1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubeadm  init - Run this command in order to set up the Kubernetes con‐
10       trol plane
11
12
13

SYNOPSIS

15       kubeadm init [OPTIONS]
16
17
18

DESCRIPTION

20       Run this command in order to set up the Kubernetes control plane
21
22
23       The "init" command executes the following phases:
24
25
26              preflight                    Run pre-flight checks
27              certs                        Certificate generation
28                /ca                          Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
29                /apiserver                   Generate the certificate for serving the Kubernetes API
30                /apiserver-kubelet-client    Generate the certificate for the API server to connect to kubelet
31                /front-proxy-ca              Generate the self-signed CA to provision identities for front proxy
32                /front-proxy-client          Generate the certificate for the front proxy client
33                /etcd-ca                     Generate the self-signed CA to provision identities for etcd
34                /etcd-server                 Generate the certificate for serving etcd
35                /etcd-peer                   Generate the certificate for etcd nodes to communicate with each other
36                /etcd-healthcheck-client     Generate the certificate for liveness probes to healthcheck etcd
37                /apiserver-etcd-client       Generate the certificate the apiserver uses to access etcd
38                /sa                          Generate a private key for signing service account tokens along with its public key
39              kubeconfig                   Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
40                /admin                       Generate a kubeconfig file for the admin to use and for kubeadm itself
41                /kubelet                     Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
42                /controller-manager          Generate a kubeconfig file for the controller manager to use
43                /scheduler                   Generate a kubeconfig file for the scheduler to use
44              kubelet-start                Write kubelet settings and (re)start the kubelet
45              control-plane                Generate all static Pod manifest files necessary to establish the control plane
46                /apiserver                   Generates the kube-apiserver static Pod manifest
47                /controller-manager          Generates the kube-controller-manager static Pod manifest
48                /scheduler                   Generates the kube-scheduler static Pod manifest
49              etcd                         Generate static Pod manifest file for local etcd
50                /local                       Generate the static Pod manifest file for a local, single-node local etcd instance
51              upload-config                Upload the kubeadm and kubelet configuration to a ConfigMap
52                /kubeadm                     Upload the kubeadm ClusterConfiguration to a ConfigMap
53                /kubelet                     Upload the kubelet component config to a ConfigMap
54              upload-certs                 Upload certificates to kubeadm-certs
55              mark-control-plane           Mark a node as a control-plane
56              bootstrap-token              Generates bootstrap tokens used to join a node to a cluster
57              kubelet-finalize             Updates settings relevant to the kubelet after TLS bootstrap
58                /experimental-cert-rotation  Enable kubelet client certificate rotation
59              addon                        Install required addons for passing conformance tests
60                /coredns                     Install the CoreDNS addon to a Kubernetes cluster
61                /kube-proxy                  Install the kube-proxy addon to a Kubernetes cluster
62              show-join-command            Show the join command for control-plane and worker node
63
64
65
66

OPTIONS

68       --apiserver-advertise-address=""      The IP  address  the  API  Server
69       will advertise it's listening on. If not set the default network inter‐
70       face will be used.
71
72
73       --apiserver-bind-port=6443      Port for the API Server to bind to.
74
75
76       --apiserver-cert-extra-sans=[]      Optional extra Subject  Alternative
77       Names (SANs) to use for the API Server serving certificate. Can be both
78       IP addresses and DNS names.
79
80
81       --cert-dir="/etc/kubernetes/pki"      The path where to save and  store
82       the certificates.
83
84
85       --certificate-key=""       Key  used  to encrypt the control-plane cer‐
86       tificates in the kubeadm-certs Secret.
87
88
89       --config=""      Path to a kubeadm configuration file.
90
91
92       --control-plane-endpoint=""      Specify a stable  IP  address  or  DNS
93       name for the control plane.
94
95
96       --cri-socket=""       Path  to  the  CRI  socket  to  connect. If empty
97       kubeadm will try to auto-detect this value; use this option only if you
98       have  more  than  one  CRI  installed  or  if you have non-standard CRI
99       socket.
100
101
102       --dry-run=false      Don't apply any changes; just output what would be
103       done.
104
105
106       --feature-gates=""       A set of key=value pairs that describe feature
107       gates for various  features.  Options  are:  PublicKeysECDSA=true|false
108       (ALPHA  -  default=false)  RootlessControlPlane=true|false (ALPHA - de‐
109       fault=false)
110
111
112       --ignore-preflight-errors=[]      A list of checks whose errors will be
113       shown  as  warnings.  Example: 'IsPrivilegedUser,Swap'. Value 'all' ig‐
114       nores errors from all checks.
115
116
117       --image-repository="registry.k8s.io"      Choose a  container  registry
118       to pull control plane images from
119
120
121       --kubernetes-version="stable-1"       Choose a specific Kubernetes ver‐
122       sion for the control plane.
123
124
125       --node-name=""      Specify the node name.
126
127
128       --patches=""      Path to a directory that contains files  named  "tar‐
129       get[suffix][+patchtype].extension".     For     example,    "kube-apis‐
130       erver0+merge.yaml" or just "etcd.json". "target" can be one  of  "kube-
131       apiserver",    "kube-controller-manager",   "kube-scheduler",   "etcd",
132       "kubeletconfiguration". "patchtype" can be one of "strategic",  "merge"
133       or  "json"  and  they match the patch formats supported by kubectl. The
134       default "patchtype" is "strategic". "extension" must be  either  "json"
135       or "yaml". "suffix" is an optional string that can be used to determine
136       which patches are applied first alpha-numerically.
137
138
139       --pod-network-cidr=""      Specify range of IP addresses  for  the  pod
140       network.  If  set,  the control plane will automatically allocate CIDRs
141       for every node.
142
143
144       --service-cidr="10.96.0.0/12"      Use alternative range of IP  address
145       for service VIPs.
146
147
148       --service-dns-domain="cluster.local"       Use  alternative  domain for
149       services, e.g. "myorg.internal".
150
151
152       --skip-certificate-key-print=false      Don't print the key used to en‐
153       crypt the control-plane certificates.
154
155
156       --skip-phases=[]      List of phases to be skipped
157
158
159       --skip-token-print=false       Skip  printing  of the default bootstrap
160       token generated by 'kubeadm init'.
161
162
163       --token=""      The token to use for establishing  bidirectional  trust
164       between  nodes  and  control-plane nodes. The format is [a-z0-9]{6}.[a-
165       z0-9]{16} - e.g. abcdef.0123456789abcdef
166
167
168       --token-ttl=24h0m0s      The duration before the token is automatically
169       deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
170
171
172       --upload-certs=false       Upload  control-plane  certificates  to  the
173       kubeadm-certs Secret.
174
175
176

OPTIONS INHERITED FROM PARENT COMMANDS

178       --azure-container-registry-config=""      Path to the  file  containing
179       Azure container registry configuration information.
180
181
182       --rootfs=""       [EXPERIMENTAL]  The  path  to  the  'real'  host root
183       filesystem.
184
185
186       --version=false      Print version information and quit
187
188
189

SEE ALSO

191       kubeadm(1), kubeadm-init-phase(1),
192
193
194

HISTORY

196       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
197       com)  based  on the kubernetes source material, but hopefully they have
198       been automatically generated since!
199
200
201
202Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum