语法

[10:03:54 root@ceshi-01 ~ $]kubeadm token --help

This command manages bootstrap tokens. It is optional and needed only for advanced use cases.
此命令管理引导令牌。 它是可选的，仅适用于高级用例。

In short, bootstrap tokens are used for establishing bidirectional trust between a client and a server.
简而言之，引导令牌用于在客户端和服务器之间建立双向信任。
A bootstrap token can be used when a client (for example a node that is about to join the cluster) needs
to trust the server it is talking to. 
当客户端（例如即将加入群集的节点）需要信任它正在与之通信的服务器时，可以使用引导令牌。
Then a bootstrap token with the "signing" usage can be used.
然后可以使用具有“签名”用法的引导令牌。
bootstrap tokens can also function as a way to allow short-lived authentication to the API Server
(the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap.
引导令牌还可以作为一种允许对API服务器进行短期身份验证的方法（令牌用作API服务器信任客户端的方式），例如用于执行TLS引导程序。

What is a bootstrap token more exactly?
什么是更准确的引导令牌？
 - It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token".
 - 它是类型为“bootstrap.kubernetes.io/token”的kube-system命名空间中的一个秘密。
 - A bootstrap token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}". The former part is the public token ID,
   while the latter is the Token Secret and it must be kept private at all circumstances!
 - 引导令牌的格式必须为“[a-z0-9] {6}。[a-z0-9] {16}”。 前一部分是公共令牌ID，而后者是令牌机密，必须在任何情况下都保密！
 - The name of the Secret must be named "bootstrap-token-(token-id)".
 - Secret的名称必须命名为“bootstrap-token-（token-id）”。

You can read more about bootstrap tokens here:
您可以在此处阅读有关bootstrap令牌的更多信息：
  https://kubernetes.io/docs/admin/bootstrap-tokens/

用法:
  kubeadm token [flags]
  kubeadm token [command]

可用命令:
  create      Create bootstrap tokens on the server
              在服务器上创建引导令牌
  delete      Delete bootstrap tokens on the server
              删除服务器上的引导令牌
  generate    Generate and print a bootstrap token, but do not create it on the server
              生成并打印引导令牌，但不要在服务器上创建它
  list        List bootstrap tokens on the server
              列出服务器上的引导令牌

Flags:
      --dry-run             Whether to enable dry-run mode or not
                            是否启用干运行模式
  -h, --help                help for token
                            帮助信息
      --kubeconfig string   The kubeconfig file to use when talking to the cluster.
                            与群集通信时使用的kubeconfig文件。
                            If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file. 
                            如果未设置标志，则可以搜索一组标准位置以查找现有的kubeconfig文件。
                            (default "/etc/kubernetes/admin.conf")

Global Flags:
      --log-file string          If non-empty, use this log file
      --log-file-max-size uint   Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --rootfs string            [EXPERIMENTAL] The path to the 'real' host root filesystem.
      --skip-headers             If true, avoid header prefixes in the log messages
      --skip-log-headers         If true, avoid headers when opening log files
  -v, --v Level                  number for the log level verbosity

Use "kubeadm token [command] --help" for more information about a command.