1. Manuals
  2. Leap-15.6
  3. kubernetes1.18-kubeadm
  4. kubeadm-token(1)

Scroll to navigation

KUBERNETES(1) Jan 2015 KUBERNETES(1)

NAME

kubeadm token - Manage bootstrap tokens

SYNOPSIS

kubeadm token [OPTIONS]

DESCRIPTION

This command manages bootstrap tokens. It is optional and needed only for advanced use cases.

In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server. A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs to trust the server it is talking to. Then a bootstrap token with the "signing" usage can be used. bootstrap tokens can also function as a way to allow short-lived authentication to the API Server (the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.

What is a bootstrap token more exactly?
- It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
- A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
while the latter is the Token Secret and it must be kept private at all circumstances!
- The name of the Secret must be named "bootstrap-token-(token-id)".

You can read more about bootstrap tokens here:

⟨https://kubernetes.io/docs/admin/bootstrap-tokens/⟩

OPTIONS

--dry-run=false
Whether to enable dry-run mode or not

--kubeconfig="/etc/kubernetes/admin.conf"
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

OPTIONS INHERITED FROM PARENT COMMANDS

--azure-container-registry-config=""
Path to the file containing Azure container registry configuration information.

--log-flush-frequency=5s
Maximum number of seconds between log flushes

--rootfs=""
[EXPERIMENTAL] The path to the 'real' host root filesystem.

--version=false
Print version information and quit

SEE ALSO

kubeadm(1), kubeadm-token-create(1), kubeadm-token-delete(1), kubeadm-token-generate(1), kubeadm-token-list(1),

HISTORY

January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!

kubernetes User Manuals Eric Paris