語法
[10:03:54 root@ceshi-01 ~ $]kubeadm token --help
This command manages bootstrap tokens. It is optional and needed only for advanced use cases.
此命令管理引導(dǎo)令牌性芬。 它是可選的,僅適用于高級用例增炭。
In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server.
簡而言之常柄,引導(dǎo)令牌用于在客戶端和服務(wù)器之間建立雙向信任竞川。
A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs
to trust the server it is talking to.
當(dāng)客戶端(例如即將加入群集的節(jié)點(diǎn))需要信任它正在與之通信的服務(wù)器時(shí)鲁沥,可以使用引導(dǎo)令牌瘫筐。
Then a bootstrap token with the "signing" usage can be used.
然后可以使用具有“簽名”用法的引導(dǎo)令牌堤魁。
bootstrap tokens can also function as a way to allow short-lived authentication to the API Server
(the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.
引導(dǎo)令牌還可以作為一種允許對API服務(wù)器進(jìn)行短期身份驗(yàn)證的方法(令牌用作API服務(wù)器信任客戶端的方式)喂链,例如用于執(zhí)行TLS引導(dǎo)程序。
What is a bootstrap token more exactly?
什么是更準(zhǔn)確的引導(dǎo)令牌妥泉?
- It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
- 它是類型為“bootstrap.kubernetes.io/token”的kube-system命名空間中的一個(gè)秘密椭微。
- A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
while the latter is the Token Secret and it must be kept private at all circumstances!
- 引導(dǎo)令牌的格式必須為“[a-z0-9] {6}。[a-z0-9] {16}”盲链。 前一部分是公共令牌ID蝇率,而后者是令牌機(jī)密,必須在任何情況下都保密刽沾!
- The name of the Secret must be named "bootstrap-token-(token-id)".
- Secret的名稱必須命名為“bootstrap-token-(token-id)”本慕。
You can read more about bootstrap tokens here:
您可以在此處閱讀有關(guān)bootstrap令牌的更多信息:
https://kubernetes.io/docs/admin/bootstrap-tokens/
用法:
kubeadm token [flags]
kubeadm token [command]
可用命令:
create Create bootstrap tokens on the server
在服務(wù)器上創(chuàng)建引導(dǎo)令牌
delete Delete bootstrap tokens on the server
刪除服務(wù)器上的引導(dǎo)令牌
generate Generate and print a bootstrap token, but do not create it on the server
生成并打印引導(dǎo)令牌,但不要在服務(wù)器上創(chuàng)建它
list List bootstrap tokens on the server
列出服務(wù)器上的引導(dǎo)令牌
Flags:
--dry-run Whether to enable dry-run mode or not
是否啟用干運(yùn)行模式
-h, --help help for token
幫助信息
--kubeconfig string The kubeconfig file to use when talking to the cluster.
與群集通信時(shí)使用的kubeconfig文件侧漓。
If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
如果未設(shè)置標(biāo)志锅尘,則可以搜索一組標(biāo)準(zhǔn)位置以查找現(xiàn)有的kubeconfig文件。
(default "/etc/kubernetes/admin.conf")
Global Flags:
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
-v, --v Level number for the log level verbosity
Use "kubeadm token [command] --help" for more information about a command.