Manage bootstrap tokens.
Synopsis
This command manages bootstrap tokens. It is optional and needed only for advanced use cases.
In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server. A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs to trust the server it is talking to. Then a bootstrap token with the “signing” usage can be used. bootstrap tokens can also function as a way to allow short-lived authentication to the API Server (the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.
What is a bootstrap token more exactly? - It is a Secret in the kube-system namespace of type “bootstrap.kubernetes.io/token”. - A bootstrap token must be of the form “[a-z0-9]{6}.[a-z0-9]{16}“. The former part is the public token ID, while the latter is the Token Secret and it must be kept private at all circumstances! - The name of the Secret must be named “bootstrap-token-(token-id)”.
You can read more about bootstrap tokens here: https://kubernetes.io/docs/admin/bootstrap-tokens/
kubeadm token [flags]
Options
| --dry-run | |
| Whether to enable dry-run mode or not | |
| -h, --help | |
| help for token | |
| --kubeconfig string Default: "/etc/kubernetes/admin.conf" | |
| The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations are searched for an existing KubeConfig file. | |
Options inherited from parent commands
| --rootfs string | |
| [EXPERIMENTAL] The path to the 'real' host root filesystem. | |
Feedback
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.
Page last modified on April 03, 2019 at 3:57 PM PST by
网站初步实现预期效果 (Page History)