kubeadm-init - Man Page
Run this command in order to set up the Kubernetes control plane
Eric Paris Jan 2015
Synopsis
kubeadm init [Options]
Description
Run this command in order to set up the Kubernetes control plane
The "init" command executes the following phases:
preflight Run pre-flight checks certs Certificate generation /ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components /apiserver Generate the certificate for serving the Kubernetes API /apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet /front-proxy-ca Generate the self-signed CA to provision identities for front proxy /front-proxy-client Generate the certificate for the front proxy client /etcd-ca Generate the self-signed CA to provision identities for etcd /etcd-server Generate the certificate for serving etcd /etcd-peer Generate the certificate for etcd nodes to communicate with each other /etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd /apiserver-etcd-client Generate the certificate the apiserver uses to access etcd /sa Generate a private key for signing service account tokens along with its public key kubeconfig Generate all kubeconfig files necessary to establish the control plane and the admin kubeconfig file /admin Generate a kubeconfig file for the admin to use and for kubeadm itself /super-admin Generate a kubeconfig file for the super-admin /kubelet Generate a kubeconfig file for the kubelet to use *only* for cluster bootstrapping purposes /controller-manager Generate a kubeconfig file for the controller manager to use /scheduler Generate a kubeconfig file for the scheduler to use etcd Generate static Pod manifest file for local etcd /local Generate the static Pod manifest file for a local, single-node local etcd instance control-plane Generate all static Pod manifest files necessary to establish the control plane /apiserver Generates the kube-apiserver static Pod manifest /controller-manager Generates the kube-controller-manager static Pod manifest /scheduler Generates the kube-scheduler static Pod manifest kubelet-start Write kubelet settings and (re)start the kubelet upload-config Upload the kubeadm and kubelet configuration to a ConfigMap /kubeadm Upload the kubeadm ClusterConfiguration to a ConfigMap /kubelet Upload the kubelet component config to a ConfigMap upload-certs Upload certificates to kubeadm-certs mark-control-plane Mark a node as a control-plane bootstrap-token Generates bootstrap tokens used to join a node to a cluster kubelet-finalize Updates settings relevant to the kubelet after TLS bootstrap /experimental-cert-rotation Enable kubelet client certificate rotation addon Install required addons for passing conformance tests /coredns Install the CoreDNS addon to a Kubernetes cluster /kube-proxy Install the kube-proxy addon to a Kubernetes cluster show-join-command Show the join command for control-plane and worker node
Options
--apiserver-advertise-address="" The IP address the API Server will advertise it's listening on. If not set the default network interface will be used.
--apiserver-bind-port=6443 Port for the API Server to bind to.
--apiserver-cert-extra-sans=[] Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.
--cert-dir="/etc/kubernetes/pki" The path where to save and store the certificates.
--certificate-key="" Key used to encrypt the control-plane certificates in the kubeadm-certs Secret. The certificate key is a hex encoded string that is an AES key of size 32 bytes.
--config="" Path to a kubeadm configuration file.
--control-plane-endpoint="" Specify a stable IP address or DNS name for the control plane.
--cri-socket="" Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.
--dry-run=false Don't apply any changes; just output what would be done.
--feature-gates="" A set of key=value pairs that describe feature gates for various features. Options are: EtcdLearnerMode=true|false (BETA - default=true) PublicKeysECDSA=true|false (DEPRECATED - default=false) RootlessControlPlane=true|false (ALPHA - default=false) UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - default=false)
--ignore-preflight-errors=[] A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
--image-repository="registry.k8s.io" Choose a container registry to pull control plane images from
--kubernetes-version="stable-1" Choose a specific Kubernetes version for the control plane.
--node-name="" Specify the node name.
--patches="" Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd", "kubeletconfiguration". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
--pod-network-cidr="" Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.
--service-cidr="10.96.0.0/12" Use alternative range of IP address for service VIPs.
--service-dns-domain="cluster.local" Use alternative domain for services, e.g. "myorg.internal".
--skip-certificate-key-print=false Don't print the key used to encrypt the control-plane certificates.
--skip-phases=[] List of phases to be skipped
--skip-token-print=false Skip printing of the default bootstrap token generated by 'kubeadm init'.
--token="" The token to use for establishing bidirectional trust between nodes and control-plane nodes. The format is [a-z0-9]{6}.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef
--token-ttl=24h0m0s The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
--upload-certs=false Upload control-plane certificates to the kubeadm-certs Secret.
Options Inherited from Parent Commands
--azure-container-registry-config="" Path to the file containing Azure container registry configuration information.
--rootfs="" [EXPERIMENTAL] The path to the 'real' host root filesystem.
--version=false --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
See Also
History
January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!
Referenced By
kubeadm(1), kubeadm-init-phase(1).