mirror of https://github.com/k3s-io/k3s
47f86ddb04
Automatic merge from submit-queue (batch tested with PRs 48572, 48838, 48931, 48783, 47090) kubeadm: change the default bootstrap token TTL to 24 hours **What this PR does / why we need it**: This PR changes the TTL for the default bootstrap token generated by `kubeadm init` (without the `--token-ttl` parameter) and `kubeadm token create` (without the `--ttl` flag). Previously, the default TTL was infinite. After this change it is 24 hours. ~~The reasoning for 2 hours as a default is that it's 1) long enough that someone manually using kubeadm (copy-pasting) shouldn't have any issues and 2) short enough that if something is going to break, it should break while the user/admin is still paying attention to the cluster. I'm open to bikeshedding about the exact value, 2 hours is a bit of a strawman.~~ **Edit: updated this to 24 hours instead of 2 hours.** This is a breaking change if you rely on infinite TTL tokens (e.g., if you had an ASG group of worker nodes). The old behavior is easily restored by passing `--token-ttl 0` to `kubeadm init` or the `--ttl 0` flag to `kubeadm token create`. **Which issue this PR fixes**: fixes https://github.com/kubernetes/kubeadm/issues/343 **Special notes for your reviewer**: This was discussed earlier today in SIG-cluster-lifecycle **Release note**: ```release-note Change the default kubeadm bootstrap token TTL from infinite to 24 hours. This is a breaking change. If you require the old behavior, use `kubeadm init --token-ttl 0` / `kubeadm token create --ttl 0`. ``` cc @jbeda |
||
|---|---|---|
| .. | ||
| app | ||
| test/cmd | ||
| BUILD | ||
| OWNERS | ||
| kubeadm.go | ||