kubeadm-token - Man Page

Manage bootstrap tokens

Eric Paris Jan 2015


kubeadm token [Options]


This command manages bootstrap tokens. It is optional and needed only for advanced use cases.

In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server. A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs to trust the server it is talking to. Then a bootstrap token with the "signing" usage can be used. bootstrap tokens can also function as a way to allow short-lived authentication to the API Server (the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.

What is a bootstrap token more exactly?
- It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
- A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
  while the latter is the Token Secret and it must be kept private at all circumstances!
- The name of the Secret must be named "bootstrap-token-(token-id)".

You can read more about bootstrap tokens here:


--dry-run=false Whether to enable dry-run mode or not

--kubeconfig="/etc/kubernetes/admin.conf" The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

Options Inherited from Parent Commands

--azure-container-registry-config="" Path to the file containing Azure container registry configuration information.

--log-flush-frequency=5s Maximum number of seconds between log flushes

--rootfs="" [EXPERIMENTAL] The path to the 'real' host root filesystem.

--version=false Print version information and quit

See Also

kubeadm(1), kubeadm-token-create(1), kubeadm-token-delete(1), kubeadm-token-generate(1), kubeadm-token-list(1),


January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!

Referenced By

kubeadm(1), kubeadm-token-create(1), kubeadm-token-delete(1), kubeadm-token-generate(1), kubeadm-token-list(1).

User Manuals