kubeadm: support --discovery token://

cmd/kubeadm/app/cmd/init.go

@@ -216,7 +216,10 @@ func (i *Init) Validate() error {
 func (i *Init) Run(out io.Writer) error {
 
 	if i.cfg.Discovery.Token != nil {
-		if err := kubemaster.CreateTokenAuthFile(i.cfg.Discovery.Token); err != nil {
+		if err := kubemaster.PrepareTokenDiscovery(i.cfg.Discovery.Token); err != nil {
+			return err
+		}
+		if err := kubemaster.CreateTokenAuthFile(kubeadmutil.BearerToken(i.cfg.Discovery.Token)); err != nil {
 			return err
 		}
 	}

cmd/kubeadm/app/master/BUILD

@@ -38,6 +38,7 @@ go_library(
         "//pkg/registry/core/service/ipallocator:go_default_library",
         "//pkg/util/cert:go_default_library",
         "//pkg/util/intstr:go_default_library",
+        "//pkg/util/net:go_default_library",
         "//pkg/util/uuid:go_default_library",
         "//pkg/util/wait:go_default_library",
         "//vendor:github.com/blang/semver",

cmd/kubeadm/app/master/tokens.go

@@ -21,10 +21,13 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"strconv"
 
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	kubeadmapiext "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha1"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
 	cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
+	netutil "k8s.io/kubernetes/pkg/util/net"
 	"k8s.io/kubernetes/pkg/util/uuid"
 )
 
@@ -38,22 +41,32 @@ func generateTokenIfNeeded(d *kubeadmapi.TokenDiscovery) error {
 		return nil
 	}
 	if err := kubeadmutil.GenerateToken(d); err != nil {
-		fmt.Printf("[tokens] Generated token: %q\n", kubeadmutil.BearerToken(d))
-		return nil
-	} else {
 		return err
 	}
+	fmt.Printf("[tokens] Generated token: %q\n", kubeadmutil.BearerToken(d))
+	return nil
 }
 
-func CreateTokenAuthFile(d *kubeadmapi.TokenDiscovery) error {
-	tokenAuthFilePath := path.Join(kubeadmapi.GlobalEnvParams.HostPKIPath, "tokens.csv")
+func PrepareTokenDiscovery(d *kubeadmapi.TokenDiscovery) error {
+	if len(d.Addresses) == 0 {
+		ip, err := netutil.ChooseHostInterface()
+		if err != nil {
+			return err
+		}
+		d.Addresses = []string{ip.String() + ":" + strconv.Itoa(kubeadmapiext.DefaultDiscoveryBindPort)}
+	}
 	if err := generateTokenIfNeeded(d); err != nil {
 		return fmt.Errorf("failed to generate token(s) [%v]", err)
 	}
+	return nil
+}
+
+func CreateTokenAuthFile(bt string) error {
+	tokenAuthFilePath := path.Join(kubeadmapi.GlobalEnvParams.HostPKIPath, "tokens.csv")
 	if err := os.MkdirAll(kubeadmapi.GlobalEnvParams.HostPKIPath, 0700); err != nil {
 		return fmt.Errorf("failed to create directory %q [%v]", kubeadmapi.GlobalEnvParams.HostPKIPath, err)
 	}
-	serialized := []byte(fmt.Sprintf("%s,kubeadm-node-csr,%s,system:kubelet-bootstrap\n", kubeadmutil.BearerToken(d), uuid.NewUUID()))
+	serialized := []byte(fmt.Sprintf("%s,kubeadm-node-csr,%s,system:kubelet-bootstrap\n", bt, uuid.NewUUID()))
 	// DumpReaderToFile create a file with mode 0600
 	if err := cmdutil.DumpReaderToFile(bytes.NewReader(serialized), tokenAuthFilePath); err != nil {
 		return fmt.Errorf("failed to save token auth file (%q) [%v]", tokenAuthFilePath, err)

cmd/kubeadm/app/master/tokens_test.go

@@ -50,10 +50,10 @@ func TestValidTokenPopulatesSecrets(t *testing.T) {
 		if err != nil {
 			t.Errorf("generateTokenIfNeeded gave an error for a valid token: %v", err)
 		}
-		if s.ID != "" {
+		if s.ID == "" {
 			t.Errorf("generateTokenIfNeeded did not populate the TokenID correctly; expected ID to be non-empty")
 		}
-		if s.Secret != "" {
+		if s.Secret == "" {
 			t.Errorf("generateTokenIfNeeded did not populate the Token correctly; expected Secret to be non-empty")
 		}
 	})

cmd/kubeadm/app/util/tokens.go

@@ -77,6 +77,12 @@ func BearerToken(d *kubeadmapi.TokenDiscovery) string {
 }
 
 func IsTokenValid(d *kubeadmapi.TokenDiscovery) (bool, error) {
+	if len(d.ID)+len(d.Secret) == 0 {
+		return false, nil
+	}
+	if _, _, err := ParseToken(d.ID + "." + d.Secret); err != nil {
+		return false, err
+	}
 	return true, nil
 }