• kubeadm token
    • kubeadm token create
      • Synopsis
      • Options
      • Options inherited from parent commands
    • kubeadm token delete
      • Synopsis
      • Options
      • Options inherited from parent commands
    • kubeadm token generate
      • Synopsis
      • Options
      • Options inherited from parent commands
    • kubeadm token list
      • Synopsis
      • Options
      • Options inherited from parent commands
    • What's next
    • Feedback

    kubeadm token

    Bootstrap tokens are used for establishing bidirectional trust between a node joiningthe cluster and a control-plane node, as described in authenticating with bootstrap tokens.

    kubeadm init creates an initial token with a 24-hour TTL. The following commands allow you to managesuch a token and also to create and manage new ones.

    kubeadm token create

    Synopsis

    This command will create a bootstrap token for you.You can specify the usages for this token, the “time to live” and an optional human friendly description.

    The [token] is the actual token to write.This should be a securely generated random token of the form “[a-z0-9]{6}.[a-z0-9]{16}“.If no [token] is given, kubeadm will generate a random token instead.

    1. kubeadm token create [token]

    Options

    —config string
    Path to a kubeadm configuration file.
    —description string
    A human friendly description of how this token is used.
    —groups stringSlice Default: [system:bootstrappers:kubeadm:default-node-token]
    Extra groups that this token will authenticate as when used for authentication. Must match "\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z"
    -h, —help
    help for create
    —print-join-command
    Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.
    —ttl duration Default: 24h0m0s
    The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
    —usages stringSlice Default: [signing,authentication]
    Describes the ways in which this token can be used. You can pass —usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]

    Options inherited from parent commands

    —dry-run
    Whether to enable dry-run mode or not
    —kubeconfig string Default: "/etc/kubernetes/admin.conf"
    The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
    —rootfs string
    [EXPERIMENTAL] The path to the 'real' host root filesystem.

    kubeadm token delete

    Synopsis

    This command will delete a list of bootstrap tokens for you.

    The [token-value] is the full Token of the form “[a-z0-9]{6}.[a-z0-9]{16}” or theToken ID of the form “[a-z0-9]{6}” to delete.

    1. kubeadm token delete [token-value] ...

    Options

    -h, —help
    help for delete

    Options inherited from parent commands

    —dry-run
    Whether to enable dry-run mode or not
    —kubeconfig string Default: "/etc/kubernetes/admin.conf"
    The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
    —rootfs string
    [EXPERIMENTAL] The path to the 'real' host root filesystem.

    kubeadm token generate

    Synopsis

    This command will print out a randomly-generated bootstrap token that can be used withthe “init” and “join” commands.

    You don’t have to use this command in order to generate a token. You can do soyourself as long as it is in the format “[a-z0-9]{6}.[a-z0-9]{16}“. Thiscommand is provided for convenience to generate tokens in the given format.

    You can also use “kubeadm init” without specifying a token and it willgenerate and print one for you.

    1. kubeadm token generate [flags]

    Options

    -h, —help
    help for generate

    Options inherited from parent commands

    —dry-run
    Whether to enable dry-run mode or not
    —kubeconfig string Default: "/etc/kubernetes/admin.conf"
    The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
    —rootfs string
    [EXPERIMENTAL] The path to the 'real' host root filesystem.

    kubeadm token list

    Synopsis

    This command will list all bootstrap tokens for you.

    1. kubeadm token list [flags]

    Options

    -h, —help
    help for list

    Options inherited from parent commands

    —dry-run
    Whether to enable dry-run mode or not
    —kubeconfig string Default: "/etc/kubernetes/admin.conf"
    The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
    —rootfs string
    [EXPERIMENTAL] The path to the 'real' host root filesystem.

    What's next

    • kubeadm join to bootstrap a Kubernetes worker node and join it to the cluster

    Feedback

    Was this page helpful?

    Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it onStack Overflow.Open an issue in the GitHub repo if you want toreport a problemorsuggest an improvement.