mirror of https://github.com/k3s-io/k3s
kubeadm graduate bootstrap-token phase
Yago Nobre
parent
e4c5d451db
commit
e743f0e475
|
|
@ -38,7 +38,6 @@ go_library(
|
|||
"//cmd/kubeadm/app/images:go_default_library",
|
||||
"//cmd/kubeadm/app/phases/addons/dns:go_default_library",
|
||||
"//cmd/kubeadm/app/phases/addons/proxy:go_default_library",
|
||||
"//cmd/kubeadm/app/phases/bootstraptoken/clusterinfo:go_default_library",
|
||||
"//cmd/kubeadm/app/phases/bootstraptoken/node:go_default_library",
|
||||
"//cmd/kubeadm/app/phases/certs:go_default_library",
|
||||
"//cmd/kubeadm/app/phases/controlplane:go_default_library",
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@ func newCmdPhase(out io.Writer) *cobra.Command {
|
|||
}
|
||||
|
||||
cmd.AddCommand(phases.NewCmdAddon())
|
||||
cmd.AddCommand(phases.NewCmdBootstrapToken())
|
||||
cmd.AddCommand(phases.NewCmdMarkMaster())
|
||||
cmd.AddCommand(phases.NewCmdSelfhosting())
|
||||
|
||||
|
|
|
|||
|
|
@ -44,8 +44,6 @@ import (
|
|||
"k8s.io/kubernetes/cmd/kubeadm/app/features"
|
||||
dnsaddonphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns"
|
||||
proxyaddonphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy"
|
||||
clusterinfophase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
|
||||
nodebootstraptokenphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
|
||||
certsphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
|
||||
kubeconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
|
||||
kubeletphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubelet"
|
||||
|
|
@ -182,6 +180,7 @@ func NewCmdInit(out io.Writer) *cobra.Command {
|
|||
initRunner.AppendPhase(phases.NewEtcdPhase())
|
||||
initRunner.AppendPhase(phases.NewWaitControlPlanePhase())
|
||||
initRunner.AppendPhase(phases.NewUploadConfigPhase())
|
||||
initRunner.AppendPhase(phases.NewBootstrapTokenPhase())
|
||||
// TODO: add other phases to the runner.
|
||||
|
||||
// sets the data builder function, that will be used by the runner
|
||||
|
|
@ -505,51 +504,6 @@ func runInit(i *initData, out io.Writer) error {
|
|||
}
|
||||
}
|
||||
|
||||
// PHASE 5: Set up the node bootstrap tokens
|
||||
tokens := []string{}
|
||||
for _, bt := range i.cfg.BootstrapTokens {
|
||||
tokens = append(tokens, bt.Token.String())
|
||||
}
|
||||
if !i.skipTokenPrint {
|
||||
if len(tokens) == 1 {
|
||||
fmt.Printf("[bootstraptoken] using token: %s\n", tokens[0])
|
||||
} else if len(tokens) > 1 {
|
||||
fmt.Printf("[bootstraptoken] using tokens: %v\n", tokens)
|
||||
}
|
||||
}
|
||||
|
||||
// Create the default node bootstrap token
|
||||
glog.V(1).Infof("[init] creating RBAC rules to generate default bootstrap token")
|
||||
if err := nodebootstraptokenphase.UpdateOrCreateTokens(client, false, i.cfg.BootstrapTokens); err != nil {
|
||||
return errors.Wrap(err, "error updating or creating token")
|
||||
}
|
||||
// Create RBAC rules that makes the bootstrap tokens able to post CSRs
|
||||
glog.V(1).Infof("[init] creating RBAC rules to allow bootstrap tokens to post CSR")
|
||||
if err := nodebootstraptokenphase.AllowBootstrapTokensToPostCSRs(client); err != nil {
|
||||
return errors.Wrap(err, "error allowing bootstrap tokens to post CSRs")
|
||||
}
|
||||
// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
|
||||
glog.V(1).Infof("[init] creating RBAC rules to automatic approval of CSRs automatically")
|
||||
if err := nodebootstraptokenphase.AutoApproveNodeBootstrapTokens(client); err != nil {
|
||||
return errors.Wrap(err, "error auto-approving node bootstrap tokens")
|
||||
}
|
||||
|
||||
// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
|
||||
glog.V(1).Infof("[init] creating/updating RBAC rules for rotating certificate")
|
||||
if err := nodebootstraptokenphase.AutoApproveNodeCertificateRotation(client); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Create the cluster-info ConfigMap with the associated RBAC rules
|
||||
glog.V(1).Infof("[init] creating bootstrap configmap")
|
||||
if err := clusterinfophase.CreateBootstrapConfigMapIfNotExists(client, adminKubeConfigPath); err != nil {
|
||||
return errors.Wrap(err, "error creating bootstrap configmap")
|
||||
}
|
||||
glog.V(1).Infof("[init] creating ClusterInfo RBAC rules")
|
||||
if err := clusterinfophase.CreateClusterInfoRBACRules(client); err != nil {
|
||||
return errors.Wrap(err, "error creating clusterinfo RBAC rules")
|
||||
}
|
||||
|
||||
glog.V(1).Infof("[init] ensuring DNS addon")
|
||||
if err := dnsaddonphase.EnsureDNSAddon(i.cfg, client); err != nil {
|
||||
return errors.Wrap(err, "error ensuring dns addon")
|
||||
|
|
@ -578,7 +532,7 @@ func runInit(i *initData, out io.Writer) error {
|
|||
}
|
||||
|
||||
// Prints the join command, multiple times in case the user has multiple tokens
|
||||
for _, token := range tokens {
|
||||
for _, token := range i.Tokens() {
|
||||
if err := printJoinCommand(out, adminKubeConfigPath, token, i.skipTokenPrint); err != nil {
|
||||
return errors.Wrap(err, "failed to print join command")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,12 +54,10 @@ go_library(
|
|||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
|
||||
"//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
|
||||
"//vendor/github.com/golang/glog:go_default_library",
|
||||
"//vendor/github.com/pkg/errors:go_default_library",
|
||||
"//vendor/github.com/renstrom/dedent:go_default_library",
|
||||
"//vendor/github.com/spf13/cobra:go_default_library",
|
||||
"//vendor/github.com/spf13/pflag:go_default_library",
|
||||
"//vendor/k8s.io/utils/exec:go_default_library",
|
||||
],
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
@ -18,316 +18,106 @@ package phases
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/spf13/pflag"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
|
||||
kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
|
||||
kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation"
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
|
||||
cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
|
||||
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
|
||||
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
||||
configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config"
|
||||
kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
|
||||
clusterinfophase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
|
||||
nodebootstraptokenphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
|
||||
"k8s.io/kubernetes/pkg/util/normalizer"
|
||||
)
|
||||
|
||||
var (
|
||||
allTokenLongDesc = normalizer.LongDesc(`
|
||||
bootstrapTokenLongDesc = normalizer.LongDesc(`
|
||||
Bootstrap tokens are used for establishing bidirectional trust between a node joining
|
||||
the cluster and a the master node.
|
||||
|
||||
This command makes all the configurations required to make bootstrap tokens works
|
||||
and then creates an initial token.
|
||||
` + cmdutil.AlphaDisclaimer)
|
||||
|
||||
allTokenExamples = normalizer.Examples(`
|
||||
# Makes all the bootstrap token configurations and creates an initial token, functionally
|
||||
# equivalent to what generated by kubeadm init.
|
||||
kubeadm alpha phase bootstrap-token all
|
||||
`)
|
||||
|
||||
createTokenLongDesc = normalizer.LongDesc(`
|
||||
Creates a bootstrap token. If no token value is given, kubeadm will generate a random token instead.
|
||||
|
||||
Alternatively, you can use kubeadm token.
|
||||
` + cmdutil.AlphaDisclaimer)
|
||||
|
||||
clusterInfoLongDesc = fmt.Sprintf(normalizer.LongDesc(`
|
||||
Uploads the %q ConfigMap in the %q namespace, populating it with cluster information extracted from the
|
||||
given kubeconfig file. The ConfigMap is used for the node bootstrap process in its initial phases,
|
||||
before the client trusts the API server.
|
||||
|
||||
See online documentation about Authenticating with Bootstrap Tokens for more details.
|
||||
`+cmdutil.AlphaDisclaimer), bootstrapapi.ConfigMapClusterInfo, metav1.NamespacePublic)
|
||||
|
||||
nodePostCSRsLongDesc = normalizer.LongDesc(`
|
||||
Configures RBAC rules to allow node bootstrap tokens to post a certificate signing request,
|
||||
thus enabling nodes joining the cluster to request long term certificate credentials.
|
||||
|
||||
See online documentation about TLS bootstrapping for more details.
|
||||
` + cmdutil.AlphaDisclaimer)
|
||||
|
||||
nodeAutoApproveLongDesc = normalizer.LongDesc(`
|
||||
Configures RBAC rules to allow the csrapprover controller to automatically approve
|
||||
certificate signing requests generated by nodes joining the cluster.
|
||||
It configures also RBAC rules for certificates rotation (with auto approval of new certificates).
|
||||
|
||||
See online documentation about TLS bootstrapping for more details.
|
||||
` + cmdutil.AlphaDisclaimer)
|
||||
bootstrapTokenExamples = normalizer.Examples(`
|
||||
# Makes all the bootstrap token configurations and creates an initial token, functionally
|
||||
# equivalent to what generated by kubeadm init.
|
||||
kubeadm init phase bootstrap-token
|
||||
`)
|
||||
)
|
||||
|
||||
// NewCmdBootstrapToken returns the Cobra command for running the mark-master phase
|
||||
func NewCmdBootstrapToken() *cobra.Command {
|
||||
kubeConfigFile := kubeadmconstants.GetAdminKubeConfigPath()
|
||||
type bootstrapTokenData interface {
|
||||
Cfg() *kubeadmapi.InitConfiguration
|
||||
Client() (clientset.Interface, error)
|
||||
KubeConfigDir() string
|
||||
SkipTokenPrint() bool
|
||||
Tokens() []string
|
||||
}
|
||||
|
||||
cmd := &cobra.Command{
|
||||
Use: "bootstrap-token",
|
||||
Short: "Manage kubeadm-specific bootstrap token functions",
|
||||
Long: cmdutil.MacroCommandLongDescription,
|
||||
// NewBootstrapTokenPhase returns the phase to boostrapToken
|
||||
func NewBootstrapTokenPhase() workflow.Phase {
|
||||
return workflow.Phase{
|
||||
Name: "bootstrap-token",
|
||||
Aliases: []string{"bootstraptoken"},
|
||||
}
|
||||
|
||||
options.AddKubeConfigFlag(cmd.PersistentFlags(), &kubeConfigFile)
|
||||
|
||||
// Add subcommands
|
||||
kubeConfigFile = cmdutil.FindExistingKubeConfig(kubeConfigFile)
|
||||
cmd.AddCommand(NewSubCmdBootstrapTokenAll(&kubeConfigFile))
|
||||
cmd.AddCommand(NewSubCmdBootstrapToken(&kubeConfigFile))
|
||||
cmd.AddCommand(NewSubCmdClusterInfo(&kubeConfigFile))
|
||||
cmd.AddCommand(NewSubCmdNodeBootstrapToken(&kubeConfigFile))
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
// NewSubCmdBootstrapTokenAll returns the Cobra command for running the token all sub-phase
|
||||
func NewSubCmdBootstrapTokenAll(kubeConfigFile *string) *cobra.Command {
|
||||
cfg := &kubeadmapiv1beta1.InitConfiguration{}
|
||||
|
||||
// Default values for the cobra help text
|
||||
kubeadmscheme.Scheme.Default(cfg)
|
||||
|
||||
var cfgPath string
|
||||
var skipTokenPrint bool
|
||||
bto := options.NewBootstrapTokenOptions()
|
||||
|
||||
cmd := &cobra.Command{
|
||||
Use: "all",
|
||||
Short: "Makes all the bootstrap token configurations and creates an initial token",
|
||||
Long: allTokenLongDesc,
|
||||
Example: allTokenExamples,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
err := validation.ValidateMixedArguments(cmd.Flags())
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
err = bto.ApplyTo(cfg)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Creates the bootstap token
|
||||
err = createBootstrapToken(*kubeConfigFile, client, cfgPath, cfg, skipTokenPrint)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create the cluster-info ConfigMap or update if it already exists
|
||||
err = clusterinfo.CreateBootstrapConfigMapIfNotExists(client, *kubeConfigFile)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create the RBAC rules that expose the cluster-info ConfigMap properly
|
||||
err = clusterinfo.CreateClusterInfoRBACRules(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create RBAC rules that makes the bootstrap tokens able to post CSRs
|
||||
err = node.AllowBootstrapTokensToPostCSRs(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
|
||||
err = node.AutoApproveNodeBootstrapTokens(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
|
||||
err = node.AutoApproveNodeCertificateRotation(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
Short: bootstrapTokenLongDesc,
|
||||
Long: bootstrapTokenExamples,
|
||||
CmdFlags: []string{
|
||||
options.CfgPath,
|
||||
options.KubeconfigDir,
|
||||
options.SkipTokenPrint,
|
||||
},
|
||||
Run: runBoostrapToken,
|
||||
}
|
||||
}
|
||||
|
||||
func runBoostrapToken(c workflow.RunData) error {
|
||||
data, ok := c.(bootstrapTokenData)
|
||||
if !ok {
|
||||
return errors.New("bootstrap-token phase invoked with an invalid data struct")
|
||||
}
|
||||
|
||||
// Adds flags to the command
|
||||
addGenericFlags(cmd.Flags(), &cfgPath, &skipTokenPrint)
|
||||
bto.AddTokenFlag(cmd.Flags())
|
||||
bto.AddTTLFlag(cmd.Flags())
|
||||
bto.AddUsagesFlag(cmd.Flags())
|
||||
bto.AddGroupsFlag(cmd.Flags())
|
||||
bto.AddDescriptionFlag(cmd.Flags())
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
// NewSubCmdBootstrapToken returns the Cobra command for running the create token phase
|
||||
func NewSubCmdBootstrapToken(kubeConfigFile *string) *cobra.Command {
|
||||
cfg := &kubeadmapiv1beta1.InitConfiguration{}
|
||||
|
||||
// Default values for the cobra help text
|
||||
kubeadmscheme.Scheme.Default(cfg)
|
||||
|
||||
var cfgPath string
|
||||
var skipTokenPrint bool
|
||||
bto := options.NewBootstrapTokenOptions()
|
||||
|
||||
cmd := &cobra.Command{
|
||||
Use: "create",
|
||||
Short: "Creates a bootstrap token to be used for node joining",
|
||||
Long: createTokenLongDesc,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
err := validation.ValidateMixedArguments(cmd.Flags())
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
err = bto.ApplyTo(cfg)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
err = createBootstrapToken(*kubeConfigFile, client, cfgPath, cfg, skipTokenPrint)
|
||||
kubeadmutil.CheckErr(err)
|
||||
},
|
||||
}
|
||||
|
||||
// Adds flags to the command
|
||||
addGenericFlags(cmd.Flags(), &cfgPath, &skipTokenPrint)
|
||||
bto.AddTokenFlag(cmd.Flags())
|
||||
bto.AddTTLFlag(cmd.Flags())
|
||||
bto.AddUsagesFlag(cmd.Flags())
|
||||
bto.AddGroupsFlag(cmd.Flags())
|
||||
bto.AddDescriptionFlag(cmd.Flags())
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
// NewSubCmdClusterInfo returns the Cobra command for running the cluster-info sub-phase
|
||||
func NewSubCmdClusterInfo(kubeConfigFile *string) *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "cluster-info",
|
||||
Short: "Uploads the cluster-info ConfigMap from the given kubeconfig file",
|
||||
Long: clusterInfoLongDesc,
|
||||
Aliases: []string{"clusterinfo"},
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create the cluster-info ConfigMap or update if it already exists
|
||||
err = clusterinfo.CreateBootstrapConfigMapIfNotExists(client, *kubeConfigFile)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create the RBAC rules that expose the cluster-info ConfigMap properly
|
||||
err = clusterinfo.CreateClusterInfoRBACRules(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
},
|
||||
}
|
||||
return cmd
|
||||
}
|
||||
|
||||
// NewSubCmdNodeBootstrapToken returns the Cobra command for running the node sub-phase
|
||||
func NewSubCmdNodeBootstrapToken(kubeConfigFile *string) *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "node",
|
||||
Short: "Configures the node bootstrap process",
|
||||
Aliases: []string{"clusterinfo"},
|
||||
Long: cmdutil.MacroCommandLongDescription,
|
||||
}
|
||||
|
||||
cmd.AddCommand(NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile))
|
||||
cmd.AddCommand(NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile))
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
// NewSubCmdNodeBootstrapTokenPostCSRs returns the Cobra command for running the allow-post-csrs sub-phase
|
||||
func NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile *string) *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "allow-post-csrs",
|
||||
Short: "Configures RBAC to allow node bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials",
|
||||
Long: nodePostCSRsLongDesc,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create RBAC rules that makes the bootstrap tokens able to post CSRs
|
||||
err = node.AllowBootstrapTokensToPostCSRs(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
},
|
||||
}
|
||||
return cmd
|
||||
}
|
||||
|
||||
// NewSubCmdNodeBootstrapTokenAutoApprove returns the Cobra command for running the allow-auto-approve sub-phase
|
||||
func NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile *string) *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "allow-auto-approve",
|
||||
Short: "Configures RBAC rules to allow the csrapprover controller automatically approve CSRs from a node bootstrap token",
|
||||
Long: nodeAutoApproveLongDesc,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
|
||||
err = node.AutoApproveNodeBootstrapTokens(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
|
||||
// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
|
||||
err = node.AutoApproveNodeCertificateRotation(client)
|
||||
kubeadmutil.CheckErr(err)
|
||||
},
|
||||
}
|
||||
return cmd
|
||||
}
|
||||
|
||||
func addGenericFlags(flagSet *pflag.FlagSet, cfgPath *string, skipTokenPrint *bool) {
|
||||
flagSet.StringVar(
|
||||
cfgPath, "config", *cfgPath,
|
||||
"Path to kubeadm config file. WARNING: Usage of a configuration file is experimental",
|
||||
)
|
||||
flagSet.BoolVar(
|
||||
skipTokenPrint, "skip-token-print", *skipTokenPrint,
|
||||
"Skip printing of the bootstrap token",
|
||||
)
|
||||
}
|
||||
|
||||
func createBootstrapToken(kubeConfigFile string, client clientset.Interface, cfgPath string, cfg *kubeadmapiv1beta1.InitConfiguration, skipTokenPrint bool) error {
|
||||
// KubernetesVersion is not used, but we set it explicitly to avoid the lookup
|
||||
// of the version from the internet when executing ConfigFileAndDefaultsToInternalConfig
|
||||
SetKubernetesVersion(cfg)
|
||||
|
||||
// This call returns the ready-to-use configuration based on the configuration file that might or might not exist and the default cfg populated by flags
|
||||
internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfgPath, cfg)
|
||||
client, err := data.Client()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
glog.V(1).Infoln("[bootstraptoken] creating/updating token")
|
||||
// Creates or updates the token
|
||||
if err := node.UpdateOrCreateTokens(client, false, internalcfg.BootstrapTokens); err != nil {
|
||||
if !data.SkipTokenPrint() {
|
||||
tokens := data.Tokens()
|
||||
if len(tokens) == 1 {
|
||||
fmt.Printf("[bootstrap-token] Using token: %s\n", tokens[0])
|
||||
} else if len(tokens) > 1 {
|
||||
fmt.Printf("[bootstrap-token] Using tokens: %v\n", tokens)
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Println("[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles")
|
||||
// Create the default node bootstrap token
|
||||
if err := nodebootstraptokenphase.UpdateOrCreateTokens(client, false, data.Cfg().BootstrapTokens); err != nil {
|
||||
return errors.Wrap(err, "error updating or creating token")
|
||||
}
|
||||
// Create RBAC rules that makes the bootstrap tokens able to post CSRs
|
||||
if err := nodebootstraptokenphase.AllowBootstrapTokensToPostCSRs(client); err != nil {
|
||||
return errors.Wrap(err, "error allowing bootstrap tokens to post CSRs")
|
||||
}
|
||||
// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
|
||||
if err := nodebootstraptokenphase.AutoApproveNodeBootstrapTokens(client); err != nil {
|
||||
return errors.Wrap(err, "error auto-approving node bootstrap tokens")
|
||||
}
|
||||
|
||||
// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
|
||||
if err := nodebootstraptokenphase.AutoApproveNodeCertificateRotation(client); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Println("[bootstraptoken] bootstrap token created")
|
||||
fmt.Println("[bootstraptoken] you can now join any number of machines by running:")
|
||||
|
||||
if len(internalcfg.BootstrapTokens) > 0 {
|
||||
joinCommand, err := cmdutil.GetJoinCommand(kubeConfigFile, internalcfg.BootstrapTokens[0].Token.String(), skipTokenPrint)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to get join command")
|
||||
}
|
||||
fmt.Println(joinCommand)
|
||||
// Create the cluster-info ConfigMap with the associated RBAC rules
|
||||
adminKubeConfigPath := filepath.Join(data.KubeConfigDir(), kubeadmconstants.AdminKubeConfigFileName)
|
||||
if err := clusterinfophase.CreateBootstrapConfigMapIfNotExists(client, adminKubeConfigPath); err != nil {
|
||||
return errors.Wrap(err, "error creating bootstrap ConfigMap")
|
||||
}
|
||||
if err := clusterinfophase.CreateClusterInfoRBACRules(client); err != nil {
|
||||
return errors.Wrap(err, "error creating clusterinfo RBAC rules")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,13 +27,6 @@ docs/admin/kubeadm_alpha_phase_addon.md
|
|||
docs/admin/kubeadm_alpha_phase_addon_all.md
|
||||
docs/admin/kubeadm_alpha_phase_addon_coredns.md
|
||||
docs/admin/kubeadm_alpha_phase_addon_kube-proxy.md
|
||||
docs/admin/kubeadm_alpha_phase_bootstrap-token.md
|
||||
docs/admin/kubeadm_alpha_phase_bootstrap-token_all.md
|
||||
docs/admin/kubeadm_alpha_phase_bootstrap-token_cluster-info.md
|
||||
docs/admin/kubeadm_alpha_phase_bootstrap-token_create.md
|
||||
docs/admin/kubeadm_alpha_phase_bootstrap-token_node.md
|
||||
docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md
|
||||
docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md
|
||||
docs/admin/kubeadm_alpha_phase_mark-master.md
|
||||
docs/admin/kubeadm_alpha_phase_selfhosting.md
|
||||
docs/admin/kubeadm_alpha_phase_selfhosting_convert-from-staticpods.md
|
||||
|
|
@ -54,6 +47,7 @@ docs/admin/kubeadm_config_upload_from-flags.md
|
|||
docs/admin/kubeadm_config_view.md
|
||||
docs/admin/kubeadm_init.md
|
||||
docs/admin/kubeadm_init_phase.md
|
||||
docs/admin/kubeadm_init_phase_bootstrap-token.md
|
||||
docs/admin/kubeadm_init_phase_certs.md
|
||||
docs/admin/kubeadm_init_phase_certs_apiserver-etcd-client.md
|
||||
docs/admin/kubeadm_init_phase_certs_apiserver-kubelet-client.md
|
||||
|
|
@ -123,13 +117,6 @@ docs/man/man1/kubeadm-alpha-phase-addon-all.1
|
|||
docs/man/man1/kubeadm-alpha-phase-addon-coredns.1
|
||||
docs/man/man1/kubeadm-alpha-phase-addon-kube-proxy.1
|
||||
docs/man/man1/kubeadm-alpha-phase-addon.1
|
||||
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-all.1
|
||||
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-cluster-info.1
|
||||
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-create.1
|
||||
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-auto-approve.1
|
||||
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-post-csrs.1
|
||||
docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node.1
|
||||
docs/man/man1/kubeadm-alpha-phase-bootstrap-token.1
|
||||
docs/man/man1/kubeadm-alpha-phase-mark-master.1
|
||||
docs/man/man1/kubeadm-alpha-phase-selfhosting-convert-from-staticpods.1
|
||||
docs/man/man1/kubeadm-alpha-phase-selfhosting.1
|
||||
|
|
@ -151,6 +138,7 @@ docs/man/man1/kubeadm-config-upload-from-flags.1
|
|||
docs/man/man1/kubeadm-config-upload.1
|
||||
docs/man/man1/kubeadm-config-view.1
|
||||
docs/man/man1/kubeadm-config.1
|
||||
docs/man/man1/kubeadm-init-phase-bootstrap-token.1
|
||||
docs/man/man1/kubeadm-init-phase-certs-apiserver-etcd-client.1
|
||||
docs/man/man1/kubeadm-init-phase-certs-apiserver-kubelet-client.1
|
||||
docs/man/man1/kubeadm-init-phase-certs-apiserver.1
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This file is autogenerated, but we've stopped checking such files into the
|
||||
repository to reduce the need for rebases. Please run hack/generate-docs.sh to
|
||||
populate this file.
|
||||
Loading…
Reference in New Issue