1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubeadm init - Run this command in order to set up the Kubernetes con‐
10 trol plane
11
15 kubeadm init [OPTIONS]
16
20 Run this command in order to set up the Kubernetes control plane
21 The "init" command executes the following phases:
24 preflight Run pre-flight checks
27 certs Certificate generation
28 /ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
29 /apiserver Generate the certificate for serving the Kubernetes API
30 /apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
31 /front-proxy-ca Generate the self-signed CA to provision identities for front proxy
32 /front-proxy-client Generate the certificate for the front proxy client
33 /etcd-ca Generate the self-signed CA to provision identities for etcd
34 /etcd-server Generate the certificate for serving etcd
35 /etcd-peer Generate the certificate for etcd nodes to communicate with each other
36 /etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd
37 /apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
38 /sa Generate a private key for signing service account tokens along with its public key
39 kubeconfig Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
40 /admin Generate a kubeconfig file for the admin to use and for kubeadm itself
41 /kubelet Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
42 /controller-manager Generate a kubeconfig file for the controller manager to use
43 /scheduler Generate a kubeconfig file for the scheduler to use
44 kubelet-start Write kubelet settings and (re)start the kubelet
45 control-plane Generate all static Pod manifest files necessary to establish the control plane
46 /apiserver Generates the kube-apiserver static Pod manifest
47 /controller-manager Generates the kube-controller-manager static Pod manifest
48 /scheduler Generates the kube-scheduler static Pod manifest
49 etcd Generate static Pod manifest file for local etcd
50 /local Generate the static Pod manifest file for a local, single-node local etcd instance
51 upload-config Upload the kubeadm and kubelet configuration to a ConfigMap
52 /kubeadm Upload the kubeadm ClusterConfiguration to a ConfigMap
53 /kubelet Upload the kubelet component config to a ConfigMap
54 upload-certs Upload certificates to kubeadm-certs
55 mark-control-plane Mark a node as a control-plane
56 bootstrap-token Generates bootstrap tokens used to join a node to a cluster
57 kubelet-finalize Updates settings relevant to the kubelet after TLS bootstrap
58 /experimental-cert-rotation Enable kubelet client certificate rotation
59 addon Install required addons for passing conformance tests
60 /coredns Install the CoreDNS addon to a Kubernetes cluster
61 /kube-proxy Install the kube-proxy addon to a Kubernetes cluster
62
67 --apiserver-advertise-address="" The IP address the API Server
68 will advertise it's listening on. If not set the default network inter‐
69 face will be used.
70 --apiserver-bind-port=6443 Port for the API Server to bind to.
73 --apiserver-cert-extra-sans=[] Optional extra Subject Alternative
76 Names (SANs) to use for the API Server serving certificate. Can be both
77 IP addresses and DNS names.
78 --cert-dir="/etc/kubernetes/pki" The path where to save and store
81 the certificates.
82 --certificate-key="" Key used to encrypt the control-plane cer‐
85 tificates in the kubeadm-certs Secret.
86 --config="" Path to a kubeadm configuration file.
89 --control-plane-endpoint="" Specify a stable IP address or DNS
92 name for the control plane.
93 --cri-socket="" Path to the CRI socket to connect. If empty
96 kubeadm will try to auto-detect this value; use this option only if you
97 have more than one CRI installed or if you have non-standard CRI
98 socket.
99 --dry-run=false Don't apply any changes; just output what would be
102 done.
103 --feature-gates="" A set of key=value pairs that describe feature
106 gates for various features. Options are: PublicKeysECDSA=true|false
107 (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - de‐
108 fault=false) UnversionedKubeletConfigMap=true|false (default=true)
109 --ignore-preflight-errors=[] A list of checks whose errors will be
112 shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ig‐
113 nores errors from all checks.
114 --image-repository="registry.k8s.io" Choose a container registry
117 to pull control plane images from
118 --kubernetes-version="stable-1" Choose a specific Kubernetes ver‐
121 sion for the control plane.
122 --node-name="" Specify the node name.
125 --patches="" Path to a directory that contains files named "tar‐
128 get[suffix][+patchtype].extension". For example, "kube-apis‐
129 erver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-
130 apiserver", "kube-controller-manager", "kube-scheduler", "etcd",
131 "kubeletconfiguration". "patchtype" can be one of "strategic", "merge"
132 or "json" and they match the patch formats supported by kubectl. The
133 default "patchtype" is "strategic". "extension" must be either "json"
134 or "yaml". "suffix" is an optional string that can be used to determine
135 which patches are applied first alpha-numerically.
136 --pod-network-cidr="" Specify range of IP addresses for the pod
139 network. If set, the control plane will automatically allocate CIDRs
140 for every node.
141 --service-cidr="10.96.0.0/12" Use alternative range of IP address
144 for service VIPs.
145 --service-dns-domain="cluster.local" Use alternative domain for
148 services, e.g. "myorg.internal".
149 --skip-certificate-key-print=false Don't print the key used to en‐
152 crypt the control-plane certificates.
153 --skip-phases=[] List of phases to be skipped
156 --skip-token-print=false Skip printing of the default bootstrap
159 token generated by 'kubeadm init'.
160 --token="" The token to use for establishing bidirectional trust
163 between nodes and control-plane nodes. The format is [a-z0-9]{6}.[a-
164 z0-9]{16} - e.g. abcdef.0123456789abcdef
165 --token-ttl=24h0m0s The duration before the token is automatically
168 deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
169 --upload-certs=false Upload control-plane certificates to the
172 kubeadm-certs Secret.
173
177 --azure-container-registry-config="" Path to the file containing
178 Azure container registry configuration information.
179 --rootfs="" [EXPERIMENTAL] The path to the 'real' host root
182 filesystem.
183 --version=false Print version information and quit
186
190 kubeadm(1), kubeadm-init-phase(1),
191
195 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
196 com) based on the kubernetes source material, but hopefully they have
197 been automatically generated since!
198Manuals User KUBERNETES(1)(kubernetes)