1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubeadm init - Run this command in order to set up the Kubernetes con‐
10 trol plane
11
12
13
15 kubeadm init [OPTIONS]
16
17
18
20 Run this command in order to set up the Kubernetes control plane
21
22
23 The "init" command executes the following phases:
24
25
26 preflight Run pre-flight checks
27 certs Certificate generation
28 /ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
29 /apiserver Generate the certificate for serving the Kubernetes API
30 /apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
31 /front-proxy-ca Generate the self-signed CA to provision identities for front proxy
32 /front-proxy-client Generate the certificate for the front proxy client
33 /etcd-ca Generate the self-signed CA to provision identities for etcd
34 /etcd-server Generate the certificate for serving etcd
35 /etcd-peer Generate the certificate for etcd nodes to communicate with each other
36 /etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd
37 /apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
38 /sa Generate a private key for signing service account tokens along with its public key
39 kubeconfig Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
40 /admin Generate a kubeconfig file for the admin to use and for kubeadm itself
41 /kubelet Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
42 /controller-manager Generate a kubeconfig file for the controller manager to use
43 /scheduler Generate a kubeconfig file for the scheduler to use
44 kubelet-start Write kubelet settings and (re)start the kubelet
45 control-plane Generate all static Pod manifest files necessary to establish the control plane
46 /apiserver Generates the kube-apiserver static Pod manifest
47 /controller-manager Generates the kube-controller-manager static Pod manifest
48 /scheduler Generates the kube-scheduler static Pod manifest
49 etcd Generate static Pod manifest file for local etcd
50 /local Generate the static Pod manifest file for a local, single-node local etcd instance
51 upload-config Upload the kubeadm and kubelet configuration to a ConfigMap
52 /kubeadm Upload the kubeadm ClusterConfiguration to a ConfigMap
53 /kubelet Upload the kubelet component config to a ConfigMap
54 upload-certs Upload certificates to kubeadm-certs
55 mark-control-plane Mark a node as a control-plane
56 bootstrap-token Generates bootstrap tokens used to join a node to a cluster
57 kubelet-finalize Updates settings relevant to the kubelet after TLS bootstrap
58 /experimental-cert-rotation Enable kubelet client certificate rotation
59 addon Install required addons for passing conformance tests
60 /coredns Install the CoreDNS addon to a Kubernetes cluster
61 /kube-proxy Install the kube-proxy addon to a Kubernetes cluster
62
63
64
65
67 --apiserver-advertise-address="" The IP address the API Server
68 will advertise it's listening on. If not set the default network inter‐
69 face will be used.
70
71
72 --apiserver-bind-port=6443 Port for the API Server to bind to.
73
74
75 --apiserver-cert-extra-sans=[] Optional extra Subject Alternative
76 Names (SANs) to use for the API Server serving certificate. Can be both
77 IP addresses and DNS names.
78
79
80 --cert-dir="/etc/kubernetes/pki" The path where to save and store
81 the certificates.
82
83
84 --certificate-key="" Key used to encrypt the control-plane cer‐
85 tificates in the kubeadm-certs Secret.
86
87
88 --config="" Path to a kubeadm configuration file.
89
90
91 --control-plane-endpoint="" Specify a stable IP address or DNS
92 name for the control plane.
93
94
95 --cri-socket="" Path to the CRI socket to connect. If empty
96 kubeadm will try to auto-detect this value; use this option only if you
97 have more than one CRI installed or if you have non-standard CRI
98 socket.
99
100
101 --dry-run=false Don't apply any changes; just output what would be
102 done.
103
104
105 --experimental-patches="" Path to a directory that contains files
106 named "target[suffix][+patchtype].extension". For example, "kube-apis‐
107 erver0+merge.yaml" or just "etcd.json". "patchtype" can be one of
108 "strategic", "merge" or "json" and they match the patch formats sup‐
109 ported by kubectl. The default "patchtype" is "strategic". "extension"
110 must be either "json" or "yaml". "suffix" is an optional string that
111 can be used to determine which patches are applied first alpha-numeri‐
112 cally.
113
114
115 --feature-gates="" A set of key=value pairs that describe feature
116 gates for various features. Options are: IPv6DualStack=true|false (BETA
117 - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
118
119
120 --ignore-preflight-errors=[] A list of checks whose errors will be
121 shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ig‐
122 nores errors from all checks.
123
124
125 --image-repository="k8s.gcr.io" Choose a container registry to
126 pull control plane images from
127
128
129 --kubernetes-version="stable-1" Choose a specific Kubernetes ver‐
130 sion for the control plane.
131
132
133 --node-name="" Specify the node name.
134
135
136 --pod-network-cidr="" Specify range of IP addresses for the pod
137 network. If set, the control plane will automatically allocate CIDRs
138 for every node.
139
140
141 --service-cidr="10.96.0.0/12" Use alternative range of IP address
142 for service VIPs.
143
144
145 --service-dns-domain="cluster.local" Use alternative domain for
146 services, e.g. "myorg.internal".
147
148
149 --skip-certificate-key-print=false Don't print the key used to en‐
150 crypt the control-plane certificates.
151
152
153 --skip-phases=[] List of phases to be skipped
154
155
156 --skip-token-print=false Skip printing of the default bootstrap
157 token generated by 'kubeadm init'.
158
159
160 --token="" The token to use for establishing bidirectional trust
161 between nodes and control-plane nodes. The format is
162 [a-z0-9]{6}.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef
163
164
165 --token-ttl=24h0m0s The duration before the token is automatically
166 deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
167
168
169 --upload-certs=false Upload control-plane certificates to the
170 kubeadm-certs Secret.
171
172
173
175 --azure-container-registry-config="" Path to the file containing
176 Azure container registry configuration information.
177
178
179 --log-flush-frequency=5s Maximum number of seconds between log
180 flushes
181
182
183 --rootfs="" [EXPERIMENTAL] The path to the 'real' host root
184 filesystem.
185
186
187 --version=false Print version information and quit
188
189
190
192 kubeadm(1), kubeadm-init-phase(1),
193
194
195
197 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
198 com) based on the kubernetes source material, but hopefully they have
199 been automatically generated since!
200
201
202
203Manuals User KUBERNETES(1)(kubernetes)