kubeadm-token-create - Man Page

Create bootstrap tokens on the server

Eric Paris Jan 2015


kubeadm token create [Options]


This command will create a bootstrap token for you. You can specify the usages for this token, the "time to live" and an optional human friendly description.

The [token] is the actual token to write. This should be a securely generated random token of the form "[a-z0-9]{6}.[a-z0-9]{16}". If no [token] is given, kubeadm will generate a random token instead.


--certificate-key="" When used together with '--print-join-command', print the full 'kubeadm join' flag needed to join the cluster as a control-plane. To create a new certificate key you must use 'kubeadm init phase upload-certs --upload-certs'.

--config="" Path to a kubeadm configuration file.

--description="" A human friendly description of how this token is used.

--groups=[system:bootstrappers:kubeadm:default-node-token] Extra groups that this token will authenticate as when used for authentication. Must match "\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z"

--print-join-command=false Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token.

--ttl=24h0m0s The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire

--usages=[signing,authentication] Describes the ways in which this token can be used. You can pass --usages multiple times or provide a comma separated list of options. Valid options: [signing,authentication]

Options Inherited from Parent Commands

--azure-container-registry-config="" Path to the file containing Azure container registry configuration information.

--dry-run=false Whether to enable dry-run mode or not

--kubeconfig="/etc/kubernetes/admin.conf" The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

--rootfs="" [EXPERIMENTAL] The path to the 'real' host root filesystem.

--version=false --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version

See Also



January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!

Referenced By


User Manuals