Reference

Edit This Page

kubeadm alpha

kubeadm alpha provides a preview of a set of features made available for gathering feedback from the community. Please try it out and give us feedback!

In v1.8.0, kubeadm introduced the kubeadm alpha phase command with the aim of making kubeadm more modular. This modularity enables you to invoke atomic sub-steps of the bootstrap process; you can let kubeadm do some parts and fill in yourself where you need customizations.

kubeadm alpha phase is consistent with kubeadm init workflow, and behind the scene both use the same code.

kubeadm alpha phase preflight

You can execute preflight checks both for the master node, like in kubeadm init, or for the worker node like in kubeadm join.

Run master pre-flight checks

Synopsis

Run master pre-flight checks, functionally equivalent to what implemented by kubeadm init.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase preflight master [flags]

Examples

  # Run master pre-flight checks.
  kubeadm alpha phase preflight master

Options

-h, --help
help for master

Options inherited from parent commands

--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
--ignore-preflight-errors stringSlice
A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Run node pre-flight checks

Synopsis

Run node pre-flight checks, functionally equivalent to what implemented by kubeadm join.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase preflight node [flags]

Examples

  # Run node pre-flight checks.
  kubeadm alpha phase preflight node

Options

-h, --help
help for node

Options inherited from parent commands

--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
--ignore-preflight-errors stringSlice
A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase certs

You can create all required certificates with the all subcommand or selectively create certificates.

Generates all PKI assets necessary to establish the control plane

Synopsis

Generates a self-signed CA to provision identities for each component in the cluster (including nodes) and client certificates to be used by various components.

If a given certificate and private key pair both exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs all [flags]

Examples

  # Creates all PKI assets necessary to establish the control plane,
  # functionally equivalent to what generated by kubeadm init.
  kubeadm alpha phase certs all
  
  # Creates all PKI assets using options read from a configuration file.
  kubeadm alpha phase certs all --config masterconfiguration.yaml

Options

--apiserver-advertise-address string
The IP address the API server is accessible on, to use for the API server serving cert
--apiserver-cert-extra-sans stringSlice
Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for all
--service-cidr string     Default: "10.96.0.0/12"
Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert
--service-dns-domain string     Default: "cluster.local"
Alternative domain for services, to use for the API server serving cert

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the self-signed kubernetes CA to provision identities for other kuberenets components

Synopsis

Generates the self-signed kubernetes CA to provision identities for other kuberenets components, and saves them into ca.cert and ca.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs ca [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for ca

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the certificate for serving the kubernetes API

Synopsis

Generates the certificate for serving the kubernetes API, and saves them into apiserver.cert and apiserver.key files.

Default SANs are kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, 10.96.0.1, 127.0.0.1

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs apiserver [flags]

Options

--apiserver-advertise-address string
The IP address the API server is accessible on, to use for the API server serving cert
--apiserver-cert-extra-sans stringSlice
Optional extra altnames to use for the API server serving cert. Can be both IP addresses and DNS names
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for apiserver
--service-cidr string     Default: "10.96.0.0/12"
Alternative range of IP address for service VIPs, from which derives the internal API server VIP that will be added to the API Server serving cert
--service-dns-domain string     Default: "cluster.local"
Alternative domain for services, to use for the API server serving cert

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the Client certificate for the API server to connect to kubelet

Synopsis

Generates the Client certificate for the API server to connect to kubelet, and saves them into apiserver-kubelet-client.cert and apiserver-kubelet-client.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs apiserver-kubelet-client [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for apiserver-kubelet-client

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates a private key for signing service account tokens along with its public key

Synopsis

Generates the private key for signing service account tokens along with its public key, and saves them into sa.key and sa.pub files. If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs sa [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for sa

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the self-signed CA to provision identities for front proxy

Synopsis

Generates the self-signed CA to provision identities for front proxy, and saves them into front-proxy-ca.cert and front-proxy-ca.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs front-proxy-ca [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for front-proxy-ca

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the client for the front proxy

Synopsis

Generates the client for the front proxy, and saves them into front-proxy-client.cert and front-proxy-client.key files.

If both files already exist, kubeadm skips the generation step and existing files will be used.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase certs front-proxy-client [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for front-proxy-client

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase certs renew

You can renew all Kubernetes certificates using the all subcommand or renew them selectively.

renew all available certificates

Synopsis

Renews all known certificates necessary to run the control plan. Renewals are run unconditionally, regardless of expiration date. Renewals can also be run individually for more control.

kubeadm alpha phase certs renew all [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for all
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the client apiserver uses to access etcd

Synopsis

Renews the client apiserver uses to access etcd, and saves them into apiserver-etcd-client.cert and apiserver-etcd-client.key files.

Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.

kubeadm alpha phase certs renew apiserver-etcd-client [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for apiserver-etcd-client
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the Client certificate for the API server to connect to kubelet

Synopsis

Renews the Client certificate for the API server to connect to kubelet, and saves them into apiserver-kubelet-client.cert and apiserver-kubelet-client.key files.

Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.

kubeadm alpha phase certs renew apiserver-kubelet-client [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for apiserver-kubelet-client
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the certificate for serving the kubernetes API

Synopsis

Renews the certificate for serving the kubernetes API, and saves them into apiserver.cert and apiserver.key files.

Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.

kubeadm alpha phase certs renew apiserver [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for apiserver
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the client certificate for liveness probes to healtcheck etcd

Synopsis

Renews the client certificate for liveness probes to healtcheck etcd, and saves them into etcd/healthcheck-client.cert and etcd/healthcheck-client.key files.

Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.

kubeadm alpha phase certs renew etcd-healthcheck-client [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for etcd-healthcheck-client
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the credentials for etcd nodes to communicate with each other

Synopsis

Renews the credentials for etcd nodes to communicate with each other, and saves them into etcd/peer.cert and etcd/peer.key files.

Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.

kubeadm alpha phase certs renew etcd-peer [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for etcd-peer
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the certificate for serving etcd

Synopsis

Renews the certificate for serving etcd, and saves them into etcd/server.cert and etcd/server.key files.

Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.

kubeadm alpha phase certs renew etcd-server [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for etcd-server
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the client for the front proxy

Synopsis

Renews the client for the front proxy, and saves them into front-proxy-client.cert and front-proxy-client.key files.

Extra attributes such as SANs will be based on the existing certificates, there is no need to resupply them.

kubeadm alpha phase certs renew front-proxy-client [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where to save the certificates
--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for front-proxy-client
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--use-api
Use the Kubernetes certificate API to renew certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase kubeconfig

You can create all required kubeconfig files with the all subcommand, or selectively create the files. Additionally, the user subcommand supports the creation of kubeconfig files for additional users.

Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file

Synopsis

Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubeconfig all [flags]

Examples

  # Generates all kubeconfig files, functionally equivalent to what generated
  # by kubeadm init.
  kubeadm alpha phase kubeconfig all
  
  # Generates all kubeconfig files using options read from a configuration file.
  kubeadm alpha phase kubeconfig all --config masterconfiguration.yaml

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for all
--kubeconfig-dir string     Default: "/etc/kubernetes"
The path where to save the kubeconfig file
--node-name string
The node name that should be used for the kubelet client certificate

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates a kubeconfig file for the admin to use and for kubeadm itself

Synopsis

Generates the kubeconfig file for the admin and for kubeadm itself, and saves it to admin.conf file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubeconfig admin [flags]

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for admin
--kubeconfig-dir string     Default: "/etc/kubernetes"
The path where to save the kubeconfig file

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates a kubeconfig file for the kubelet to use. Please note that this should be used only for bootstrapping purposes

Synopsis

Generates the kubeconfig file for the kubelet to use and saves it to /etc/kubernetes/kubelet.conf file.

Please note that this should only be used for bootstrapping purposes. After your control plane is up, you should request all kubelet credentials from the CSR API.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubeconfig kubelet [flags]

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for kubelet
--kubeconfig-dir string     Default: "/etc/kubernetes"
The path where to save the kubeconfig file
--node-name string
The node name that should be used for the kubelet client certificate

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates a kubeconfig file for the controller manager to use

Synopsis

Generates the kubeconfig file for the controller manager to use and saves it to /etc/kubernetes/controller-manager.conf file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubeconfig controller-manager [flags]

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for controller-manager
--kubeconfig-dir string     Default: "/etc/kubernetes"
The path where to save the kubeconfig file

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates a kubeconfig file for the scheduler to use

Synopsis

Generates the kubeconfig file for the scheduler to use and saves it to /etc/kubernetes/scheduler.conf file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubeconfig scheduler [flags]

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for scheduler
--kubeconfig-dir string     Default: "/etc/kubernetes"
The path where to save the kubeconfig file

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Outputs a kubeconfig file for an additional user

Synopsis

Outputs a kubeconfig file for an additional user.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubeconfig user [flags]

Examples

  # Outputs a kubeconfig file for an additional user named foo
  kubeadm alpha phase kubeconfig user --client-name=foo

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--client-name string
The name of user. It will be used as the CN if client certificates are created
-h, --help
help for user
--kubeconfig-dir string     Default: "/etc/kubernetes"
The path where to save the kubeconfig file
--org stringSlice
The orgnizations of the client certificate. It will be used as the O if client certificates are created
--token string
The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase kubelet

Use the following commands to manage the kubelet phase.

annotates the node with the given crisocket

Synopsis

Adds an annotation to the current node with the CRI socket specified in the kubeadm InitConfiguration object.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubelet config annotate-cri [flags]

Examples

  kubeadm alpha phase kubelet config annotate-cri --config kubeadm.yaml

Options

--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for annotate-cri
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Downloads the kubelet configuration from the cluster ConfigMap kubelet-config-1.X, where X is the minor version of the kubelet.

Synopsis

Downloads the kubelet configuration from a ConfigMap of the form “kubelet-config-1.X” in the cluster, where X is the minor version of the kubelet. Either kubeadm autodetects the kubelet version by exec-ing “kubelet –version” or respects the –kubelet-version parameter.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubelet config download [flags]

Examples

  # Downloads the kubelet configuration from the ConfigMap in the cluster. Autodetects the kubelet version.
  kubeadm alpha phase kubelet config download
  
  # Downloads the kubelet configuration from the ConfigMap in the cluster. Uses a specific desired kubelet version.
  kubeadm alpha phase kubelet config download --kubelet-version v1.12.0

Options

-h, --help
help for download
--kubeconfig string     Default: "/etc/kubernetes/kubelet.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--kubelet-version string
The desired version for the kubelet. Defaults to being autodetected from 'kubelet --version'.

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

EXPERIMENTAL: Enables or updates dynamic kubelet configuration for a Node

Synopsis

Enables or updates dynamic kubelet configuration for a Node, against the kubelet-config-1.X ConfigMap in the cluster, where X is the minor version of the desired kubelet version.

WARNING: This feature is still experimental, and disabled by default. Enable only if you know what you are doing, as it may have surprising side-effects at this stage.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubelet config enable-dynamic [flags]

Examples

  # Enables dynamic kubelet configuration for a Node.
  kubeadm alpha phase kubelet enable-dynamic-config --node-name node-1 --kubelet-version v1.12.0
  
  WARNING: This feature is still experimental, and disabled by default. Enable only if you know what you are doing, as it
  may have surprising side-effects at this stage.

Options

-h, --help
help for enable-dynamic
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--kubelet-version string
The desired version for the kubelet
--node-name string
Name of the node that should enable the dynamic kubelet configuration

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Uploads kubelet configuration to a ConfigMap based on a kubeadm InitConfiguration file.

Synopsis

Uploads kubelet configuration extracted from the kubeadm InitConfiguration object to a ConfigMap of the form kubelet-config-1.X in the cluster, where X is the minor version of the current (API Server) Kubernetes version.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubelet config upload [flags]

Examples

  # Uploads the kubelet configuration from the kubeadm Config file to a ConfigMap in the cluster.
  kubeadm alpha phase kubelet config upload --config kubeadm.yaml

Options

--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for upload
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Writes kubelet configuration to disk, either based on the –config argument.

Synopsis

Writes kubelet configuration to disk, based on the kubeadm configuration passed via “–config”.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubelet config write-to-disk [flags]

Examples

  # Extracts the kubelet configuration from a kubeadm configuration file
  kubeadm alpha phase kubelet config write-to-disk --config kubeadm.yaml

Options

--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for write-to-disk

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Writes an environment file with runtime flags for the kubelet.

Synopsis

Writes an environment file with flags that should be passed to the kubelet executing on the master or node. This –config flag can either consume a InitConfiguration object or a JoinConfiguration one, as this function is used for both “kubeadm init” and “kubeadm join”.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase kubelet write-env-file [flags]

Examples

  # Writes a dynamic environment file with kubelet flags from a InitConfiguration file.
  kubeadm alpha phase kubelet write-env-file --config masterconfig.yaml
  
  # Writes a dynamic environment file with kubelet flags from a JoinConfiguration file.
  kubeadm alpha phase kubelet write-env-file --config nodeconfig.yaml

Options

--config string
Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)
-h, --help
help for write-env-file

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase controlplane

You can create all required static Pod files for the control plane components with the all subcommand, or selectively create the files.

Generates all static Pod manifest files necessary to establish the control plane

Synopsis

Generates all static Pod manifest files necessary to establish the control plane.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase controlplane all [flags]

Examples

  # Generates all static Pod manifest files for control plane components,
  # functionally equivalent to what generated by kubeadm init.
  kubeadm alpha phase controlplane all
  
  # Generates all static Pod manifest files using options read from a configuration file.
  kubeadm alpha phase controlplane --config masterconfiguration.yaml

Options

--apiserver-advertise-address string
The IP address of the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--apiserver-extra-args mapStringString
A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value>
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
--controller-manager-extra-args mapStringString
A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value>
--feature-gates string
A set of key=value pairs that describe feature gates for various features. Options are:
Auditing=true|false (ALPHA - default=false)
CoreDNS=true|false (default=true)
DynamicKubeletConfig=true|false (BETA - default=false)
-h, --help
help for all
--kubernetes-version string     Default: "stable-1"
Choose a specific Kubernetes version for the control plane
--pod-network-cidr string
The range of IP addresses used for the Pod network
--scheduler-extra-args mapStringString
A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value>
--service-cidr string     Default: "10.96.0.0/12"
The range of IP address used for service VIPs

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the API server static Pod manifest

Synopsis

Generates the static Pod manifest file for the API server and saves it into /etc/kubernetes/manifests/kube-apiserver.yaml file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase controlplane apiserver [flags]

Options

--apiserver-advertise-address string
The IP address of the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--apiserver-extra-args mapStringString
A set of extra flags to pass to the API Server or override default ones in form of <flagname>=<value>
--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
--feature-gates string
A set of key=value pairs that describe feature gates for various features. Options are:
Auditing=true|false (ALPHA - default=false)
CoreDNS=true|false (default=true)
DynamicKubeletConfig=true|false (BETA - default=false)
-h, --help
help for apiserver
--kubernetes-version string     Default: "stable-1"
Choose a specific Kubernetes version for the control plane
--service-cidr string     Default: "10.96.0.0/12"
The range of IP address used for service VIPs

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the controller-manager static Pod manifest

Synopsis

Generates the static Pod manifest file for the controller-manager and saves it into /etc/kubernetes/manifests/kube-controller-manager.yaml file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase controlplane controller-manager [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
--controller-manager-extra-args mapStringString
A set of extra flags to pass to the Controller Manager or override default ones in form of <flagname>=<value>
-h, --help
help for controller-manager
--kubernetes-version string     Default: "stable-1"
Choose a specific Kubernetes version for the control plane
--pod-network-cidr string
The range of IP addresses used for the Pod network

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Generates the scheduler static Pod manifest

Synopsis

Generates the static Pod manifest file for the scheduler and saves it into /etc/kubernetes/manifests/kube-scheduler.yaml file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase controlplane scheduler [flags]

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for scheduler
--kubernetes-version string     Default: "stable-1"
Choose a specific Kubernetes version for the control plane
--scheduler-extra-args mapStringString
A set of extra flags to pass to the Scheduler or override default ones in form of <flagname>=<value>

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase etcd

Use the following command to create a self-hosted, local etcd instance based on a static Pod file.

Generates the static Pod manifest file for a local, single-node etcd instance

Synopsis

Generates the static Pod manifest file for a local, single-node etcd instance and saves it to /etc/kubernetes/manifests/etcd.yaml file.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase etcd local [flags]

Examples

  # Generates the static Pod manifest file for etcd, functionally
  # equivalent to what generated by kubeadm init.
  kubeadm alpha phase etcd local
  
  #  Generates the static Pod manifest file for etcd.
  kubeadm alpha phase etcd local --config masterconfiguration.yaml

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for local

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase mark-master

Use the following command to label and taint the node with the node-role.kubernetes.io/master="" key-value pair.

Mark a node as master

Synopsis

Applies a label that specifies that a node is a master and a taint that forces workloads to be deployed accordingly.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase mark-master [flags]

Examples

  # Applies master label and taint to the current node, functionally equivalent to what executed by kubeadm init.
  kubeadm alpha phase mark-master
  
  # Applies master label and taint to a specific node
  kubeadm alpha phase mark-master --node-name myNode

Options

--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for mark-master
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--node-name string
The node name to which label and taints should apply

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase bootstrap-token

Use the following actions to fully configure bootstrap tokens. You can fully configure bootstrap tokens with the all subcommand, or selectively configure single elements.

Makes all the bootstrap token configurations and creates an initial token

Synopsis

Bootstrap tokens are used for establishing bidirectional trust between a node joining the cluster and a the master node.

This command makes all the configurations required to make bootstrap tokens works and then creates an initial token.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase bootstrap-token all [flags]

Examples

  # Makes all the bootstrap token configurations and creates an initial token, functionally
  # equivalent to what generated by kubeadm init.
  kubeadm alpha phase bootstrap-token all

Options

--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
--description string
A human friendly description of how this token is used.
--groups stringSlice     Default: [system:bootstrappers:kubeadm:default-node-token]
Extra groups that this token will authenticate as when used for authentication. Must match "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"
-h, --help
help for all
--skip-token-print
Skip printing of the bootstrap token
--token string
The token to use for establishing bidirectional trust between nodes and masters. The format is [a-z0-9]{6}\.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef
--token-ttl duration     Default: 24h0m0s
The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
--usages stringSlice     Default: [signing,authentication]
Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]

Options inherited from parent commands

--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Creates a bootstrap token to be used for node joining

Synopsis

Creates a bootstrap token. If no token value is given, kubeadm will generate a random token instead.

Alternatively, you can use kubeadm token.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase bootstrap-token create [flags]

Options

--config string
Path to kubeadm config file. WARNING: Usage of a configuration file is experimental
--description string
A human friendly description of how this token is used.
--groups stringSlice     Default: [system:bootstrappers:kubeadm:default-node-token]
Extra groups that this token will authenticate as when used for authentication. Must match "\\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\\z"
-h, --help
help for create
--skip-token-print
Skip printing of the bootstrap token
--token string
The token to use for establishing bidirectional trust between nodes and masters. The format is [a-z0-9]{6}\.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef
--token-ttl duration     Default: 24h0m0s
The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire
--usages stringSlice     Default: [signing,authentication]
Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]

Options inherited from parent commands

--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Uploads the cluster-info ConfigMap from the given kubeconfig file

Synopsis

Uploads the “cluster-info” ConfigMap in the “kube-public” namespace, populating it with cluster information extracted from the given kubeconfig file. The ConfigMap is used for the node bootstrap process in its initial phases, before the client trusts the API server.

See online documentation about Authenticating with Bootstrap Tokens for more details.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase bootstrap-token cluster-info [flags]

Options

-h, --help
help for cluster-info

Options inherited from parent commands

--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Configures RBAC rules to allow the csrapprover controller automatically approve CSRs from a node bootstrap token

Synopsis

Configures RBAC rules to allow the csrapprover controller to automatically approve certificate signing requests generated by nodes joining the cluster. It configures also RBAC rules for certificates rotation (with auto approval of new certificates).

See online documentation about TLS bootstrapping for more details.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase bootstrap-token node allow-auto-approve [flags]

Options

-h, --help
help for allow-auto-approve

Options inherited from parent commands

--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Configures RBAC to allow node bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials

Synopsis

Configures RBAC rules to allow node bootstrap tokens to post a certificate signing request, thus enabling nodes joining the cluster to request long term certificate credentials.

See online documentation about TLS bootstrapping for more details.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase bootstrap-token node allow-post-csrs [flags]

Options

-h, --help
help for allow-post-csrs

Options inherited from parent commands

--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase upload-config

You can use this command to upload the kubeadm configuration to your cluster. Alternatively, you can use kubeadm config.

Uploads the currently used configuration for kubeadm to a ConfigMap

Synopsis

Uploads the kubeadm init configuration of your cluster to a ConfigMap called kubeadm-config in the kube-system namespace. This enables correct configuration of system components and a seamless user experience when upgrading.

Alternatively, you can use kubeadm config.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase upload-config [flags]

Examples

  # uploads the configuration of your cluster
  kubeadm alpha phase upload-config --config=myConfig.yaml

Options

--config string
Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for upload-config
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase addon

You can install all the available addons with the all subcommand, or install them selectively.

Note: If kubeadm is invoked with --feature-gates=CoreDNS=false, kube-dns is installed.

Installs all addons to a Kubernetes cluster

Synopsis

Installs the CoreDNS and the kube-proxy addons components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase addon all [flags]

Examples

  # Installs the CoreDNS and the kube-proxy addons components via the API server,
  # functionally equivalent to what installed by kubeadm init.
  
  kubeadm alpha phase selfhosting from-staticpods

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--config string
Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental
--feature-gates string
A set of key=value pairs that describe feature gates for various features. Options are:
Auditing=true|false (ALPHA - default=false)
CoreDNS=true|false (default=true)
DynamicKubeletConfig=true|false (BETA - default=false)
-h, --help
help for all
--image-repository string     Default: "k8s.gcr.io"
Choose a container registry to pull control plane images from
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--kubernetes-version string     Default: "stable-1"
Choose a specific Kubernetes version for the control plane
--pod-network-cidr string
The range of IP addresses used for the Pod network
--service-cidr string     Default: "10.96.0.0/12"
The range of IP address used for service VIPs
--service-dns-domain string     Default: "cluster.local"
Alternative domain for services

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Installs the kube-proxy addon to a Kubernetes cluster

Synopsis

Installs the kube-proxy addon components via the API server.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase addon kube-proxy [flags]

Options

--apiserver-advertise-address string
The IP address the API server is accessible on
--apiserver-bind-port int32     Default: 6443
The port the API server is accessible on
--config string
Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental
-h, --help
help for kube-proxy
--image-repository string     Default: "k8s.gcr.io"
Choose a container registry to pull control plane images from
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--kubernetes-version string     Default: "stable-1"
Choose a specific Kubernetes version for the control plane
--pod-network-cidr string
The range of IP addresses used for the Pod network

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

Installs the CoreDNS addon to a Kubernetes cluster

Synopsis

Installs the CoreDNS addon components via the API server. Please note that although the DNS server is deployed, it will not be scheduled until CNI is installed.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase addon coredns [flags]

Options

--config string
Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental
--feature-gates string
A set of key=value pairs that describe feature gates for various features. Options are:
Auditing=true|false (ALPHA - default=false)
CoreDNS=true|false (default=true)
DynamicKubeletConfig=true|false (BETA - default=false)
-h, --help
help for coredns
--image-repository string     Default: "k8s.gcr.io"
Choose a container registry to pull control plane images from
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.
--kubernetes-version string     Default: "stable-1"
Choose a specific Kubernetes version for the control plane
--service-cidr string     Default: "10.96.0.0/12"
The range of IP address used for service VIPs
--service-dns-domain string     Default: "cluster.local"
Alternative domain for services

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

kubeadm alpha phase self-hosting

Caution: Self-hosting is an alpha feature. See kubeadm init documentation for self-hosting limitations.

Converts a static Pod-hosted control plane into a self-hosted one

Synopsis

Converts static Pod files for control plane components into self-hosted DaemonSets configured via the Kubernetes API.

See the documentation for self-hosting limitations.

Alpha Disclaimer: this command is currently alpha.

kubeadm alpha phase selfhosting convert-from-staticpods [flags]

Examples

  # Converts a static Pod-hosted control plane into a self-hosted one,
  # functionally equivalent to what generated by kubeadm init executed
  # with --feature-gates=SelfHosting=true.
  
  kubeadm alpha phase selfhosting convert-from-staticpods

Options

--cert-dir string     Default: "/etc/kubernetes/pki"
The path where certificates are stored
--config string
Path to a kubeadm config file. WARNING: Usage of a configuration file is experimental
--feature-gates string
A set of key=value pairs that describe feature gates for various features. Options are:
Auditing=true|false (ALPHA - default=false)
CoreDNS=true|false (default=true)
DynamicKubeletConfig=true|false (BETA - default=false)
-h, --help
help for convert-from-staticpods
--kubeconfig string     Default: "/etc/kubernetes/admin.conf"
The KubeConfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file.

Options inherited from parent commands

--rootfs string
[EXPERIMENTAL] The path to the 'real' host root filesystem.

What’s next