1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubeadm init - Run this command in order to set up the Kubernetes con‐
10 trol plane
11
15 kubeadm init [OPTIONS]
16
20 Run this command in order to set up the Kubernetes control plane
21 The "init" command executes the following phases:
24 preflight Run pre-flight checks
27 certs Certificate generation
28 /ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
29 /apiserver Generate the certificate for serving the Kubernetes API
30 /apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
31 /front-proxy-ca Generate the self-signed CA to provision identities for front proxy
32 /front-proxy-client Generate the certificate for the front proxy client
33 /etcd-ca Generate the self-signed CA to provision identities for etcd
34 /etcd-server Generate the certificate for serving etcd
35 /etcd-peer Generate the certificate for etcd nodes to communicate with each other
36 /etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd
37 /apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
38 /sa Generate a private key for signing service account tokens along with its public key
39 kubeconfig Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
40 /admin Generate a kubeconfig file for the admin to use and for kubeadm itself
41 /kubelet Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
42 /controller-manager Generate a kubeconfig file for the controller manager to use
43 /scheduler Generate a kubeconfig file for the scheduler to use
44 kubelet-start Write kubelet settings and (re)start the kubelet
45 control-plane Generate all static Pod manifest files necessary to establish the control plane
46 /apiserver Generates the kube-apiserver static Pod manifest
47 /controller-manager Generates the kube-controller-manager static Pod manifest
48 /scheduler Generates the kube-scheduler static Pod manifest
49 etcd Generate static Pod manifest file for local etcd
50 /local Generate the static Pod manifest file for a local, single-node local etcd instance
51 upload-config Upload the kubeadm and kubelet configuration to a ConfigMap
52 /kubeadm Upload the kubeadm ClusterConfiguration to a ConfigMap
53 /kubelet Upload the kubelet component config to a ConfigMap
54 upload-certs Upload certificates to kubeadm-certs
55 mark-control-plane Mark a node as a control-plane
56 bootstrap-token Generates bootstrap tokens used to join a node to a cluster
57 kubelet-finalize Updates settings relevant to the kubelet after TLS bootstrap
58 /experimental-cert-rotation Enable kubelet client certificate rotation
59 addon Install required addons for passing conformance tests
60 /coredns Install the CoreDNS addon to a Kubernetes cluster
61 /kube-proxy Install the kube-proxy addon to a Kubernetes cluster
62
67 --apiserver-advertise-address="" The IP address the API Server
68 will advertise it's listening on. If not set the default network inter‐
69 face will be used.
70 --apiserver-bind-port=6443 Port for the API Server to bind to.
73 --apiserver-cert-extra-sans=[] Optional extra Subject Alternative
76 Names (SANs) to use for the API Server serving certificate. Can be both
77 IP addresses and DNS names.
78 --cert-dir="/etc/kubernetes/pki" The path where to save and store
81 the certificates.
82 --certificate-key="" Key used to encrypt the control-plane cer‐
85 tificates in the kubeadm-certs Secret.
86 --config="" Path to a kubeadm configuration file.
89 --control-plane-endpoint="" Specify a stable IP address or DNS
92 name for the control plane.
93 --cri-socket="" Path to the CRI socket to connect. If empty
96 kubeadm will try to auto-detect this value; use this option only if you
97 have more than one CRI installed or if you have non-standard CRI
98 socket.
99 --dry-run=false Don't apply any changes; just output what would be
102 done.
103 --feature-gates="" A set of key=value pairs that describe feature
106 gates for various features. Options are: PublicKeysECDSA=true|false
107 (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - de‐
108 fault=false) UnversionedKubeletConfigMap=true|false (BETA - de‐
109 fault=true)
110 --ignore-preflight-errors=[] A list of checks whose errors will be
113 shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ig‐
114 nores errors from all checks.
115 --image-repository="k8s.gcr.io" Choose a container registry to
118 pull control plane images from
119 --kubernetes-version="stable-1" Choose a specific Kubernetes ver‐
122 sion for the control plane.
123 --node-name="" Specify the node name.
126 --patches="" Path to a directory that contains files named "tar‐
129 get[suffix][+patchtype].extension". For example, "kube-apis‐
130 erver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-
131 apiserver", "kube-controller-manager", "kube-scheduler", "etcd".
132 "patchtype" can be one of "strategic", "merge" or "json" and they match
133 the patch formats supported by kubectl. The default "patchtype" is
134 "strategic". "extension" must be either "json" or "yaml". "suffix" is
135 an optional string that can be used to determine which patches are ap‐
136 plied first alpha-numerically.
137 --pod-network-cidr="" Specify range of IP addresses for the pod
140 network. If set, the control plane will automatically allocate CIDRs
141 for every node.
142 --service-cidr="10.96.0.0/12" Use alternative range of IP address
145 for service VIPs.
146 --service-dns-domain="cluster.local" Use alternative domain for
149 services, e.g. "myorg.internal".
150 --skip-certificate-key-print=false Don't print the key used to en‐
153 crypt the control-plane certificates.
154 --skip-phases=[] List of phases to be skipped
157 --skip-token-print=false Skip printing of the default bootstrap
160 token generated by 'kubeadm init'.
161 --token="" The token to use for establishing bidirectional trust
164 between nodes and control-plane nodes. The format is [a-z0-9]{6}.[a-
165 z0-9]{16} - e.g. abcdef.0123456789abcdef
166 --token-ttl=24h0m0s The duration before the token is automatically
169 deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
170 --upload-certs=false Upload control-plane certificates to the
173 kubeadm-certs Secret.
174
178 --azure-container-registry-config="" Path to the file containing
179 Azure container registry configuration information.
180 --rootfs="" [EXPERIMENTAL] The path to the 'real' host root
183 filesystem.
184 --version=false Print version information and quit
187
191 kubeadm(1), kubeadm-init-phase(1),
192
196 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
197 com) based on the kubernetes source material, but hopefully they have
198 been automatically generated since!
199Manuals User KUBERNETES(1)(kubernetes)