mirror of https://github.com/k3s-io/k3s
0abcd5d51b
Automatic merge from submit-queue (batch tested with PRs 42053, 41282, 42056, 41663, 40927) Update kubeadm token to work as expected **What this PR does / why we need it**: Follows up: https://github.com/kubernetes/kubernetes/pull/41509 Updates `kubeadm token` to work as discussed in https://docs.google.com/document/d/1deJYPIF4LmhGjDVaqrswErIrV7mtwJgovtLnPCDxP7U/edit# Promotes the command from the `ex` subcommand which now is named `alpha` for clarity. (This will later become `kubeadm alpha phase`) **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: Example UX: ```console sudo ./kubeadm token --help This command will manage Bootstrap Token for you. Please note this usage of this command is optional, and mostly for advanced users. In short, Bootstrap Tokens are used for establishing bidirectional trust between a client and a server. A Bootstrap Token can be used when a client (for example a node that's about to join the cluster) needs to trust the server it is talking to. Then a Bootstrap Token with the "signing" usage can be used. Bootstrap Tokens can also function as a way to allow short-lived authentication to the API Server (the token serves as a way for the API Server to trust the client), for example for doing the TLS Bootstrap. What is a Bootstrap Token more exactly? - It is a Secret in the kube-system namespace of type "bootstrap.kubernetes.io/token". - A Bootstrap Token must be of the form "[a-z0-9]{6}.[a-z0-9]{16}"; the former part is the public Token ID, and the latter is the Token Secret, which must be kept private at all circumstances. - The name of the Secret must be named "bootstrap-token-(token-id)". You can read more about Bootstrap Tokens in this proposal: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/bootstrap-discovery.md Usage: kubeadm token [flags] kubeadm token [command] Available Commands: create Create bootstrap tokens on the server. delete Delete bootstrap tokens on the server. generate Generate and print a bootstrap token, but do not create it on the server. list List bootstrap tokens on the server. Flags: --kubeconfig string The KubeConfig file to use for talking to the cluster (default "/etc/kubernetes/admin.conf") Use "kubeadm token [command] --help" for more information about a command. lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION 70c388.41a07b703aa4bedf <forever> <never> authentication,signing The default bootstrap token generated by 'kubeadm init'. lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token create c57e6a.abb75fa1debe555f lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION 70c388.41a07b703aa4bedf <forever> <never> authentication,signing The default bootstrap token generated by 'kubeadm init'. c57e6a.abb75fa1debe555f <forever> <never> authentication,signing <none> lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token create s token ["s"] was not of form ["^([a-z0-9]{6})\\.([a-z0-9]{16})$"] lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token create c57e6a.abb75fa1debe555f a token with id "c57e6a" already exists lucas@THENINJA:~/luxas/kubernetes$ sudo ./kubeadm token delete c57e6a.abb75fa1debe555f bootstrap token with id "c57e6a" deleted ``` **Release note**: ```release-note NONE ``` @dmmcquay @jbeda @mikedanese @errordeveloper @pires |
||
|---|---|---|
| .. | ||
| clicheck | ||
| cloud-controller-manager | ||
| gendocs | ||
| genkubedocs | ||
| genman | ||
| genslateyaml | ||
| genswaggertypedocs | ||
| genutils | ||
| genyaml | ||
| gke-certificates-controller | ||
| hyperkube | ||
| kube-apiserver | ||
| kube-controller-manager | ||
| kube-discovery | ||
| kube-proxy | ||
| kubeadm | ||
| kubectl | ||
| kubelet | ||
| kubemark | ||
| libs/go2idl | ||
| linkcheck | ||
| mungedocs | ||
| BUILD | ||
| OWNERS | ||