the certificate for serving etcd
        /etcd-peer                    Generate the certificate for etcd nodes to communicate with each other
        /etcd-healthcheck-client      Generate the certificate for liveness probes to healthcheck etcd
        /apiserver-etcd-client        Generate the certificate the apiserver uses to access etcd
        /sa                           Generate a private key for signing service account tokens along with its public key
      kubeconfig                    Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
        /admin                        Generate a kubeconfig file for the admin to use and for kubeadm itself
        /super-admin                  Generate a kubeconfig file for the super-admin
        /kubelet                      Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
        /controller-manager           Generate a kubeconfig file for the controller manager to use
        /scheduler                    Generate a kubeconfig file for the scheduler to use
      etcd                          Generate static Pod manifest file for local etcd
        /local                        Generate the static Pod manifest file for a local, single-node local etcd instance
      control-plane                 Generate all static Pod manifest files necessary to establish the control plane
        /apiserver                    Generates the kube-apiserver static Pod manifest
        /controller-manager           Generates the kube-controller-manager static Pod manifest
        /scheduler                    Generates the kube-scheduler static Pod manifest
      kubelet-start                 Write kubelet settings and (re)start the kubelet
      upload-config                 Upload the kubeadm and kubelet configuration to a ConfigMap
        /kubeadm                      Upload the kubeadm ClusterConfiguration to a ConfigMap
        /kubelet                      Upload the kubelet component config to a ConfigMap
      upload-certs                  Upload certificates to kubeadm-certs
      mark-control-plane            Mark a node as a control-plane
      bootstrap-token               Generates bootstrap tokens used to join a node to a cluster
      kubelet-finalize              Updates settings relevant to the kubelet after TLS bootstrap
        /enable-client-cert-rotation  Enable kubelet client certificate rotation
        /experimental-cert-rotation   Enable kubelet client certificate rotation (DEPRECATED: use 'enable-client-cert-rotation' instead)
      addon                         Install required addons for passing conformance tests
        /coredns                      Install the CoreDNS addon to a Kubernetes cluster
        /kube-proxy                   Install the kube-proxy addon to a Kubernetes cluster
      show-join-command             Show the join command for control-plane and worker node
      
      kubeadm init [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --apiserver-cert-extra-sans strings

      Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --certificate-key string

      Key used to encrypt the control-plane certificates in the kubeadm-certs Secret. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for init

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      --skip-certificate-key-print

      Don't print the key used to encrypt the control-plane certificates.

      --skip-phases strings

      List of phases to be skipped

      --skip-token-print

      Skip printing of the default bootstrap token generated by 'kubeadm init'.

      --token string

      The token to use for establishing bidirectional trust between nodes and control-plane nodes. The format is [a-z0-9]{6}.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef

      --token-ttl duration     Default: 24h0m0s

      The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire

      --upload-certs

      Upload control-plane certificates to the kubeadm-certs Secret.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.1 -

      Use this command to invoke single phase of the init workflow

      Synopsis

      Use this command to invoke single phase of the init workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.2 -

      Install required addons for passing conformance tests

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase addon [flags]
      

      Options

      -h, --help

      help for addon

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.3 -

      Install all the addons

      Synopsis

      Install all the addons

      kubeadm init phase addon all [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for all

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.4 -

      Install the CoreDNS addon to a Kubernetes cluster

      Synopsis

      Install the CoreDNS addon components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed.

      kubeadm init phase addon coredns [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for coredns

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --print-manifest

      Print the addon manifests to STDOUT instead of installing them

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.5 -

      Install the kube-proxy addon to a Kubernetes cluster

      Synopsis

      Install the kube-proxy addon components via the API server.

      kubeadm init phase addon kube-proxy [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kube-proxy

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      --print-manifest

      Print the addon manifests to STDOUT instead of installing them

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.6 -

      Generates bootstrap tokens used to join a node to a cluster

      Synopsis

      Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a control-plane node.

      This command makes all the configurations required to make bootstrap tokens works and then creates an initial token.

      kubeadm init phase bootstrap-token [flags]
      

      Examples

        # Make all the bootstrap token configurations and create an initial token, functionally
        # equivalent to what generated by kubeadm init.
        kubeadm init phase bootstrap-token
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for bootstrap-token

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --skip-token-print

      Skip printing of the default bootstrap token generated by 'kubeadm init'.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.7 -

      Certificate generation

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase certs [flags]
      

      Options

      -h, --help

      help for certs

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.8 -

      Generate all certificates

      Synopsis

      Generate all certificates

      kubeadm init phase certs all [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-cert-extra-sans strings

      Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.9 -

      Generate the certificate the apiserver uses to access etcd

      Synopsis

      Generate the certificate the apiserver uses to access etcd, and save them into apiserver-etcd-client.crt and apiserver-etcd-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs apiserver-etcd-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for apiserver-etcd-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.10 -

      Generate the certificate for the API server to connect to kubelet

      Synopsis

      Generate the certificate for the API server to connect to kubelet, and save them into apiserver-kubelet-client.crt and apiserver-kubelet-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs apiserver-kubelet-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for apiserver-kubelet-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.11 -

      Generate the certificate for serving the Kubernetes API

      Synopsis

      Generate the certificate for serving the Kubernetes API, and save them into apiserver.crt and apiserver.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs apiserver [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-cert-extra-sans strings

      Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for apiserver

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.12 -

      Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components

      Synopsis

      Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components, and save them into ca.crt and ca.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs ca [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for ca

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.13 -

      Generate the self-signed CA to provision identities for etcd

      Synopsis

      Generate the self-signed CA to provision identities for etcd, and save them into etcd/ca.crt and etcd/ca.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-ca [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-ca

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.14 -

      Generate the certificate for liveness probes to healthcheck etcd

      Synopsis

      Generate the certificate for liveness probes to healthcheck etcd, and save them into etcd/healthcheck-client.crt and etcd/healthcheck-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-healthcheck-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-healthcheck-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.15 -

      Generate the certificate for etcd nodes to communicate with each other

      Synopsis

      Generate the certificate for etcd nodes to communicate with each other, and save them into etcd/peer.crt and etcd/peer.key files.

      Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-peer [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-peer

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.16 -

      Generate the certificate for serving etcd

      Synopsis

      Generate the certificate for serving etcd, and save them into etcd/server.crt and etcd/server.key files.

      Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-server [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-server

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.17 -

      Generate the self-signed CA to provision identities for front proxy

      Synopsis

      Generate the self-signed CA to provision identities for front proxy, and save them into front-proxy-ca.crt and front-proxy-ca.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs front-proxy-ca [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for front-proxy-ca

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.18 -

      Generate the certificate for the front proxy client

      Synopsis

      Generate the certificate for the front proxy client, and save them into front-proxy-client.crt and front-proxy-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs front-proxy-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for front-proxy-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.19 -

      Generate a private key for signing service account tokens along with its public key

      Synopsis

      Generate the private key for signing service account tokens along with its public key, and save them into sa.key and sa.pub files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs sa [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for sa

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.20 -

      Generate all static Pod manifest files necessary to establish the control plane

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase control-plane [flags]
      

      Options

      -h, --help

      help for control-plane

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.21 -

      Generate all static Pod manifest files

      Synopsis

      Generate all static Pod manifest files

      kubeadm init phase control-plane all [flags]
      

      Examples

        # Generates all static Pod manifest files for control plane components,
        # functionally equivalent to what is generated by kubeadm init.
        kubeadm init phase control-plane all
        
        # Generates all static Pod manifest files using options read from a configuration file.
        kubeadm init phase control-plane all --config config.yaml
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for all

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.22 -

      Generates the kube-apiserver static Pod manifest

      Synopsis

      Generates the kube-apiserver static Pod manifest

      kubeadm init phase control-plane apiserver [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      ControlPlaneKubeletLocalMode=true|false (ALPHA - default=false)
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for apiserver

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.23 -

      Generates the kube-controller-manager static Pod manifest

      Synopsis

      Generates the kube-controller-manager static Pod manifest

      kubeadm init phase control-plane controller-manager [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for controller-manager

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.24 -

      Generates the kube-scheduler static Pod manifest

      Synopsis

      Generates the kube-scheduler static Pod manifest

      kubeadm init phase control-plane scheduler [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for scheduler

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.25 -

      Generate static Pod manifest file for local etcd

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase etcd [flags]
      

      Options

      -h, --help

      help for etcd

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.26 -

      Generate the static Pod manifest file for a local, single-node local etcd instance

      Synopsis

      Generate the static Pod manifest file for a local, single-node local etcd instance

      kubeadm init phase etcd local [flags]
      

      Examples

        # Generates the static Pod manifest file for etcd, functionally
        # equivalent to what is generated by kubeadm init.
        kubeadm init phase etcd local
        
        # Generates the static Pod manifest file for etcd using options
        # read from a configuration file.
        kubeadm init phase etcd local --config config.yaml
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for local

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.27 -

      Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase kubeconfig [flags]
      

      Options

      -h, --help

      help for kubeconfig

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.28 -

      Generate a kubeconfig file for the admin to use and for kubeadm itself

      Synopsis

      Generate the kubeconfig file for the admin and for kubeadm itself, and save it to admin.conf file.

      kubeadm init phase kubeconfig admin [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for admin

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.29 -

      Generate all kubeconfig files

      Synopsis

      Generate all kubeconfig files

      kubeadm init phase kubeconfig all [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.30 -

      Generate a kubeconfig file for the controller manager to use

      Synopsis

      Generate the kubeconfig file for the controller manager to use and save it to controller-manager.conf file

      kubeadm init phase kubeconfig controller-manager [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for controller-manager

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.31 -

      Generate a kubeconfig file for the kubelet to use only for cluster bootstrapping purposes

      Synopsis

      Generate the kubeconfig file for the kubelet to use and save it to kubelet.conf file.

      Please note that this should only be used for cluster bootstrapping purposes. After your control plane is up, you should request all kubelet credentials from the CSR API.

      kubeadm init phase kubeconfig kubelet [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.32 -

      Generate a kubeconfig file for the scheduler to use

      Synopsis

      Generate the kubeconfig file for the scheduler to use and save it to scheduler.conf file.

      kubeadm init phase kubeconfig scheduler [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for scheduler

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.33 -

      Generate a kubeconfig file for the super-admin

      Synopsis

      Generate a kubeconfig file for the super-admin, and save it to super-admin.conf file.

      kubeadm init phase kubeconfig super-admin [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for super-admin

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.34 -

      Updates settings relevant to the kubelet after TLS bootstrap

      Synopsis

      Updates settings relevant to the kubelet after TLS bootstrap

      kubeadm init phase kubelet-finalize [flags]
      

      Examples

        # Updates settings relevant to the kubelet after TLS bootstrap"
        kubeadm init phase kubelet-finalize all --config
      

      Options

      -h, --help

      help for kubelet-finalize

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.35 -

      Run all kubelet-finalize phases

      Synopsis

      Run all kubelet-finalize phases

      kubeadm init phase kubelet-finalize all [flags]
      

      Examples

        # Updates settings relevant to the kubelet after TLS bootstrap"
        kubeadm init phase kubelet-finalize all --config
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.36 -

      Enable kubelet client certificate rotation

      Synopsis

      Enable kubelet client certificate rotation

      kubeadm init phase kubelet-finalize enable-client-cert-rotation [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for enable-client-cert-rotation

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.37 -

      Enable kubelet client certificate rotation (DEPRECATED: use 'enable-client-cert-rotation' instead)

      Synopsis

      Enable kubelet client certificate rotation (DEPRECATED: use 'enable-client-cert-rotation' instead)

      kubeadm init phase kubelet-finalize experimental-cert-rotation [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for experimental-cert-rotation

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.38 -

      Write kubelet settings and (re)start the kubelet

      Synopsis

      Write a file with KubeletConfiguration and an environment file with node specific kubelet settings, and then (re)start kubelet.

      kubeadm init phase kubelet-start [flags]
      

      Examples

        # Writes a dynamic environment file with kubelet flags from a InitConfiguration file.
        kubeadm init phase kubelet-start --config config.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet-start

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.39 -

      Mark a node as a control-plane

      Synopsis

      Mark a node as a control-plane

      kubeadm init phase mark-control-plane [flags]
      

      Examples

        # Applies control-plane label and taint to the current node, functionally equivalent to what executed by kubeadm init.
        kubeadm init phase mark-control-plane --config config.yaml
        
        # Applies control-plane label and taint to a specific node
        kubeadm init phase mark-control-plane --node-name myNode
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for mark-control-plane

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.40 -

      Run pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm init.

      kubeadm init phase preflight [flags]
      

      Examples

        # Run pre-flight checks for kubeadm init using a config file.
        kubeadm init phase preflight --config kubeadm-config.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.41 -

      Show the join command for control-plane and worker node

      Synopsis

      Show the join command for control-plane and worker node

      kubeadm init phase show-join-command [flags]
      

      Options

      -h, --help

      help for show-join-command

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.42 -

      Upload certificates to kubeadm-certs

      Synopsis

      Upload control plane certificates to the kubeadm-certs Secret

      kubeadm init phase upload-certs [flags]
      

      Options

      --certificate-key string

      Key used to encrypt the control-plane certificates in the kubeadm-certs Secret. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for upload-certs

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --skip-certificate-key-print

      Don't print the key used to encrypt the control-plane certificates.

      --upload-certs

      Upload control-plane certificates to the kubeadm-certs Secret.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.43 -

      Upload the kubeadm and kubelet configuration to a ConfigMap

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase upload-config [flags]
      

      Options

      -h, --help

      help for upload-config

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.44 -

      Upload all configuration to a config map

      Synopsis

      Upload all configuration to a config map

      kubeadm init phase upload-config all [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.45 -

      Upload the kubeadm ClusterConfiguration to a ConfigMap

      Synopsis

      Upload the kubeadm ClusterConfiguration to a ConfigMap called kubeadm-config in the kube-system namespace. This enables correct configuration of system components and a seamless user experience when upgrading.

      Alternatively, you can use kubeadm config.

      kubeadm init phase upload-config kubeadm [flags]
      

      Examples

        # upload the configuration of your cluster
        kubeadm init phase upload-config --config=myConfig.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubeadm

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      46.46 -

      Upload the kubelet component config to a ConfigMap

      Synopsis

      Upload the kubelet configuration extracted from the kubeadm InitConfiguration object to a kubelet-config ConfigMap in the cluster

      kubeadm init phase upload-config kubelet [flags]
      

      Examples

        # Upload the kubelet configuration from the kubeadm Config file to a ConfigMap in the cluster.
        kubeadm init phase upload-config kubelet --config kubeadm.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      47 -

      Use this command to invoke single phase of the init workflow

      Synopsis

      Use this command to invoke single phase of the init workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      48 -

      Install required addons for passing conformance tests

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase addon [flags]
      

      Options

      -h, --help

      help for addon

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      49 -

      Install all the addons

      Synopsis

      Install all the addons

      kubeadm init phase addon all [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for all

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      50 -

      Install the CoreDNS addon to a Kubernetes cluster

      Synopsis

      Install the CoreDNS addon components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed.

      kubeadm init phase addon coredns [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for coredns

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --print-manifest

      Print the addon manifests to STDOUT instead of installing them

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      51 -

      Install the kube-proxy addon to a Kubernetes cluster

      Synopsis

      Install the kube-proxy addon components via the API server.

      kubeadm init phase addon kube-proxy [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kube-proxy

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      --print-manifest

      Print the addon manifests to STDOUT instead of installing them

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      52 -

      Generates bootstrap tokens used to join a node to a cluster

      Synopsis

      Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a control-plane node.

      This command makes all the configurations required to make bootstrap tokens works and then creates an initial token.

      kubeadm init phase bootstrap-token [flags]
      

      Examples

        # Make all the bootstrap token configurations and create an initial token, functionally
        # equivalent to what generated by kubeadm init.
        kubeadm init phase bootstrap-token
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for bootstrap-token

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --skip-token-print

      Skip printing of the default bootstrap token generated by 'kubeadm init'.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      53 -

      Certificate generation

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase certs [flags]
      

      Options

      -h, --help

      help for certs

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      54 -

      Generate all certificates

      Synopsis

      Generate all certificates

      kubeadm init phase certs all [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-cert-extra-sans strings

      Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      55 -

      Generate the certificate the apiserver uses to access etcd

      Synopsis

      Generate the certificate the apiserver uses to access etcd, and save them into apiserver-etcd-client.crt and apiserver-etcd-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs apiserver-etcd-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for apiserver-etcd-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      56 -

      Generate the certificate for the API server to connect to kubelet

      Synopsis

      Generate the certificate for the API server to connect to kubelet, and save them into apiserver-kubelet-client.crt and apiserver-kubelet-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs apiserver-kubelet-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for apiserver-kubelet-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      57 -

      Generate the certificate for serving the Kubernetes API

      Synopsis

      Generate the certificate for serving the Kubernetes API, and save them into apiserver.crt and apiserver.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs apiserver [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-cert-extra-sans strings

      Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for apiserver

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      --service-dns-domain string     Default: "cluster.local"

      Use alternative domain for services, e.g. "myorg.internal".

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      58 -

      Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components

      Synopsis

      Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components, and save them into ca.crt and ca.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs ca [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for ca

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      59 -

      Generate the self-signed CA to provision identities for etcd

      Synopsis

      Generate the self-signed CA to provision identities for etcd, and save them into etcd/ca.crt and etcd/ca.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-ca [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-ca

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      60 -

      Generate the certificate for liveness probes to healthcheck etcd

      Synopsis

      Generate the certificate for liveness probes to healthcheck etcd, and save them into etcd/healthcheck-client.crt and etcd/healthcheck-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-healthcheck-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-healthcheck-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      61 -

      Generate the certificate for etcd nodes to communicate with each other

      Synopsis

      Generate the certificate for etcd nodes to communicate with each other, and save them into etcd/peer.crt and etcd/peer.key files.

      Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-peer [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-peer

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      62 -

      Generate the certificate for serving etcd

      Synopsis

      Generate the certificate for serving etcd, and save them into etcd/server.crt and etcd/server.key files.

      Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs etcd-server [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd-server

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      63 -

      Generate the self-signed CA to provision identities for front proxy

      Synopsis

      Generate the self-signed CA to provision identities for front proxy, and save them into front-proxy-ca.crt and front-proxy-ca.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs front-proxy-ca [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for front-proxy-ca

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      64 -

      Generate the certificate for the front proxy client

      Synopsis

      Generate the certificate for the front proxy client, and save them into front-proxy-client.crt and front-proxy-client.key files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs front-proxy-client [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for front-proxy-client

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      65 -

      Generate a private key for signing service account tokens along with its public key

      Synopsis

      Generate the private key for signing service account tokens along with its public key, and save them into sa.key and sa.pub files.

      If both files already exist, kubeadm skips the generation step and existing files will be used.

      kubeadm init phase certs sa [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      -h, --help

      help for sa

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      66 -

      Generate all static Pod manifest files necessary to establish the control plane

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase control-plane [flags]
      

      Options

      -h, --help

      help for control-plane

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      67 -

      Generate all static Pod manifest files

      Synopsis

      Generate all static Pod manifest files

      kubeadm init phase control-plane all [flags]
      

      Examples

        # Generates all static Pod manifest files for control plane components,
        # functionally equivalent to what is generated by kubeadm init.
        kubeadm init phase control-plane all
        
        # Generates all static Pod manifest files using options read from a configuration file.
        kubeadm init phase control-plane all --config config.yaml
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --apiserver-extra-args <comma-separated 'key=value' pairs>

      A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value>

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --controller-manager-extra-args <comma-separated 'key=value' pairs>

      A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value>

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for all

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      --scheduler-extra-args <comma-separated 'key=value' pairs>

      A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value>

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      68 -

      Generates the kube-apiserver static Pod manifest

      Synopsis

      Generates the kube-apiserver static Pod manifest

      kubeadm init phase control-plane apiserver [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --apiserver-extra-args <comma-separated 'key=value' pairs>

      A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value>

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for apiserver

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --service-cidr string     Default: "10.96.0.0/12"

      Use alternative range of IP address for service VIPs.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      69 -

      Generates the kube-controller-manager static Pod manifest

      Synopsis

      Generates the kube-controller-manager static Pod manifest

      kubeadm init phase control-plane controller-manager [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --controller-manager-extra-args <comma-separated 'key=value' pairs>

      A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value>

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for controller-manager

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --pod-network-cidr string

      Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      70 -

      Generates the kube-scheduler static Pod manifest

      Synopsis

      Generates the kube-scheduler static Pod manifest

      kubeadm init phase control-plane scheduler [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for scheduler

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --scheduler-extra-args <comma-separated 'key=value' pairs>

      A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value>

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      71 -

      Generate static Pod manifest file for local etcd

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase etcd [flags]
      

      Options

      -h, --help

      help for etcd

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      72 -

      Generate the static Pod manifest file for a local, single-node local etcd instance

      Synopsis

      Generate the static Pod manifest file for a local, single-node local etcd instance

      kubeadm init phase etcd local [flags]
      

      Examples

        # Generates the static Pod manifest file for etcd, functionally
        # equivalent to what is generated by kubeadm init.
        kubeadm init phase etcd local
        
        # Generates the static Pod manifest file for etcd using options
        # read from a configuration file.
        kubeadm init phase etcd local --config config.yaml
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for local

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      73 -

      Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase kubeconfig [flags]
      

      Options

      -h, --help

      help for kubeconfig

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      74 -

      Generate a kubeconfig file for the admin to use and for kubeadm itself

      Synopsis

      Generate the kubeconfig file for the admin and for kubeadm itself, and save it to admin.conf file.

      kubeadm init phase kubeconfig admin [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for admin

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      75 -

      Generate all kubeconfig files

      Synopsis

      Generate all kubeconfig files

      kubeadm init phase kubeconfig all [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      76 -

      Generate a kubeconfig file for the controller manager to use

      Synopsis

      Generate the kubeconfig file for the controller manager to use and save it to controller-manager.conf file

      kubeadm init phase kubeconfig controller-manager [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for controller-manager

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      77 -

      Generate a kubeconfig file for the kubelet to use only for cluster bootstrapping purposes

      Synopsis

      Generate the kubeconfig file for the kubelet to use and save it to kubelet.conf file.

      Please note that this should only be used for cluster bootstrapping purposes. After your control plane is up, you should request all kubelet credentials from the CSR API.

      kubeadm init phase kubeconfig kubelet [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      78 -

      Generate a kubeconfig file for the scheduler to use

      Synopsis

      Generate the kubeconfig file for the scheduler to use and save it to scheduler.conf file.

      kubeadm init phase kubeconfig scheduler [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for scheduler

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      79 -

      Generate a kubeconfig file for the super-admin

      Synopsis

      Generate a kubeconfig file for the super-admin, and save it to super-admin.conf file.

      kubeadm init phase kubeconfig super-admin [flags]
      

      Options

      --apiserver-advertise-address string

      The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      Port for the API Server to bind to.

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --control-plane-endpoint string

      Specify a stable IP address or DNS name for the control plane.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for super-admin

      --kubeconfig-dir string     Default: "/etc/kubernetes"

      The path where to save the kubeconfig file.

      --kubernetes-version string     Default: "stable-1"

      Choose a specific Kubernetes version for the control plane.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      80 -

      Updates settings relevant to the kubelet after TLS bootstrap

      Synopsis

      Updates settings relevant to the kubelet after TLS bootstrap

      kubeadm init phase kubelet-finalize [flags]
      

      Examples

        # Updates settings relevant to the kubelet after TLS bootstrap"
        kubeadm init phase kubelet-finalize all --config
      

      Options

      -h, --help

      help for kubelet-finalize

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      81 -

      Run all kubelet-finalize phases

      Synopsis

      Run all kubelet-finalize phases

      kubeadm init phase kubelet-finalize all [flags]
      

      Examples

        # Updates settings relevant to the kubelet after TLS bootstrap"
        kubeadm init phase kubelet-finalize all --config
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      82 -

      Enable kubelet client certificate rotation

      Synopsis

      Enable kubelet client certificate rotation

      kubeadm init phase kubelet-finalize experimental-cert-rotation [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path where to save and store the certificates.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for experimental-cert-rotation

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      83 -

      Write kubelet settings and (re)start the kubelet

      Synopsis

      Write a file with KubeletConfiguration and an environment file with node specific kubelet settings, and then (re)start kubelet.

      kubeadm init phase kubelet-start [flags]
      

      Examples

        # Writes a dynamic environment file with kubelet flags from a InitConfiguration file.
        kubeadm init phase kubelet-start --config config.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet-start

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      84 -

      Mark a node as a control-plane

      Synopsis

      Mark a node as a control-plane

      kubeadm init phase mark-control-plane [flags]
      

      Examples

        # Applies control-plane label and taint to the current node, functionally equivalent to what executed by kubeadm init.
        kubeadm init phase mark-control-plane --config config.yaml
        
        # Applies control-plane label and taint to a specific node
        kubeadm init phase mark-control-plane --node-name myNode
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for mark-control-plane

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      85 -

      Run pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm init.

      kubeadm init phase preflight [flags]
      

      Examples

        # Run pre-flight checks for kubeadm init using a config file.
        kubeadm init phase preflight --config kubeadm-config.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --image-repository string     Default: "registry.k8s.io"

      Choose a container registry to pull control plane images from

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      86 -

      Show the join command for control-plane and worker node

      Synopsis

      Show the join command for control-plane and worker node

      kubeadm init phase show-join-command [flags]
      

      Options

      -h, --help

      help for show-join-command

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      87 -

      Upload certificates to kubeadm-certs

      Synopsis

      Upload control plane certificates to the kubeadm-certs Secret

      kubeadm init phase upload-certs [flags]
      

      Options

      --certificate-key string

      Key used to encrypt the control-plane certificates in the kubeadm-certs Secret. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for upload-certs

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --skip-certificate-key-print

      Don't print the key used to encrypt the control-plane certificates.

      --upload-certs

      Upload control-plane certificates to the kubeadm-certs Secret.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      88 -

      Upload the kubeadm and kubelet configuration to a ConfigMap

      Synopsis

      This command is not meant to be run on its own. See list of available subcommands.

      kubeadm init phase upload-config [flags]
      

      Options

      -h, --help

      help for upload-config

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      89 -

      Upload all configuration to a config map

      Synopsis

      Upload all configuration to a config map

      kubeadm init phase upload-config all [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      90 -

      Upload the kubeadm ClusterConfiguration to a ConfigMap

      Synopsis

      Upload the kubeadm ClusterConfiguration to a ConfigMap called kubeadm-config in the kube-system namespace. This enables correct configuration of system components and a seamless user experience when upgrading.

      Alternatively, you can use kubeadm config.

      kubeadm init phase upload-config kubeadm [flags]
      

      Examples

        # upload the configuration of your cluster
        kubeadm init phase upload-config --config=myConfig.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubeadm

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      91 -

      Upload the kubelet component config to a ConfigMap

      Synopsis

      Upload the kubelet configuration extracted from the kubeadm InitConfiguration object to a kubelet-config ConfigMap in the cluster

      kubeadm init phase upload-config kubelet [flags]
      

      Examples

        # Upload the kubelet configuration from the kubeadm Config file to a ConfigMap in the cluster.
        kubeadm init phase upload-config kubelet --config kubeadm.yaml
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      92 -

      Run this on any machine you wish to join an existing cluster

      Synopsis

      When joining a kubeadm initialized cluster, we need to establish bidirectional trust. This is split into discovery (having the Node trust the Kubernetes Control Plane) and TLS bootstrap (having the Kubernetes Control Plane trust the Node).

      There are 2 main schemes for discovery. The first is to use a shared token along with the IP address of the API server. The second is to provide a file - a subset of the standard kubeconfig file. The discovery/kubeconfig file supports token, client-go authentication plugins ("exec"), "tokenFile", and "authProvider". This file can be a local file or downloaded via an HTTPS URL. The forms are kubeadm join --discovery-token abcdef.1234567890abcdef 1.2.3.4:6443, kubeadm join --discovery-file path/to/file.conf, or kubeadm join --discovery-file https://url/file.conf. Only one form can be used. If the discovery information is loaded from a URL, HTTPS must be used. Also, in that case the host installed CA bundle is used to verify the connection.

      If you use a shared token for discovery, you should also pass the --discovery-token-ca-cert-hash flag to validate the public key of the root certificate authority (CA) presented by the Kubernetes Control Plane. The value of this flag is specified as "<hash-type>:<hex-encoded-value>", where the supported hash type is "sha256". The hash is calculated over the bytes of the Subject Public Key Info (SPKI) object (as in RFC7469). This value is available in the output of "kubeadm init" or can be calculated using standard tools. The --discovery-token-ca-cert-hash flag may be repeated multiple times to allow more than one public key.

      If you cannot know the CA public key hash ahead of time, you can pass the --discovery-token-unsafe-skip-ca-verification flag to disable this verification. This weakens the kubeadm security model since other nodes can potentially impersonate the Kubernetes Control Plane.

      The TLS bootstrap mechanism is also driven via a shared token. This is used to temporarily authenticate with the Kubernetes Control Plane to submit a certificate signing request (CSR) for a locally created key pair. By default, kubeadm will set up the Kubernetes Control Plane to automatically approve these signing requests. This token is passed in with the --tls-bootstrap-token abcdef.1234567890abcdef flag.

      Often times the same token is used for both parts. In this case, the --token flag can be used instead of specifying each token individually.

      The "join [api-server-endpoint]" command executes the following phases:

      preflight              Run join pre-flight checks
      control-plane-prepare  Prepare the machine for serving a control plane
        /download-certs        Download certificates shared among control-plane nodes from the kubeadm-certs Secret
        /certs                 Generate the certificates for the new control plane components
        /kubeconfig            Generate the kubeconfig for the new control plane components
        /control-plane         Generate the manifests for the new control plane components
      kubelet-start          Write kubelet settings, certificates and (re)start the kubelet
      control-plane-join     Join a machine as a control plane instance
        /etcd                  Add a new local etcd member
        /mark-control-plane    Mark a node as a control-plane
      wait-control-plane     EXPERIMENTAL: Wait for the control plane to start
      
      kubeadm join [api-server-endpoint] [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      If the node should host a new control plane instance, the port for the API Server to bind to.

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for join

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --skip-phases strings

      List of phases to be skipped

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.1 -

      Use this command to invoke single phase of the join workflow

      Synopsis

      Use this command to invoke single phase of the join workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.2 -

      Join a machine as a control plane instance

      Synopsis

      Join a machine as a control plane instance

      kubeadm join phase control-plane-join [flags]
      

      Examples

        # Joins a machine as a control plane instance
        kubeadm join phase control-plane-join all
      

      Options

      -h, --help

      help for control-plane-join

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.3 -

      Join a machine as a control plane instance

      Synopsis

      Join a machine as a control plane instance

      kubeadm join phase control-plane-join all [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.4 -

      Add a new local etcd member

      Synopsis

      Add a new local etcd member

      kubeadm join phase control-plane-join etcd [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.5 -

      Mark a node as a control-plane

      Synopsis

      Mark a node as a control-plane

      kubeadm join phase control-plane-join mark-control-plane [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for mark-control-plane

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.6 -

      Prepare the machine for serving a control plane

      Synopsis

      Prepare the machine for serving a control plane

      kubeadm join phase control-plane-prepare [flags]
      

      Examples

        # Prepares the machine for serving a control plane
        kubeadm join phase control-plane-prepare all
      

      Options

      -h, --help

      help for control-plane-prepare

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.7 -

      Prepare the machine for serving a control plane

      Synopsis

      Prepare the machine for serving a control plane

      kubeadm join phase control-plane-prepare all [api-server-endpoint] [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      If the node should host a new control plane instance, the port for the API Server to bind to.

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.8 -

      Generate the certificates for the new control plane components

      Synopsis

      Generate the certificates for the new control plane components

      kubeadm join phase control-plane-prepare certs [api-server-endpoint] [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for certs

      --node-name string

      Specify the node name.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.9 -

      Generate the manifests for the new control plane components

      Synopsis

      Generate the manifests for the new control plane components

      kubeadm join phase control-plane-prepare control-plane [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      If the node should host a new control plane instance, the port for the API Server to bind to.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for control-plane

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.10 -

      Download certificates shared among control-plane nodes from the kubeadm-certs Secret

      Synopsis

      Download certificates shared among control-plane nodes from the kubeadm-certs Secret

      kubeadm join phase control-plane-prepare download-certs [api-server-endpoint] [flags]
      

      Options

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for download-certs

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.11 -

      Generate the kubeconfig for the new control plane components

      Synopsis

      Generate the kubeconfig for the new control plane components

      kubeadm join phase control-plane-prepare kubeconfig [api-server-endpoint] [flags]
      

      Options

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubeconfig

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.12 -

      Write kubelet settings, certificates and (re)start the kubelet

      Synopsis

      Write a file with KubeletConfiguration and an environment file with node specific kubelet settings, and then (re)start kubelet.

      kubeadm join phase kubelet-start [api-server-endpoint] [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet-start

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.13 -

      Run join pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm join.

      kubeadm join phase preflight [api-server-endpoint] [flags]
      

      Examples

        # Run join pre-flight checks using a config file.
        kubeadm join phase preflight --config kubeadm-config.yaml
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      If the node should host a new control plane instance, the port for the API Server to bind to.

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --node-name string

      Specify the node name.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      92.14 -

      EXPERIMENTAL: Wait for the control plane to start

      Synopsis

      EXPERIMENTAL: Wait for the control plane to start

      kubeadm join phase wait-control-plane [flags]
      

      Options

      -h, --help

      help for wait-control-plane

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      93 -

      Use this command to invoke single phase of the join workflow

      Synopsis

      Use this command to invoke single phase of the join workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      94 -

      Join a machine as a control plane instance

      Synopsis

      Join a machine as a control plane instance

      kubeadm join phase control-plane-join [flags]
      

      Examples

        # Joins a machine as a control plane instance
        kubeadm join phase control-plane-join all
      

      Options

      -h, --help

      help for control-plane-join

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      95 -

      Join a machine as a control plane instance

      Synopsis

      Join a machine as a control plane instance

      kubeadm join phase control-plane-join all [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      96 -

      Add a new local etcd member

      Synopsis

      Add a new local etcd member

      kubeadm join phase control-plane-join etcd [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for etcd

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      97 -

      Mark a node as a control-plane

      Synopsis

      Mark a node as a control-plane

      kubeadm join phase control-plane-join mark-control-plane [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for mark-control-plane

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      98 -

      Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap (DEPRECATED)

      Synopsis

      Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap (DEPRECATED)

      kubeadm join phase control-plane-join update-status [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      -h, --help

      help for update-status

      --node-name string

      Specify the node name.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      99 -

      Prepare the machine for serving a control plane

      Synopsis

      Prepare the machine for serving a control plane

      kubeadm join phase control-plane-prepare [flags]
      

      Examples

        # Prepares the machine for serving a control plane
        kubeadm join phase control-plane-prepare all
      

      Options

      -h, --help

      help for control-plane-prepare

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      100 -

      Prepare the machine for serving a control plane

      Synopsis

      Prepare the machine for serving a control plane

      kubeadm join phase control-plane-prepare all [api-server-endpoint] [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      If the node should host a new control plane instance, the port for the API Server to bind to.

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for all

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      101 -

      Generate the certificates for the new control plane components

      Synopsis

      Generate the certificates for the new control plane components

      kubeadm join phase control-plane-prepare certs [api-server-endpoint] [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for certs

      --node-name string

      Specify the node name.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      102 -

      Generate the manifests for the new control plane components

      Synopsis

      Generate the manifests for the new control plane components

      kubeadm join phase control-plane-prepare control-plane [flags]
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      If the node should host a new control plane instance, the port for the API Server to bind to.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for control-plane

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      103 -

      [EXPERIMENTAL] Download certificates shared among control-plane nodes from the kubeadm-certs Secret

      Synopsis

      [EXPERIMENTAL] Download certificates shared among control-plane nodes from the kubeadm-certs Secret

      kubeadm join phase control-plane-prepare download-certs [api-server-endpoint] [flags]
      

      Options

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for download-certs

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      104 -

      Generate the kubeconfig for the new control plane components

      Synopsis

      Generate the kubeconfig for the new control plane components

      kubeadm join phase control-plane-prepare kubeconfig [api-server-endpoint] [flags]
      

      Options

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubeconfig

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      105 -

      Write kubelet settings, certificates and (re)start the kubelet

      Synopsis

      Write a file with KubeletConfiguration and an environment file with node specific kubelet settings, and then (re)start kubelet.

      kubeadm join phase kubelet-start [api-server-endpoint] [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for kubelet-start

      --node-name string

      Specify the node name.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      106 -

      Run join pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm join.

      kubeadm join phase preflight [api-server-endpoint] [flags]
      

      Examples

        # Run join pre-flight checks using a config file.
        kubeadm join phase preflight --config kubeadm-config.yaml
      

      Options

      --apiserver-advertise-address string

      If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.

      --apiserver-bind-port int32     Default: 6443

      If the node should host a new control plane instance, the port for the API Server to bind to.

      --certificate-key string

      Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes.

      --config string

      Path to a kubeadm configuration file.

      --control-plane

      Create a new control plane instance on this node

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --discovery-file string

      For file-based discovery, a file or URL from which to load cluster information.

      --discovery-token string

      For token-based discovery, the token used to validate cluster information fetched from the API server.

      --discovery-token-ca-cert-hash strings

      For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>").

      --discovery-token-unsafe-skip-ca-verification

      For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --node-name string

      Specify the node name.

      --tls-bootstrap-token string

      Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

      --token string

      Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      107 -

      EXPERIMENTAL: Wait for the control plane to start

      Synopsis

      EXPERIMENTAL: Wait for the control plane to start

      kubeadm join phase wait-control-plane [flags]
      

      Options

      -h, --help

      help for wait-control-plane

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      108 -

      Kubeconfig file utilities

      Synopsis

      Kubeconfig file utilities.

      Options

      -h, --help

      help for kubeconfig

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      108.1 -

      Output a kubeconfig file for an additional user

      Synopsis

      Output a kubeconfig file for an additional user.

      kubeadm kubeconfig user [flags]
      

      Examples

        # Output a kubeconfig file for an additional user named foo
        kubeadm kubeconfig user --client-name=foo
        
        # Output a kubeconfig file for an additional user named foo using a kubeadm config file bar
        kubeadm kubeconfig user --client-name=foo --config=bar
      

      Options

      --client-name string

      The name of user. It will be used as the CN if client certificates are created

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for user

      --org strings

      The organizations of the client certificate. It will be used as the O if client certificates are created

      --token string

      The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates

      --validity-period duration     Default: 8760h0m0s

      The validity period of the client certificate. It is an offset from the current time.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      109 -

      Output a kubeconfig file for an additional user

      Synopsis

      Output a kubeconfig file for an additional user.

      kubeadm kubeconfig user [flags]
      

      Examples

        # Output a kubeconfig file for an additional user named foo
        kubeadm kubeconfig user --client-name=foo
        
        # Output a kubeconfig file for an additional user named foo using a kubeadm config file bar
        kubeadm kubeconfig user --client-name=foo --config=bar
      

      Options

      --client-name string

      The name of user. It will be used as the CN if client certificates are created

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for user

      --org strings

      The organizations of the client certificate. It will be used as the O if client certificates are created

      --token string

      The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates

      --validity-period duration     Default: 8760h0m0s

      The validity period of the client certificate. It is an offset from the current time.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      110 -

      Performs a best effort revert of changes made to this host by 'kubeadm init' or 'kubeadm join'

      Synopsis

      Performs a best effort revert of changes made to this host by 'kubeadm init' or 'kubeadm join'

      The "reset" command executes the following phases:

      preflight           Run reset pre-flight checks
      remove-etcd-member  Remove a local etcd member.
      cleanup-node        Run cleanup node.
      
      kubeadm reset [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path to the directory where the certificates are stored. If specified, clean this directory.

      --cleanup-tmp-dir

      Cleanup the "/etc/kubernetes/tmp" directory

      --config string

      Path to a kubeadm configuration file.

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -f, --force

      Reset the node without prompting for confirmation.

      -h, --help

      help for reset

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --skip-phases strings

      List of phases to be skipped

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      110.1 -

      Use this command to invoke single phase of the reset workflow

      Synopsis

      Use this command to invoke single phase of the reset workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      110.2 -

      Run cleanup node.

      Synopsis

      Run cleanup node.

      kubeadm reset phase cleanup-node [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path to the directory where the certificates are stored. If specified, clean this directory.

      --cleanup-tmp-dir

      Cleanup the "/etc/kubernetes/tmp" directory

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for cleanup-node

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      110.3 -

      Run reset pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm reset.

      kubeadm reset phase preflight [flags]
      

      Options

      --dry-run

      Don't apply any changes; just output what would be done.

      -f, --force

      Reset the node without prompting for confirmation.

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      110.4 -

      Remove a local etcd member.

      Synopsis

      Remove a local etcd member for a control plane node.

      kubeadm reset phase remove-etcd-member [flags]
      

      Options

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for remove-etcd-member

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      111 -

      Use this command to invoke single phase of the reset workflow

      Synopsis

      Use this command to invoke single phase of the reset workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      112 -

      Run cleanup node.

      Synopsis

      Run cleanup node.

      kubeadm reset phase cleanup-node [flags]
      

      Options

      --cert-dir string     Default: "/etc/kubernetes/pki"

      The path to the directory where the certificates are stored. If specified, clean this directory.

      --cleanup-tmp-dir

      Cleanup the "/etc/kubernetes/tmp" directory

      --cri-socket string

      Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for cleanup-node

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      113 -

      Run reset pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm reset.

      kubeadm reset phase preflight [flags]
      

      Options

      --dry-run

      Don't apply any changes; just output what would be done.

      -f, --force

      Reset the node without prompting for confirmation.

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      114 -

      Remove a local etcd member.

      Synopsis

      Remove a local etcd member for a control plane node.

      kubeadm reset phase remove-etcd-member [flags]
      

      Options

      --dry-run

      Don't apply any changes; just output what would be done.

      -h, --help

      help for remove-etcd-member

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      115 -

      Manage bootstrap tokens

      Synopsis

      This command manages bootstrap tokens. It is optional and needed only for advanced use cases.

      In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server. A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs to trust the server it is talking to. Then a bootstrap token with the "signing" usage can be used. bootstrap tokens can also function as a way to allow short-lived authentication to the API Server (the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.

      What is a bootstrap token more exactly?

      • It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
      • A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID, while the latter is the Token Secret and it must be kept private at all circumstances!
      • The name of the Secret must be named "bootstrap-token-(token-id)".

      You can read more about bootstrap tokens here: https://kubernetes.io/docs/admin/bootstrap-tokens/

      kubeadm token [flags]
      

      Options

      --dry-run

      Whether to enable dry-run mode or not

      -h, --help

      help for token

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      115.1 -

      Create bootstrap tokens on the server

      Synopsis

      This command will create a bootstrap token for you. You can specify the usages for this token, the "time to live" and an optional human friendly description.

      The [token] is the actual token to write. This should be a securely generated random token of the form "[a-z0-9]{6}.[a-z0-9]{16}". If no [token] is given, kubeadm will generate a random token instead.

      kubeadm token create [token]
      

      Options

      --certificate-key string

      When used together with '--print-join-command', print the full 'kubeadm join' flag needed to join the cluster as a control-plane. To create a new certificate key you must use 'kubeadm init phase upload-certs --upload-certs'.

      --config string

      Path to a kubeadm configuration file.

      --description string

      A human friendly description of how this token is used.

      --groups strings     Default: "system:bootstrappers:kubeadm:default-node-token"

      Extra groups that this token will authenticate as when used for authentication. Must match "\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z"

      -h, --help

      help for create

      --print-join-command

      Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.

      --ttl duration     Default: 24h0m0s

      The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire

      --usages strings     Default: "signing,authentication"

      Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      115.2 -

      Delete bootstrap tokens on the server

      Synopsis

      This command will delete a list of bootstrap tokens for you.

      The [token-value] is the full Token of the form "[a-z0-9]{6}.[a-z0-9]{16}" or the Token ID of the form "[a-z0-9]{6}" to delete.

      kubeadm token delete [token-value] ...
      

      Options

      -h, --help

      help for delete

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      115.3 -

      Generate and print a bootstrap token, but do not create it on the server

      Synopsis

      This command will print out a randomly-generated bootstrap token that can be used with the "init" and "join" commands.

      You don't have to use this command in order to generate a token. You can do so yourself as long as it is in the format "[a-z0-9]{6}.[a-z0-9]{16}". This command is provided for convenience to generate tokens in the given format.

      You can also use "kubeadm init" without specifying a token and it will generate and print one for you.

      kubeadm token generate [flags]
      

      Options

      -h, --help

      help for generate

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      115.4 -

      List bootstrap tokens on the server

      Synopsis

      This command will list all bootstrap tokens for you.

      kubeadm token list [flags]
      

      Options

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -h, --help

      help for list

      -o, --output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      116 -

      Create bootstrap tokens on the server

      Synopsis

      This command will create a bootstrap token for you. You can specify the usages for this token, the "time to live" and an optional human friendly description.

      The [token] is the actual token to write. This should be a securely generated random token of the form "[a-z0-9]{6}.[a-z0-9]{16}". If no [token] is given, kubeadm will generate a random token instead.

      kubeadm token create [token]
      

      Options

      --certificate-key string

      When used together with '--print-join-command', print the full 'kubeadm join' flag needed to join the cluster as a control-plane. To create a new certificate key you must use 'kubeadm init phase upload-certs --upload-certs'.

      --config string

      Path to a kubeadm configuration file.

      --description string

      A human friendly description of how this token is used.

      --groups strings     Default: "system:bootstrappers:kubeadm:default-node-token"

      Extra groups that this token will authenticate as when used for authentication. Must match "\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z"

      -h, --help

      help for create

      --print-join-command

      Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.

      --ttl duration     Default: 24h0m0s

      The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire

      --usages strings     Default: "signing,authentication"

      Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      117 -

      Delete bootstrap tokens on the server

      Synopsis

      This command will delete a list of bootstrap tokens for you.

      The [token-value] is the full Token of the form "[a-z0-9]{6}.[a-z0-9]{16}" or the Token ID of the form "[a-z0-9]{6}" to delete.

      kubeadm token delete [token-value] ...
      

      Options

      -h, --help

      help for delete

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      118 -

      Generate and print a bootstrap token, but do not create it on the server

      Synopsis

      This command will print out a randomly-generated bootstrap token that can be used with the "init" and "join" commands.

      You don't have to use this command in order to generate a token. You can do so yourself as long as it is in the format "[a-z0-9]{6}.[a-z0-9]{16}". This command is provided for convenience to generate tokens in the given format.

      You can also use "kubeadm init" without specifying a token and it will generate and print one for you.

      kubeadm token generate [flags]
      

      Options

      -h, --help

      help for generate

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      119 -

      List bootstrap tokens on the server

      Synopsis

      This command will list all bootstrap tokens for you.

      kubeadm token list [flags]
      

      Options

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      -o, --experimental-output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      -h, --help

      help for list

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --dry-run

      Whether to enable dry-run mode or not

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      120 -

      Upgrade your cluster smoothly to a newer version with this command

      Synopsis

      Upgrade your cluster smoothly to a newer version with this command

      kubeadm upgrade [flags]
      

      Options

      -h, --help

      help for upgrade

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.1 -

      Upgrade your Kubernetes cluster to the specified version

      Synopsis

      Upgrade your Kubernetes cluster to the specified version

      kubeadm upgrade apply [version]
      

      Options

      --allow-experimental-upgrades

      Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes.

      --allow-release-candidate-upgrades

      Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes.

      --certificate-renewal     Default: true

      Perform the renewal of certificates used by component changed during upgrades.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Do not change any state, just output what actions would be performed.

      --etcd-upgrade     Default: true

      Perform the upgrade of etcd.

      -f, --force

      Force upgrading although some requirements might not be met. This also implies non-interactive mode.

      -h, --help

      help for apply

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --print-config

      Specifies whether the configuration file that will be used in the upgrade should be printed or not.

      -y, --yes

      Perform the upgrade and do not prompt for confirmation (non-interactive mode).

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.2 -

      Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply --dry-run

      Synopsis

      Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply --dry-run

      kubeadm upgrade diff [version] [flags]
      

      Options

      --config string

      Path to a kubeadm configuration file.

      -c, --context-lines int     Default: 3

      How many lines of context in the diff

      -h, --help

      help for diff

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.3 -

      Upgrade commands for a node in the cluster

      Synopsis

      Upgrade commands for a node in the cluster

      The "node" command executes the following phases:

      preflight       Run upgrade node pre-flight checks
      control-plane   Upgrade the control plane instance deployed on this node, if any
      kubelet-config  Upgrade the kubelet configuration for this node
      
      kubeadm upgrade node [flags]
      

      Options

      --certificate-renewal     Default: true

      Perform the renewal of certificates used by component changed during upgrades.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Do not change any state, just output the actions that would be performed.

      --etcd-upgrade     Default: true

      Perform the upgrade of etcd.

      -h, --help

      help for node

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --skip-phases strings

      List of phases to be skipped

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.4 -

      Use this command to invoke single phase of the node workflow

      Synopsis

      Use this command to invoke single phase of the node workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.5 -

      Upgrade the control plane instance deployed on this node, if any

      Synopsis

      Upgrade the control plane instance deployed on this node, if any

      kubeadm upgrade node phase control-plane [flags]
      

      Options

      --certificate-renewal     Default: true

      Perform the renewal of certificates used by component changed during upgrades.

      --dry-run

      Do not change any state, just output the actions that would be performed.

      --etcd-upgrade     Default: true

      Perform the upgrade of etcd.

      -h, --help

      help for control-plane

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.6 -

      Upgrade the kubelet configuration for this node

      Synopsis

      Download the kubelet configuration from the kubelet-config ConfigMap stored in the cluster

      kubeadm upgrade node phase kubelet-config [flags]
      

      Options

      --dry-run

      Do not change any state, just output the actions that would be performed.

      -h, --help

      help for kubelet-config

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration", "corednsdeployment". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.7 -

      Run upgrade node pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm upgrade node.

      kubeadm upgrade node phase preflight [flags]
      

      Options

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      120.8 -

      Check which versions are available to upgrade to and validate whether your current cluster is upgradeable.

      Synopsis

      Check which versions are available to upgrade to and validate whether your current cluster is upgradeable. This command can only run on the control plane nodes where the kubeconfig file "admin.conf" exists. To skip the internet check, pass in the optional [version] parameter.

      kubeadm upgrade plan [version] [flags]
      

      Options

      --allow-experimental-upgrades

      Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --allow-release-candidate-upgrades

      Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes.

      --config string

      Path to a kubeadm configuration file.

      -h, --help

      help for plan

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      -o, --output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      --print-config

      Specifies whether the configuration file that will be used in the upgrade should be printed or not.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      121 -

      Upgrade your Kubernetes cluster to the specified version

      Synopsis

      Upgrade your Kubernetes cluster to the specified version

      kubeadm upgrade apply [version]
      

      Options

      --allow-experimental-upgrades

      Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes.

      --allow-release-candidate-upgrades

      Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes.

      --certificate-renewal     Default: true

      Perform the renewal of certificates used by component changed during upgrades.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Do not change any state, just output what actions would be performed.

      --etcd-upgrade     Default: true

      Perform the upgrade of etcd.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -f, --force

      Force upgrading although some requirements might not be met. This also implies non-interactive mode.

      -h, --help

      help for apply

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --print-config

      Specifies whether the configuration file that will be used in the upgrade should be printed or not.

      -y, --yes

      Perform the upgrade and do not prompt for confirmation (non-interactive mode).

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      122 -

      Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply --dry-run

      Synopsis

      Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply --dry-run

      kubeadm upgrade diff [version] [flags]
      

      Options

      --api-server-manifest string     Default: "/etc/kubernetes/manifests/kube-apiserver.yaml"

      path to API server manifest

      --config string

      Path to a kubeadm configuration file.

      -c, --context-lines int     Default: 3

      How many lines of context in the diff

      --controller-manager-manifest string     Default: "/etc/kubernetes/manifests/kube-controller-manager.yaml"

      path to controller manifest

      -h, --help

      help for diff

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --scheduler-manifest string     Default: "/etc/kubernetes/manifests/kube-scheduler.yaml"

      path to scheduler manifest

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      123 -

      Upgrade commands for a node in the cluster

      Synopsis

      Upgrade commands for a node in the cluster

      The "node" command executes the following phases:

      preflight       Run upgrade node pre-flight checks
      control-plane   Upgrade the control plane instance deployed on this node, if any
      kubelet-config  Upgrade the kubelet configuration for this node
      
      kubeadm upgrade node [flags]
      

      Options

      --certificate-renewal     Default: true

      Perform the renewal of certificates used by component changed during upgrades.

      --config string

      Path to a kubeadm configuration file.

      --dry-run

      Do not change any state, just output the actions that would be performed.

      --etcd-upgrade     Default: true

      Perform the upgrade of etcd.

      -h, --help

      help for node

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      --skip-phases strings

      List of phases to be skipped

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      124 -

      Use this command to invoke single phase of the node workflow

      Synopsis

      Use this command to invoke single phase of the node workflow

      Options

      -h, --help

      help for phase

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      125 -

      Upgrade the control plane instance deployed on this node, if any

      Synopsis

      Upgrade the control plane instance deployed on this node, if any

      kubeadm upgrade node phase control-plane [flags]
      

      Options

      --certificate-renewal     Default: true

      Perform the renewal of certificates used by component changed during upgrades.

      --dry-run

      Do not change any state, just output the actions that would be performed.

      --etcd-upgrade     Default: true

      Perform the upgrade of etcd.

      -h, --help

      help for control-plane

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      126 -

      Upgrade the kubelet configuration for this node

      Synopsis

      Download the kubelet configuration from the kubelet-config ConfigMap stored in the cluster

      kubeadm upgrade node phase kubelet-config [flags]
      

      Options

      --dry-run

      Do not change any state, just output the actions that would be performed.

      -h, --help

      help for kubelet-config

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --patches string

      Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      127 -

      Run upgrade node pre-flight checks

      Synopsis

      Run pre-flight checks for kubeadm upgrade node.

      kubeadm upgrade node phase preflight [flags]
      

      Options

      -h, --help

      help for preflight

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      128 -

      Check which versions are available to upgrade to and validate whether your current cluster is upgradeable.

      Synopsis

      Check which versions are available to upgrade to and validate whether your current cluster is upgradeable. This command can only run on the control plane nodes where the kubeconfig file "admin.conf" exists. To skip the internet check, pass in the optional [version] parameter.

      kubeadm upgrade plan [version] [flags]
      

      Options

      --allow-experimental-upgrades

      Show unstable versions of Kubernetes as an upgrade alternative and allow upgrading to an alpha/beta/release candidate versions of Kubernetes.

      --allow-missing-template-keys     Default: true

      If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

      --allow-release-candidate-upgrades

      Show release candidate versions of Kubernetes as an upgrade alternative and allow upgrading to a release candidate versions of Kubernetes.

      --config string

      Path to a kubeadm configuration file.

      -o, --experimental-output string     Default: "text"

      Output format. One of: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.

      --feature-gates string

      A set of key=value pairs that describe feature gates for various features. Options are:
      EtcdLearnerMode=true|false (BETA - default=true)
      PublicKeysECDSA=true|false (DEPRECATED - default=false)
      RootlessControlPlane=true|false (ALPHA - default=false)
      UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
      WaitForAllControlPlaneComponents=true|false (ALPHA - default=false)

      -h, --help

      help for plan

      --ignore-preflight-errors strings

      A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

      --kubeconfig string     Default: "/etc/kubernetes/admin.conf"

      The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

      --print-config

      Specifies whether the configuration file that will be used in the upgrade should be printed or not.

      --show-managed-fields

      If true, keep the managedFields when printing objects in JSON or YAML format.

      Options inherited from parent commands

      --rootfs string

      [EXPERIMENTAL] The path to the 'real' host root filesystem.

      129 -

      Print the version of kubeadm

      Synopsis

      Print the version of kubeadm

      kubeadm version [flags]
      

      Options

      -h, --help

      help for version

      -o, --output string

      Output format; available options are 'yaml', 'json' and 'short'

      Options inherited from parent commands

      --rootfs string

      The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.

      130 -

      All files in this directory are auto-generated from other repos. Do not edit them manually. You must edit them in their upstream repo.