Beispiel #1
0
// RunCreateToken generates a new bootstrap token and stores it as a secret on the server.
func RunCreateToken(out io.Writer, cmd *cobra.Command, tokenDuration time.Duration, token string) error {
	client, err := kubemaster.CreateClientFromFile(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "admin.conf"))
	if err != nil {
		return err
	}

	d := &kubeadmapi.TokenDiscovery{}
	if token != "" {
		parsedID, parsedSecret, err := kubeadmutil.ParseToken(token)
		if err != nil {
			return err
		}
		d.ID = parsedID
		d.Secret = parsedSecret
	}
	err = kubeadmutil.GenerateTokenIfNeeded(d)
	if err != nil {
		return err
	}

	err = kubeadmutil.UpdateOrCreateToken(client, d, tokenDuration)
	if err != nil {
		return err
	}
	fmt.Fprintln(out, kubeadmutil.BearerToken(d))

	return nil
}
Beispiel #2
0
// RunListTokens lists details on all existing bootstrap tokens on the server.
func RunListTokens(out io.Writer, errW io.Writer, cmd *cobra.Command) error {
	client, err := kubemaster.CreateClientFromFile(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.AdminKubeConfigFileName))
	if err != nil {
		return err
	}

	tokenSelector := fields.SelectorFromSet(
		map[string]string{
			api.SecretTypeField: string(api.SecretTypeBootstrapToken),
		},
	)
	listOptions := v1.ListOptions{
		FieldSelector: tokenSelector.String(),
	}

	results, err := client.Secrets(api.NamespaceSystem).List(listOptions)
	if err != nil {
		return fmt.Errorf("failed to list bootstrap tokens [%v]", err)
	}

	w := tabwriter.NewWriter(out, 10, 4, 3, ' ', 0)
	fmt.Fprintln(w, "ID\tTOKEN\tTTL")
	for _, secret := range results.Items {
		tokenId, ok := secret.Data["token-id"]
		if !ok {
			fmt.Fprintf(errW, "[token] bootstrap token has no token-id data: %s\n", secret.Name)
			continue
		}

		tokenSecret, ok := secret.Data["token-secret"]
		if !ok {
			fmt.Fprintf(errW, "[token] bootstrap token has no token-secret data: %s\n", secret.Name)
			continue
		}
		token := fmt.Sprintf("%s.%s", tokenId, tokenSecret)

		// Expiration time is optional, if not specified this implies the token
		// never expires.
		expires := "<never>"
		secretExpiration, ok := secret.Data["expiration"]
		if ok {
			expireTime, err := time.Parse(time.RFC3339, string(secretExpiration))
			if err != nil {
				return fmt.Errorf("error parsing expiry time [%v]", err)
			}
			expires = kubectl.ShortHumanDuration(expireTime.Sub(time.Now()))
		}
		fmt.Fprintf(w, "%s\t%s\t%s\n", tokenId, token, expires)
	}
	w.Flush()

	return nil
}
Beispiel #3
0
// RunDeleteToken removes a bootstrap token from the server.
func RunDeleteToken(out io.Writer, cmd *cobra.Command, tokenId string) error {
	client, err := kubemaster.CreateClientFromFile(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "admin.conf"))
	if err != nil {
		return err
	}

	tokenSecretName := fmt.Sprintf("%s%s", kubeadmutil.BootstrapTokenSecretPrefix, tokenId)
	if err := client.Secrets(api.NamespaceSystem).Delete(tokenSecretName, nil); err != nil {
		return fmt.Errorf("failed to delete bootstrap token [%v]", err)
	}
	fmt.Fprintf(out, "[token] bootstrap token deleted: %s\n", tokenId)

	return nil
}
Beispiel #4
0
// RunCreateToken generates a new bootstrap token and stores it as a secret on the server.
func RunCreateToken(out io.Writer, cmd *cobra.Command, tokenDuration time.Duration, token string) error {
	client, err := kubemaster.CreateClientFromFile(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.AdminKubeConfigFileName))
	if err != nil {
		return err
	}

	parsedID, parsedSecret, err := kubeadmutil.ParseToken(token)
	if err != nil {
		return err
	}
	td := &kubeadmapi.TokenDiscovery{ID: parsedID, Secret: parsedSecret}

	err = kubeadmutil.UpdateOrCreateToken(client, td, tokenDuration)
	if err != nil {
		return err
	}
	fmt.Fprintln(out, kubeadmutil.BearerToken(td))

	return nil
}