Reference

Kubernetes v1.15 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Edit This Page

kubeadm init phase

In v1.8.0, kubeadm introduced the kubeadm alpha phase command with the aim of making kubeadm more modular. In v1.13.0 this command graduated to kubeadm init phase. This modularity enables you to invoke atomic sub-steps of the bootstrap process. Hence, you can let kubeadm do some parts and fill in yourself where you need customizations.

kubeadm init phase is consistent with the kubeadm init workflow, and behind the scene both use the same code.

kubeadm init phase preflight

Using this command you can execute preflight checks on a control-plane node.

Run pre-flight checks

Synopsis

Run pre-flight checks for kubeadm init.

kubeadm init phase preflight [flags]

Examples

  # Run pre-flight checks for kubeadm init using a config file.
  kubeadm init phase preflight --config kubeadm-config.yml

Options

      --config string                     Path to a kubeadm configuration file.
  -h, --help                              help for preflight
      --ignore-preflight-errors strings   A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase certs

Can be used to create all required certificates by kubeadm.

Certificate generation

Synopsis

This command is not meant to be run on its own. See list of available subcommands.

kubeadm init phase certs [flags]

Options

  -h, --help   help for certs

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate all certificates

Synopsis

Generate all certificates

kubeadm init phase certs all [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-cert-extra-sans strings    Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.
      --cert-dir string                      The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                        Path to a kubeadm configuration file.
  -h, --help                                 help for all
      --service-cidr string                  Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")
      --service-dns-domain string            Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the certificate the apiserver uses to access etcd

Synopsis

Generate the certificate the apiserver uses to access etcd, and save them into apiserver-etcd-client.cert and apiserver-etcd-client.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs apiserver-etcd-client [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
      --csr-dir string    The path to output the CSRs and private keys to
      --csr-only          Create CSRs instead of generating certificates
  -h, --help              help for apiserver-etcd-client

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the certificate for the API server to connect to kubelet

Synopsis

Generate the certificate for the API server to connect to kubelet, and save them into apiserver-kubelet-client.cert and apiserver-kubelet-client.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs apiserver-kubelet-client [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
      --csr-dir string    The path to output the CSRs and private keys to
      --csr-only          Create CSRs instead of generating certificates
  -h, --help              help for apiserver-kubelet-client

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the certificate for serving the Kubernetes API

Synopsis

Generate the certificate for serving the Kubernetes API, and save them into apiserver.cert and apiserver.key files.

Default SANs are kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, 10.96.0.1, 127.0.0.1

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs apiserver [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-cert-extra-sans strings    Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.
      --cert-dir string                      The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                        Path to a kubeadm configuration file.
      --csr-dir string                       The path to output the CSRs and private keys to
      --csr-only                             Create CSRs instead of generating certificates
  -h, --help                                 help for apiserver
      --service-cidr string                  Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")
      --service-dns-domain string            Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components

Synopsis

Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components, and save them into ca.cert and ca.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs ca [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
  -h, --help              help for ca

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the self-signed CA to provision identities for etcd

Synopsis

Generate the self-signed CA to provision identities for etcd, and save them into etcd/ca.cert and etcd/ca.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs etcd-ca [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
  -h, --help              help for etcd-ca

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the certificate for liveness probes to healtcheck etcd

Synopsis

Generate the certificate for liveness probes to healtcheck etcd, and save them into etcd/healthcheck-client.cert and etcd/healthcheck-client.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs etcd-healthcheck-client [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
      --csr-dir string    The path to output the CSRs and private keys to
      --csr-only          Create CSRs instead of generating certificates
  -h, --help              help for etcd-healthcheck-client

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the certificate for etcd nodes to communicate with each other

Synopsis

Generate the certificate for etcd nodes to communicate with each other, and save them into etcd/peer.cert and etcd/peer.key files.

Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs etcd-peer [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
      --csr-dir string    The path to output the CSRs and private keys to
      --csr-only          Create CSRs instead of generating certificates
  -h, --help              help for etcd-peer

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the certificate for serving etcd

Synopsis

Generate the certificate for serving etcd, and save them into etcd/server.cert and etcd/server.key files.

Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs etcd-server [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
      --csr-dir string    The path to output the CSRs and private keys to
      --csr-only          Create CSRs instead of generating certificates
  -h, --help              help for etcd-server

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the self-signed CA to provision identities for front proxy

Synopsis

Generate the self-signed CA to provision identities for front proxy, and save them into front-proxy-ca.cert and front-proxy-ca.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs front-proxy-ca [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
  -h, --help              help for front-proxy-ca

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the certificate for the front proxy client

Synopsis

Generate the certificate for the front proxy client, and save them into front-proxy-client.cert and front-proxy-client.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs front-proxy-client [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string     Path to a kubeadm configuration file.
      --csr-dir string    The path to output the CSRs and private keys to
      --csr-only          Create CSRs instead of generating certificates
  -h, --help              help for front-proxy-client

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate a private key for signing service account tokens along with its public key

Synopsis

Generate the private key for signing service account tokens along with its public key, and save them into sa.key and sa.pub files. If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm init phase certs sa [flags]

Options

      --cert-dir string   The path where to save and store the certificates. (default "/etc/kubernetes/pki")
  -h, --help              help for sa

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase kubeconfig

You can create all required kubeconfig files by calling the all subcommand or call them individually.

Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file

Synopsis

This command is not meant to be run on its own. See list of available subcommands.

kubeadm init phase kubeconfig [flags]

Options

  -h, --help   help for kubeconfig

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate all kubeconfig files

Synopsis

Generate all kubeconfig files

kubeadm init phase kubeconfig all [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32            Port for the API Server to bind to. (default 6443)
      --cert-dir string                      The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                        Path to a kubeadm configuration file.
  -h, --help                                 help for all
      --kubeconfig-dir string                The path where to save the kubeconfig file. (default "/etc/kubernetes")
      --node-name string                     Specify the node name.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate a kubeconfig file for the admin to use and for kubeadm itself

Synopsis

Generate the kubeconfig file for the admin and for kubeadm itself, and save it to admin.conf file.

kubeadm init phase kubeconfig admin [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32            Port for the API Server to bind to. (default 6443)
      --cert-dir string                      The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                        Path to a kubeadm configuration file.
  -h, --help                                 help for admin
      --kubeconfig-dir string                The path where to save the kubeconfig file. (default "/etc/kubernetes")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate a kubeconfig file for the controller manager to use

Synopsis

Generate the kubeconfig file for the controller manager to use and save it to controller-manager.conf file

kubeadm init phase kubeconfig controller-manager [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32            Port for the API Server to bind to. (default 6443)
      --cert-dir string                      The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                        Path to a kubeadm configuration file.
  -h, --help                                 help for controller-manager
      --kubeconfig-dir string                The path where to save the kubeconfig file. (default "/etc/kubernetes")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate a kubeconfig file for the kubelet to use only for cluster bootstrapping purposes

Synopsis

Generate the kubeconfig file for the kubelet to use and save it to kubelet.conf file.

Please note that this should only be used for cluster bootstrapping purposes. After your control plane is up, you should request all kubelet credentials from the CSR API.

kubeadm init phase kubeconfig kubelet [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32            Port for the API Server to bind to. (default 6443)
      --cert-dir string                      The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                        Path to a kubeadm configuration file.
  -h, --help                                 help for kubelet
      --kubeconfig-dir string                The path where to save the kubeconfig file. (default "/etc/kubernetes")
      --node-name string                     Specify the node name.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate a kubeconfig file for the scheduler to use

Synopsis

Generate the kubeconfig file for the scheduler to use and save it to scheduler.conf file.

kubeadm init phase kubeconfig scheduler [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32            Port for the API Server to bind to. (default 6443)
      --cert-dir string                      The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                        Path to a kubeadm configuration file.
  -h, --help                                 help for scheduler
      --kubeconfig-dir string                The path where to save the kubeconfig file. (default "/etc/kubernetes")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase kubelet-start

This phase will write the kubelet configuration file and environment file and then start the kubelet.

Write kubelet settings and (re)start the kubelet

Synopsis

Write a file with KubeletConfiguration and an environment file with node specific kubelet settings, and then (re)start kubelet.

kubeadm init phase kubelet-start [flags]

Examples

  # Writes a dynamic environment file with kubelet flags from a InitConfiguration file.
  kubeadm init phase kubelet-start --config config.yaml

Options

      --config string       Path to a kubeadm configuration file.
      --cri-socket string   Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.
  -h, --help                help for kubelet-start
      --node-name string    Specify the node name.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase control-plane

Using this phase you can create all required static Pod files for the control plane components.

Generate all static Pod manifest files necessary to establish the control plane

Synopsis

This command is not meant to be run on its own. See list of available subcommands.

kubeadm init phase control-plane [flags]

Options

  -h, --help   help for control-plane

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate all static Pod manifest files

Synopsis

Generate all static Pod manifest files

kubeadm init phase control-plane all [flags]

Examples

  # Generates all static Pod manifest files for control plane components,
  # functionally equivalent to what is generated by kubeadm init.
  kubeadm init phase control-plane all
  
  # Generates all static Pod manifest files using options read from a configuration file.
  kubeadm init phase control-plane all --config config.yaml

Options

      --apiserver-advertise-address string              The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32                       Port for the API Server to bind to. (default 6443)
      --apiserver-extra-args mapStringString            A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value>
      --cert-dir string                                 The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                                   Path to a kubeadm configuration file.
      --controller-manager-extra-args mapStringString   A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value>
      --feature-gates string                            A set of key=value pairs that describe feature gates for various features. No feature gates are available in this release.
  -h, --help                                            help for all
      --image-repository string                         Choose a container registry to pull control plane images from (default "k8s.gcr.io")
      --kubernetes-version string                       Choose a specific Kubernetes version for the control plane. (default "stable-1")
      --pod-network-cidr string                         Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.
      --scheduler-extra-args mapStringString            A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value>
      --service-cidr string                             Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the kube-apiserver static Pod manifest

Synopsis

Generates the kube-apiserver static Pod manifest

kubeadm init phase control-plane apiserver [flags]

Options

      --apiserver-advertise-address string     The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32              Port for the API Server to bind to. (default 6443)
      --apiserver-extra-args mapStringString   A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value>
      --cert-dir string                        The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                          Path to a kubeadm configuration file.
      --feature-gates string                   A set of key=value pairs that describe feature gates for various features. No feature gates are available in this release.
  -h, --help                                   help for apiserver
      --image-repository string                Choose a container registry to pull control plane images from (default "k8s.gcr.io")
      --kubernetes-version string              Choose a specific Kubernetes version for the control plane. (default "stable-1")
      --service-cidr string                    Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the kube-controller-manager static Pod manifest

Synopsis

Generates the kube-controller-manager static Pod manifest

kubeadm init phase control-plane controller-manager [flags]

Options

      --cert-dir string                                 The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                                   Path to a kubeadm configuration file.
      --controller-manager-extra-args mapStringString   A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value>
  -h, --help                                            help for controller-manager
      --image-repository string                         Choose a container registry to pull control plane images from (default "k8s.gcr.io")
      --kubernetes-version string                       Choose a specific Kubernetes version for the control plane. (default "stable-1")
      --pod-network-cidr string                         Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the kube-scheduler static Pod manifest

Synopsis

Generates the kube-scheduler static Pod manifest

kubeadm init phase control-plane scheduler [flags]

Options

      --cert-dir string                        The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string                          Path to a kubeadm configuration file.
  -h, --help                                   help for scheduler
      --image-repository string                Choose a container registry to pull control plane images from (default "k8s.gcr.io")
      --kubernetes-version string              Choose a specific Kubernetes version for the control plane. (default "stable-1")
      --scheduler-extra-args mapStringString   A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value>

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase etcd

Use the following phase to create a local etcd instance based on a static Pod file.

Generate static Pod manifest file for local etcd

Synopsis

This command is not meant to be run on its own. See list of available subcommands.

kubeadm init phase etcd [flags]

Options

  -h, --help   help for etcd

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Generate the static Pod manifest file for a local, single-node local etcd instance

Synopsis

Generate the static Pod manifest file for a local, single-node local etcd instance

kubeadm init phase etcd local [flags]

Examples

  # Generates the static Pod manifest file for etcd, functionally
  # equivalent to what is generated by kubeadm init.
  kubeadm init phase etcd local
  
  # Generates the static Pod manifest file for etcd using options
  # read from a configuration file.
  kubeadm init phase etcd local --config config.yaml

Options

      --cert-dir string           The path where to save and store the certificates. (default "/etc/kubernetes/pki")
      --config string             Path to a kubeadm configuration file.
  -h, --help                      help for local
      --image-repository string   Choose a container registry to pull control plane images from (default "k8s.gcr.io")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase upload-certs

Use the following phase to upload control-plane certificates to the cluster. By default the certs and encryption key expire after two hours.

Upload certificates to kubeadm-certs

Synopsis

This command is not meant to be run on its own. See list of available subcommands.

kubeadm init phase upload-certs [flags]

Options

      --certificate-key string       Key used to encrypt the control-plane certificates in the kubeadm-certs Secret.
      --config string                Path to a kubeadm configuration file.
  -h, --help                         help for upload-certs
      --skip-certificate-key-print   Don't print the key used to encrypt the control-plane certificates.
      --upload-certs                 Upload control-plane certificates to the kubeadm-certs Secret.

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase mark-control-plane

Use the following phase to label and taint the node with the node-role.kubernetes.io/master="" key-value pair.

Mark a node as a control-plane

Synopsis

Mark a node as a control-plane

kubeadm init phase mark-control-plane [flags]

Examples

  # Applies control-plane label and taint to the current node, functionally equivalent to what executed by kubeadm init.
  kubeadm init phase mark-control-plane --config config.yml
  
  # Applies control-plane label and taint to a specific node
  kubeadm init phase mark-control-plane --node-name myNode

Options

      --config string      Path to a kubeadm configuration file.
  -h, --help               help for mark-control-plane
      --node-name string   Specify the node name.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase bootstrap-token

Use the following phase to configure bootstrap tokens.

Generates bootstrap tokens used to join a node to a cluster

Synopsis

Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a the control-plane node.

This command makes all the configurations required to make bootstrap tokens works and then creates an initial token.

kubeadm init phase bootstrap-token [flags]

Examples

  # Make all the bootstrap token configurations and create an initial token, functionally
  # equivalent to what generated by kubeadm init.
  kubeadm init phase bootstrap-token

Options

      --config string       Path to a kubeadm configuration file.
  -h, --help                help for bootstrap-token
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --skip-token-print    Skip printing of the default bootstrap token generated by 'kubeadm init'.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase upload-config

You can use this command to upload the kubeadm configuration to your cluster. Alternatively, you can use kubeadm config.

Upload the kubeadm and kubelet configuration to a ConfigMap

Synopsis

This command is not meant to be run on its own. See list of available subcommands.

kubeadm init phase upload-config [flags]

Options

  -h, --help   help for upload-config

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Upload all configuration to a config map

Synopsis

Upload all configuration to a config map

kubeadm init phase upload-config all [flags]

Options

      --config string       Path to a kubeadm configuration file.
  -h, --help                help for all
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Upload the kubeadm ClusterConfiguration to a ConfigMap

Synopsis

Upload the kubeadm ClusterConfiguration to a ConfigMap called kubeadm-config in the kube-system namespace. This enables correct configuration of system components and a seamless user experience when upgrading.

Alternatively, you can use kubeadm config.

kubeadm init phase upload-config kubeadm [flags]

Examples

  # upload the configuration of your cluster
  kubeadm init phase upload-config --config=myConfig.yaml

Options

      --config string       Path to a kubeadm configuration file.
  -h, --help                help for kubeadm
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Upload the kubelet component config to a ConfigMap

Synopsis

Upload kubelet configuration extracted from the kubeadm InitConfiguration object to a ConfigMap of the form kubelet-config-1.X in the cluster, where X is the minor version of the current (API Server) Kubernetes version.

kubeadm init phase upload-config kubelet [flags]

Examples

  # Upload the kubelet configuration from the kubeadm Config file to a ConfigMap in the cluster.
  kubeadm init phase upload-config kubelet --config kubeadm.yaml

Options

      --config string       Path to a kubeadm configuration file.
  -h, --help                help for kubelet
      --kubeconfig string   The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm init phase addon

You can install all the available addons with the all subcommand, or install them selectively.

Install required addons for passing Conformance tests

Synopsis

This command is not meant to be run on its own. See list of available subcommands.

kubeadm init phase addon [flags]

Options

  -h, --help   help for addon

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Install all the addons

Synopsis

Install all the addons

kubeadm init phase addon all [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32            Port for the API Server to bind to. (default 6443)
      --config string                        Path to a kubeadm configuration file.
      --feature-gates string                 A set of key=value pairs that describe feature gates for various features. No feature gates are available in this release.
  -h, --help                                 help for all
      --image-repository string              Choose a container registry to pull control plane images from (default "k8s.gcr.io")
      --kubeconfig string                    The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --kubernetes-version string            Choose a specific Kubernetes version for the control plane. (default "stable-1")
      --pod-network-cidr string              Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.
      --service-cidr string                  Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")
      --service-dns-domain string            Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Install the kube-proxy addon to a Kubernetes cluster

Synopsis

Install the kube-proxy addon components via the API server.

kubeadm init phase addon kube-proxy [flags]

Options

      --apiserver-advertise-address string   The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
      --apiserver-bind-port int32            Port for the API Server to bind to. (default 6443)
      --config string                        Path to a kubeadm configuration file.
  -h, --help                                 help for kube-proxy
      --image-repository string              Choose a container registry to pull control plane images from (default "k8s.gcr.io")
      --kubeconfig string                    The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --kubernetes-version string            Choose a specific Kubernetes version for the control plane. (default "stable-1")
      --pod-network-cidr string              Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

Install the CoreDNS addon to a Kubernetes cluster

Synopsis

Install the CoreDNS addon components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed.

kubeadm init phase addon coredns [flags]

Options

      --config string               Path to a kubeadm configuration file.
      --feature-gates string        A set of key=value pairs that describe feature gates for various features. No feature gates are available in this release.
  -h, --help                        help for coredns
      --image-repository string     Choose a container registry to pull control plane images from (default "k8s.gcr.io")
      --kubeconfig string           The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. (default "/etc/kubernetes/admin.conf")
      --kubernetes-version string   Choose a specific Kubernetes version for the control plane. (default "stable-1")
      --service-cidr string         Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")
      --service-dns-domain string   Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local")

Options inherited from parent commands

      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.

To use kube-dns instead of CoreDNS you have to pass a configuration file:

# for installing a DNS addon only
kubeadm init phase addon coredns --config=someconfig.yaml
# for creating a complete control plane node
kubeadm init --config=someconfig.yaml
# for listing or pulling images
kubeadm config images list/pull --config=someconfig.yaml
# for upgrades
kubeadm upgrade apply --config=someconfig.yaml

The file has to contain a DNS field inClusterConfiguration and also a type for the addon - kube-dns (default value is CoreDNS).

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
dns:
  type: "kube-dns"

For more details on each field in the v1beta2 configuration you can navigate to our API reference pages.

What’s next

Feedback