1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubeadm init - Run this command in order to set up the Kubernetes con‐
10 trol plane
11
12
13
15 kubeadm init [OPTIONS]
16
17
18
20 Run this command in order to set up the Kubernetes control plane
21
22
23 The "init" command executes the following phases:
24
25
26 preflight Run pre-flight checks
27 certs Certificate generation
28 /ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
29 /apiserver Generate the certificate for serving the Kubernetes API
30 /apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
31 /front-proxy-ca Generate the self-signed CA to provision identities for front proxy
32 /front-proxy-client Generate the certificate for the front proxy client
33 /etcd-ca Generate the self-signed CA to provision identities for etcd
34 /etcd-server Generate the certificate for serving etcd
35 /etcd-peer Generate the certificate for etcd nodes to communicate with each other
36 /etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd
37 /apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
38 /sa Generate a private key for signing service account tokens along with its public key
39 kubeconfig Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
40 /admin Generate a kubeconfig file for the admin to use and for kubeadm itself
41 /kubelet Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes
42 /controller-manager Generate a kubeconfig file for the controller manager to use
43 /scheduler Generate a kubeconfig file for the scheduler to use
44 kubelet-start Write kubelet settings and (re)start the kubelet
45 control-plane Generate all static Pod manifest files necessary to establish the control plane
46 /apiserver Generates the kube-apiserver static Pod manifest
47 /controller-manager Generates the kube-controller-manager static Pod manifest
48 /scheduler Generates the kube-scheduler static Pod manifest
49 etcd Generate static Pod manifest file for local etcd
50 /local Generate the static Pod manifest file for a local, single-node local etcd instance
51 upload-config Upload the kubeadm and kubelet configuration to a ConfigMap
52 /kubeadm Upload the kubeadm ClusterConfiguration to a ConfigMap
53 /kubelet Upload the kubelet component config to a ConfigMap
54 upload-certs Upload certificates to kubeadm-certs
55 mark-control-plane Mark a node as a control-plane
56 bootstrap-token Generates bootstrap tokens used to join a node to a cluster
57 kubelet-finalize Updates settings relevant to the kubelet after TLS bootstrap
58 /experimental-cert-rotation Enable kubelet client certificate rotation
59 addon Install required addons for passing conformance tests
60 /coredns Install the CoreDNS addon to a Kubernetes cluster
61 /kube-proxy Install the kube-proxy addon to a Kubernetes cluster
62 show-join-command Show the join command for control-plane and worker node
63
64
65
66
68 --apiserver-advertise-address="" The IP address the API Server
69 will advertise it's listening on. If not set the default network inter‐
70 face will be used.
71
72
73 --apiserver-bind-port=6443 Port for the API Server to bind to.
74
75
76 --apiserver-cert-extra-sans=[] Optional extra Subject Alternative
77 Names (SANs) to use for the API Server serving certificate. Can be both
78 IP addresses and DNS names.
79
80
81 --cert-dir="/etc/kubernetes/pki" The path where to save and store
82 the certificates.
83
84
85 --certificate-key="" Key used to encrypt the control-plane cer‐
86 tificates in the kubeadm-certs Secret.
87
88
89 --config="" Path to a kubeadm configuration file.
90
91
92 --control-plane-endpoint="" Specify a stable IP address or DNS
93 name for the control plane.
94
95
96 --cri-socket="" Path to the CRI socket to connect. If empty
97 kubeadm will try to auto-detect this value; use this option only if you
98 have more than one CRI installed or if you have non-standard CRI
99 socket.
100
101
102 --dry-run=false Don't apply any changes; just output what would be
103 done.
104
105
106 --feature-gates="" A set of key=value pairs that describe feature
107 gates for various features. Options are: PublicKeysECDSA=true|false
108 (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - de‐
109 fault=false)
110
111
112 --ignore-preflight-errors=[] A list of checks whose errors will be
113 shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ig‐
114 nores errors from all checks.
115
116
117 --image-repository="registry.k8s.io" Choose a container registry
118 to pull control plane images from
119
120
121 --kubernetes-version="stable-1" Choose a specific Kubernetes ver‐
122 sion for the control plane.
123
124
125 --node-name="" Specify the node name.
126
127
128 --patches="" Path to a directory that contains files named "tar‐
129 get[suffix][+patchtype].extension". For example, "kube-apis‐
130 erver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-
131 apiserver", "kube-controller-manager", "kube-scheduler", "etcd",
132 "kubeletconfiguration". "patchtype" can be one of "strategic", "merge"
133 or "json" and they match the patch formats supported by kubectl. The
134 default "patchtype" is "strategic". "extension" must be either "json"
135 or "yaml". "suffix" is an optional string that can be used to determine
136 which patches are applied first alpha-numerically.
137
138
139 --pod-network-cidr="" Specify range of IP addresses for the pod
140 network. If set, the control plane will automatically allocate CIDRs
141 for every node.
142
143
144 --service-cidr="10.96.0.0/12" Use alternative range of IP address
145 for service VIPs.
146
147
148 --service-dns-domain="cluster.local" Use alternative domain for
149 services, e.g. "myorg.internal".
150
151
152 --skip-certificate-key-print=false Don't print the key used to en‐
153 crypt the control-plane certificates.
154
155
156 --skip-phases=[] List of phases to be skipped
157
158
159 --skip-token-print=false Skip printing of the default bootstrap
160 token generated by 'kubeadm init'.
161
162
163 --token="" The token to use for establishing bidirectional trust
164 between nodes and control-plane nodes. The format is [a-z0-9]{6}.[a-
165 z0-9]{16} - e.g. abcdef.0123456789abcdef
166
167
168 --token-ttl=24h0m0s The duration before the token is automatically
169 deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
170
171
172 --upload-certs=false Upload control-plane certificates to the
173 kubeadm-certs Secret.
174
175
176
178 --azure-container-registry-config="" Path to the file containing
179 Azure container registry configuration information.
180
181
182 --rootfs="" [EXPERIMENTAL] The path to the 'real' host root
183 filesystem.
184
185
186 --version=false Print version information and quit
187
188
189
191 kubeadm(1), kubeadm-init-phase(1),
192
193
194
196 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
197 com) based on the kubernetes source material, but hopefully they have
198 been automatically generated since!
199
200
201
202Manuals User KUBERNETES(1)(kubernetes)