mirror of https://github.com/k3s-io/k3s
13af0b1d88
Having separate tokens for server and agent nodes is a nice feature. However, passing server's plain `K3S_AGENT_TOKEN` value to `k3s agent --token` without CA hash is insecure when CA is self-signed, and k3s warns about it in the logs: ``` Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation. ``` Okay so I need CA hash but where should I get it? This commit attempts to fix this issue by saving agent token value to `agent-token` file with CA hash appended. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru> |
||
---|---|---|
.. | ||
auth.go | ||
context.go | ||
etcd.go | ||
router.go | ||
secrets-encrypt.go | ||
server.go | ||
types.go |