In v1.8.0, kubeadm introduced the kubeadm alpha phase
command with the aim of making kubeadm more modular. In v1.13.0 this command graduated to kubeadm init phase
. This modularity enables you to invoke atomic sub-steps of the bootstrap process. Hence, you can let kubeadm do some parts and fill in yourself where you need customizations.
kubeadm init phase
is consistent with the kubeadm init workflow,
and behind the scene both use the same code.
Using this command you can execute preflight checks on a control-plane node.
Run master pre-flight checks
Run master pre-flight checks, functionally equivalent to what implemented by kubeadm init.
kubeadm init phase preflight [flags]
# Run master pre-flight checks using a config file.
kubeadm init phase preflight --config kubeadm-config.yml
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for preflight | |
--ignore-preflight-errors stringSlice | |
A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Can be used to create all required certificates by kubeadm.
Certificate generation
This command is not meant to be run on its own. See list of available subcommands.
kubeadm init phase certs [flags]
-h, --help | |
help for certs |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates all certificates
Generates all certificates
kubeadm init phase certs all [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-cert-extra-sans stringSlice | |
Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for all | |
--service-cidr string Default: "10.96.0.0/12" | |
Use alternative range of IP address for service VIPs. | |
--service-dns-domain string Default: "cluster.local" | |
Use alternative domain for services, e.g. "myorg.internal". |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the client apiserver uses to access etcd
Generates the client apiserver uses to access etcd, and saves them into apiserver-etcd-client.cert and apiserver-etcd-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs apiserver-etcd-client [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--csr-dir string | |
The path to output the CSRs and private keys to | |
--csr-only | |
Create CSRs instead of generating certificates | |
-h, --help | |
help for apiserver-etcd-client |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the Client certificate for the API server to connect to kubelet
Generates the Client certificate for the API server to connect to kubelet, and saves them into apiserver-kubelet-client.cert and apiserver-kubelet-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs apiserver-kubelet-client [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--csr-dir string | |
The path to output the CSRs and private keys to | |
--csr-only | |
Create CSRs instead of generating certificates | |
-h, --help | |
help for apiserver-kubelet-client |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the certificate for serving the Kubernetes API
Generates the certificate for serving the Kubernetes API, and saves them into apiserver.cert and apiserver.key files.
Default SANs are kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, 10.96.0.1, 127.0.0.1
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs apiserver [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-cert-extra-sans stringSlice | |
Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--csr-dir string | |
The path to output the CSRs and private keys to | |
--csr-only | |
Create CSRs instead of generating certificates | |
-h, --help | |
help for apiserver | |
--service-cidr string Default: "10.96.0.0/12" | |
Use alternative range of IP address for service VIPs. | |
--service-dns-domain string Default: "cluster.local" | |
Use alternative domain for services, e.g. "myorg.internal". |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the self-signed Kubernetes CA to provision identities for other Kubernetes components
Generates the self-signed Kubernetes CA to provision identities for other Kubernetes components, and saves them into ca.cert and ca.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs ca [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for ca |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the self-signed CA to provision identities for etcd
Generates the self-signed CA to provision identities for etcd, and saves them into etcd/ca.cert and etcd/ca.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs etcd-ca [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for etcd-ca |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the client certificate for liveness probes to healtcheck etcd
Generates the client certificate for liveness probes to healtcheck etcd, and saves them into etcd/healthcheck-client.cert and etcd/healthcheck-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs etcd-healthcheck-client [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--csr-dir string | |
The path to output the CSRs and private keys to | |
--csr-only | |
Create CSRs instead of generating certificates | |
-h, --help | |
help for etcd-healthcheck-client |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the credentials for etcd nodes to communicate with each other
Generates the credentials for etcd nodes to communicate with each other, and saves them into etcd/peer.cert and etcd/peer.key files.
Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs etcd-peer [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--csr-dir string | |
The path to output the CSRs and private keys to | |
--csr-only | |
Create CSRs instead of generating certificates | |
-h, --help | |
help for etcd-peer |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the certificate for serving etcd
Generates the certificate for serving etcd, and saves them into etcd/server.cert and etcd/server.key files.
Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs etcd-server [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--csr-dir string | |
The path to output the CSRs and private keys to | |
--csr-only | |
Create CSRs instead of generating certificates | |
-h, --help | |
help for etcd-server |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the self-signed CA to provision identities for front proxy
Generates the self-signed CA to provision identities for front proxy, and saves them into front-proxy-ca.cert and front-proxy-ca.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs front-proxy-ca [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for front-proxy-ca |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the client for the front proxy
Generates the client for the front proxy, and saves them into front-proxy-client.cert and front-proxy-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs front-proxy-client [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--csr-dir string | |
The path to output the CSRs and private keys to | |
--csr-only | |
Create CSRs instead of generating certificates | |
-h, --help | |
help for front-proxy-client |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates a private key for signing service account tokens along with its public key
Generates the private key for signing service account tokens along with its public key, and saves them into sa.key and sa.pub files. If both files already exist, kubeadm skips the generation step and existing files will be used.
Alpha Disclaimer: this command is currently alpha.
kubeadm init phase certs sa [flags]
-h, --help | |
help for sa |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
You can create all required kubeconfig files by calling the all
subcommand or call then individually.
Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
This command is not meant to be run on its own. See list of available subcommands.
kubeadm init phase kubeconfig [flags]
-h, --help | |
help for kubeconfig |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates all kubeconfig files
Generates all kubeconfig files
kubeadm init phase kubeconfig all [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for all | |
--kubeconfig-dir string Default: "/etc/kubernetes" | |
The path where to save the kubeconfig file. | |
--node-name string | |
Specify the node name. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates a kubeconfig file for the admin to use and for kubeadm itself
Generates the kubeconfig file for the admin and for kubeadm itself, and saves it to admin.conf file.
kubeadm init phase kubeconfig admin [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for admin | |
--kubeconfig-dir string Default: "/etc/kubernetes" | |
The path where to save the kubeconfig file. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates a kubeconfig file for the controller manager to use
Generates the kubeconfig file for the controller manager to use and saves it to controller-manager.conf file
kubeadm init phase kubeconfig controller-manager [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for controller-manager | |
--kubeconfig-dir string Default: "/etc/kubernetes" | |
The path where to save the kubeconfig file. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates a kubeconfig file for the kubelet to use only for cluster bootstrapping purposes
Generates the kubeconfig file for the kubelet to use and saves it to kubelet.conf file.
Please note that this should only be used for cluster bootstrapping purposes. After your control plane is up, you should request all kubelet credentials from the CSR API.
kubeadm init phase kubeconfig kubelet [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for kubelet | |
--kubeconfig-dir string Default: "/etc/kubernetes" | |
The path where to save the kubeconfig file. | |
--node-name string | |
Specify the node name. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates a kubeconfig file for the scheduler to use
Generates the kubeconfig file for the scheduler to use and saves it to scheduler.conf file.
kubeadm init phase kubeconfig scheduler [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for scheduler | |
--kubeconfig-dir string Default: "/etc/kubernetes" | |
The path where to save the kubeconfig file. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
This phase will write the kubelet configuration file and environment file and then start the kubelet.
Writes kubelet settings and (re)starts the kubelet
Writes a file with KubeletConfiguration and an environment file with node specific kubelet settings, and then (re)starts kubelet.
kubeadm init phase kubelet-start [flags]
# Writes a dynamic environment file with kubelet flags from a InitConfiguration file.
kubeadm init phase kubelet-start --config masterconfig.yaml
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--cri-socket string Default: "/var/run/dockershim.sock" | |
Specify the CRI socket to connect to. | |
-h, --help | |
help for kubelet-start | |
--node-name string | |
Specify the node name. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Using this phase you can create all required static Pod files for the control plane components.
Generates all static Pod manifest files necessary to establish the control plane
This command is not meant to be run on its own. See list of available subcommands.
kubeadm init phase control-plane [flags]
-h, --help | |
help for control-plane |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates all static Pod manifest files
Generates all static Pod manifest files
kubeadm init phase control-plane all [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--apiserver-extra-args mapStringString | |
A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value> | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--controller-manager-extra-args mapStringString | |
A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value> | |
--feature-gates string | |
A set of key=value pairs that describe feature gates for various features. Options are: |
|
-h, --help | |
help for all | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--pod-network-cidr string | |
Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node. | |
--scheduler-extra-args mapStringString | |
A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value> | |
--service-cidr string Default: "10.96.0.0/12" | |
Use alternative range of IP address for service VIPs. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the kube-apiserver static Pod manifest
Generates the kube-apiserver static Pod manifest
kubeadm init phase control-plane apiserver [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--apiserver-extra-args mapStringString | |
A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value> | |
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--feature-gates string | |
A set of key=value pairs that describe feature gates for various features. Options are: |
|
-h, --help | |
help for apiserver | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--service-cidr string Default: "10.96.0.0/12" | |
Use alternative range of IP address for service VIPs. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the kube-controller-manager static Pod manifest
Generates the kube-controller-manager static Pod manifest
kubeadm init phase control-plane controller-manager [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--controller-manager-extra-args mapStringString | |
A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value> | |
-h, --help | |
help for controller-manager | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--pod-network-cidr string | |
Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the kube-scheduler static Pod manifest
Generates the kube-scheduler static Pod manifest
kubeadm init phase control-plane scheduler [flags]
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for scheduler | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--scheduler-extra-args mapStringString | |
A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value> |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Use the following phase to create a local etcd instance based on a static Pod file.
Generates static Pod manifest file for local etcd.
This command is not meant to be run on its own. See list of available subcommands.
kubeadm init phase etcd [flags]
-h, --help | |
help for etcd |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Generates the static Pod manifest file for a local, single-node local etcd instance.
Generates the static Pod manifest file for a local, single-node local etcd instance.
kubeadm init phase etcd local [flags]
# Generates the static Pod manifest file for etcd, functionally
# equivalent to what is generated by kubeadm init.
kubeadm init phase etcd local
# Generates the static Pod manifest file for etcd using options
# read from a configuration file.
kubeadm init phase etcd local --config config.yaml
--cert-dir string Default: "/etc/kubernetes/pki" | |
The path where to save and store the certificates. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for local | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Use the following phase to upload control-plane certificates to the cluster. By default the certs and encryption key expire after two hours.
Upload certificates to kubeadm-certs
This command is not meant to be run on its own. See list of available subcommands.
kubeadm init phase upload-certs [flags]
--certificate-key string Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.
--config string Path to a kubeadm configuration file.
--experimental-upload-certs Upload control-plane certificates to the kubeadm-certs Secret.
-h, --help help for upload-certs
--skip-certificate-key-print Don't print the key used to encrypt the control-plane certificates.
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
Use the following phase to label and taint the node with the node-role.kubernetes.io/master=""
key-value pair.
Mark a node as a control-plane
Mark a node as a control-plane
kubeadm init phase mark-control-plane [flags]
# Applies control-plane label and taint to the current node, functionally equivalent to what executed by kubeadm init.
kubeadm init phase mark-control-plane --config config.yml
# Applies control-plane label and taint to a specific node
kubeadm init phase mark-control-plane --node-name myNode
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for mark-control-plane | |
--node-name string | |
Specify the node name. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Use the following phase to configure bootstrap tokens.
Generates bootstrap tokens used to join a node to a cluster
Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a the control-plane node.
This command makes all the configurations required to make bootstrap tokens works and then creates an initial token.
kubeadm init phase bootstrap-token [flags]
# Makes all the bootstrap token configurations and creates an initial token, functionally
# equivalent to what generated by kubeadm init.
kubeadm init phase bootstrap-token
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for bootstrap-token | |
--kubeconfig-dir string Default: "/etc/kubernetes" | |
The path where to save the kubeconfig file. | |
--skip-token-print | |
Skip printing of the default bootstrap token generated by 'kubeadm init'. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
You can use this command to upload the kubeadm configuration to your cluster. Alternatively, you can use kubeadm config.
Uploads the kubeadm and kubelet configuration to a ConfigMap
This command is not meant to be run on its own. See list of available subcommands.
kubeadm init phase upload-config [flags]
-h, --help | |
help for upload-config |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Uploads all configuration to a config map
Uploads all configuration to a config map
kubeadm init phase upload-config all [flags]
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for all | |
--kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Uploads the kubeadm ClusterConfiguration to a ConfigMap
Uploads the kubeadm ClusterConfiguration to a ConfigMap called kubeadm-config in the kube-system namespace. This enables correct configuration of system components and a seamless user experience when upgrading.
Alternatively, you can use kubeadm config.
kubeadm init phase upload-config kubeadm [flags]
# uploads the configuration of your cluster
kubeadm init phase upload-config --config=myConfig.yaml
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for kubeadm | |
--kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Uploads the kubelet component config to a ConfigMap
Uploads kubelet configuration extracted from the kubeadm InitConfiguration object to a ConfigMap of the form kubelet-config-1.X in the cluster, where X is the minor version of the current (API Server) Kubernetes version.
kubeadm init phase upload-config kubelet [flags]
# Uploads the kubelet configuration from the kubeadm Config file to a ConfigMap in the cluster.
kubeadm init phase upload-config kubelet --config kubeadm.yaml
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for kubelet | |
--kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
You can install all the available addons with the all
subcommand, or
install them selectively.
Installs required addons for passing Conformance tests
This command is not meant to be run on its own. See list of available subcommands.
kubeadm init phase addon [flags]
-h, --help | |
help for addon |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Installs all the addons
Installs all the addons
kubeadm init phase addon all [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--feature-gates string | |
A set of key=value pairs that describe feature gates for various features. Options are: |
|
-h, --help | |
help for all | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from | |
--kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file. | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--pod-network-cidr string | |
Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node. | |
--service-cidr string Default: "10.96.0.0/12" | |
Use alternative range of IP address for service VIPs. | |
--service-dns-domain string Default: "cluster.local" | |
Use alternative domain for services, e.g. "myorg.internal". |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Installs the kube-proxy addon to a Kubernetes cluster
Installs the kube-proxy addon components via the API server.
kubeadm init phase addon kube-proxy [flags]
--apiserver-advertise-address string | |
The IP address the API Server will advertise it's listening on. Specify '0.0.0.0' to use the address of the default network interface. | |
--apiserver-bind-port int32 Default: 6443 | |
Port for the API Server to bind to. | |
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
-h, --help | |
help for kube-proxy | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from | |
--kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file. | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--pod-network-cidr string | |
Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node. |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
Installs the CoreDNS addon to a Kubernetes cluster
Installs the CoreDNS addon components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed.
kubeadm init phase addon coredns [flags]
--config string | |
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental. | |
--feature-gates string | |
A set of key=value pairs that describe feature gates for various features. Options are: |
|
-h, --help | |
help for coredns | |
--image-repository string Default: "k8s.gcr.io" | |
Choose a container registry to pull control plane images from | |
--kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file. | |
--kubernetes-version string Default: "stable-1" | |
Choose a specific Kubernetes version for the control plane. | |
--service-cidr string Default: "10.96.0.0/12" | |
Use alternative range of IP address for service VIPs. | |
--service-dns-domain string Default: "cluster.local" | |
Use alternative domain for services, e.g. "myorg.internal". |
--rootfs string | |
[EXPERIMENTAL] The path to the 'real' host root filesystem. |
To use kube-dns instead of CoreDNS you have to pass a configuration file:
# for installing a DNS addon only
kubeadm init phase addon coredns --config=someconfig.yaml
# for creating a complete control plane node
kubeadm init --config=someconfig.yaml
# for listing or pulling images
kubeadm config images list/pull --config=someconfig.yaml
# for upgrades
kubeadm upgrade apply --config=someconfig.yaml
The file has to contain a DNS
field inClusterConfiguration
and also a type for the addon - kube-dns
(default value is CoreDNS
).
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
dns:
type: "kube-dns"
For more details on each field in the v1beta1
configuration you can navigate to our
API reference pages.
kubeadm init
or kubeadm join
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.