Reference

Kubernetes v1.15 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Edit This Page

kubeadm token

Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a control-plane node, as described in authenticating with bootstrap tokens.

kubeadm init creates an initial token with a 24-hour TTL. The following commands allow you to manage such a token and also to create and manage new ones.

kubeadm token create

Create bootstrap tokens on the server

Synopsis

This command will create a bootstrap token for you. You can specify the usages for this token, the “time to live” and an optional human friendly description.

The [token] is the actual token to write. This should be a securely generated random token of the form “[a-z0-9]{6}.[a-z0-9]{16}“. If no [token] is given, kubeadm will generate a random token instead.

kubeadm token create [token]

Options

      --config string        Path to a kubeadm configuration file.
      --description string   A human friendly description of how this token is used.
      --groups strings       Extra groups that this token will authenticate as when used for authentication. Must match "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z" (default [system:bootstrappers:kubeadm:default-node-token])
  -h, --help                 help for create
      --print-join-command   Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.
      --ttl duration         The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire (default 24h0m0s)
      --usages strings       Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication] (default [signing,authentication])

Options inherited from parent commands

      --dry-run             Whether to enable dry-run mode or not
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --rootfs string       [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm token delete

Delete bootstrap tokens on the server

Synopsis

This command will delete a list of bootstrap tokens for you.

The [token-value] is the full Token of the form “[a-z0-9]{6}.[a-z0-9]{16}” or the Token ID of the form “[a-z0-9]{6}” to delete.

kubeadm token delete [token-value] ...

Options

  -h, --help   help for delete

Options inherited from parent commands

      --dry-run             Whether to enable dry-run mode or not
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --rootfs string       [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm token generate

Generate and print a bootstrap token, but do not create it on the server

Synopsis

This command will print out a randomly-generated bootstrap token that can be used with the “init” and “join” commands.

You don’t have to use this command in order to generate a token. You can do so yourself as long as it is in the format “[a-z0-9]{6}.[a-z0-9]{16}“. This command is provided for convenience to generate tokens in the given format.

You can also use “kubeadm init” without specifying a token and it will generate and print one for you.

kubeadm token generate [flags]

Options

  -h, --help   help for generate

Options inherited from parent commands

      --dry-run             Whether to enable dry-run mode or not
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --rootfs string       [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm token list

List bootstrap tokens on the server

Synopsis

This command will list all bootstrap tokens for you.

kubeadm token list [flags]

Options

  -h, --help   help for list

Options inherited from parent commands

      --dry-run             Whether to enable dry-run mode or not
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --rootfs string       [EXPERIMENTAL] The path to the 'real' host root filesystem.

What's next

Feedback