[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

If the node should host a new control plane instance, the IP address the API Server will advertise it’s listening on. If not set the default network interface will be used.

If the node should host a new control plane instance, the port for the API Server to bind to.

Use this key to decrypt the certificate secrets uploaded by init.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.

For file-based discovery, a file or URL from which to load cluster information.

For token-based discovery, the token used to validate cluster information fetched from the API server.

For token-based discovery, validate that the root CA public key matches this hash (format: “<type>:<value>”).

For token-based discovery, allow joining without —discovery-token-ca-cert-hash pinning.

Don’t apply any changes; just output what would be done.

help for preflight

A list of checks whose errors will be shown as warnings. Example: ‘IsPrivilegedUser,Swap’. Value ‘all’ ignores errors from all checks.

Specify the node name.

Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

help for control-plane-prepare

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

If the node should host a new control plane instance, the IP address the API Server will advertise it’s listening on. If not set the default network interface will be used.

If the node should host a new control plane instance, the port for the API Server to bind to.

Use this key to decrypt the certificate secrets uploaded by init.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

For file-based discovery, a file or URL from which to load cluster information.

For token-based discovery, the token used to validate cluster information fetched from the API server.

For token-based discovery, validate that the root CA public key matches this hash (format: “<type>:<value>”).

For token-based discovery, allow joining without —discovery-token-ca-cert-hash pinning.

Don’t apply any changes; just output what would be done.

help for all

Specify the node name.

Path to a directory that contains files named “target[suffix][+patchtype].extension”. For example, “kube-apiserver0+merge.yaml” or just “etcd.json”. “target” can be one of “kube-apiserver”, “kube-controller-manager”, “kube-scheduler”, “etcd”, “kubeletconfiguration”. “patchtype” can be one of “strategic”, “merge” or “json” and they match the patch formats supported by kubectl. The default “patchtype” is “strategic”. “extension” must be either “json” or “yaml”. “suffix” is an optional string that can be used to determine which patches are applied first alpha-numerically.

Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

Use this key to decrypt the certificate secrets uploaded by init.

Path to a kubeadm configuration file.

For file-based discovery, a file or URL from which to load cluster information.

For token-based discovery, the token used to validate cluster information fetched from the API server.

For token-based discovery, validate that the root CA public key matches this hash (format: “<type>:<value>”).

For token-based discovery, allow joining without —discovery-token-ca-cert-hash pinning.

Don’t apply any changes; just output what would be done.

help for download-certs

Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

If the node should host a new control plane instance, the IP address the API Server will advertise it’s listening on. If not set the default network interface will be used.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

For file-based discovery, a file or URL from which to load cluster information.

For token-based discovery, the token used to validate cluster information fetched from the API server.

For token-based discovery, validate that the root CA public key matches this hash (format: “<type>:<value>”).

For token-based discovery, allow joining without —discovery-token-ca-cert-hash pinning.

Don’t apply any changes; just output what would be done.

help for certs

Specify the node name.

Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

Use this key to decrypt the certificate secrets uploaded by init.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

For file-based discovery, a file or URL from which to load cluster information.

For token-based discovery, the token used to validate cluster information fetched from the API server.

For token-based discovery, validate that the root CA public key matches this hash (format: “<type>:<value>”).

For token-based discovery, allow joining without —discovery-token-ca-cert-hash pinning.

Don’t apply any changes; just output what would be done.

help for kubeconfig

Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

If the node should host a new control plane instance, the IP address the API Server will advertise it’s listening on. If not set the default network interface will be used.

If the node should host a new control plane instance, the port for the API Server to bind to.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

Don’t apply any changes; just output what would be done.

help for control-plane

Path to a directory that contains files named “target[suffix][+patchtype].extension”. For example, “kube-apiserver0+merge.yaml” or just “etcd.json”. “target” can be one of “kube-apiserver”, “kube-controller-manager”, “kube-scheduler”, “etcd”, “kubeletconfiguration”. “patchtype” can be one of “strategic”, “merge” or “json” and they match the patch formats supported by kubectl. The default “patchtype” is “strategic”. “extension” must be either “json” or “yaml”. “suffix” is an optional string that can be used to determine which patches are applied first alpha-numerically.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

Path to a kubeadm configuration file.

For file-based discovery, a file or URL from which to load cluster information.

For token-based discovery, the token used to validate cluster information fetched from the API server.

For token-based discovery, validate that the root CA public key matches this hash (format: “<type>:<value>”).

For token-based discovery, allow joining without —discovery-token-ca-cert-hash pinning.

Don’t apply any changes; just output what would be done.

help for kubelet-start

Specify the node name.

Path to a directory that contains files named “target[suffix][+patchtype].extension”. For example, “kube-apiserver0+merge.yaml” or just “etcd.json”. “target” can be one of “kube-apiserver”, “kube-controller-manager”, “kube-scheduler”, “etcd”, “kubeletconfiguration”. “patchtype” can be one of “strategic”, “merge” or “json” and they match the patch formats supported by kubectl. The default “patchtype” is “strategic”. “extension” must be either “json” or “yaml”. “suffix” is an optional string that can be used to determine which patches are applied first alpha-numerically.

Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.

Use this token for both discovery-token and tls-bootstrap-token when those values are not provided.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

If the node should host a new control plane instance, the IP address the API Server will advertise it’s listening on. If not set the default network interface will be used.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

Don’t apply any changes; just output what would be done.

help for all

Specify the node name.

Path to a directory that contains files named “target[suffix][+patchtype].extension”. For example, “kube-apiserver0+merge.yaml” or just “etcd.json”. “target” can be one of “kube-apiserver”, “kube-controller-manager”, “kube-scheduler”, “etcd”, “kubeletconfiguration”. “patchtype” can be one of “strategic”, “merge” or “json” and they match the patch formats supported by kubectl. The default “patchtype” is “strategic”. “extension” must be either “json” or “yaml”. “suffix” is an optional string that can be used to determine which patches are applied first alpha-numerically.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

If the node should host a new control plane instance, the IP address the API Server will advertise it’s listening on. If not set the default network interface will be used.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

Don’t apply any changes; just output what would be done.

help for etcd

Specify the node name.

Path to a directory that contains files named “target[suffix][+patchtype].extension”. For example, “kube-apiserver0+merge.yaml” or just “etcd.json”. “target” can be one of “kube-apiserver”, “kube-controller-manager”, “kube-scheduler”, “etcd”, “kubeletconfiguration”. “patchtype” can be one of “strategic”, “merge” or “json” and they match the patch formats supported by kubectl. The default “patchtype” is “strategic”. “extension” must be either “json” or “yaml”. “suffix” is an optional string that can be used to determine which patches are applied first alpha-numerically.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

If the node should host a new control plane instance, the IP address the API Server will advertise it’s listening on. If not set the default network interface will be used.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

help for update-status

Specify the node name.

[EXPERIMENTAL] The path to the ‘real’ host root filesystem.

Path to a kubeadm configuration file.

Create a new control plane instance on this node

Don’t apply any changes; just output what would be done.

help for mark-control-plane

Specify the node name.