func setInitDynamicDefaults(cfg *kubeadmapi.MasterConfiguration) error { // Auto-detect the IP if len(cfg.API.AdvertiseAddresses) == 0 { ip, err := netutil.ChooseHostInterface() if err != nil { return err } cfg.API.AdvertiseAddresses = []string{ip.String()} } // Validate version argument ver, err := kubeadmutil.KubernetesReleaseVersion(cfg.KubernetesVersion) if err != nil { if cfg.KubernetesVersion != kubeadmapiext.DefaultKubernetesVersion { return err } else { ver = kubeadmapiext.DefaultKubernetesFallbackVersion } } cfg.KubernetesVersion = ver fmt.Println("[init] Using Kubernetes version:", ver) // Omit the "v" in the beginning, otherwise semver will fail // If the version is newer than the specified version, RBAC v1beta1 support is enabled in the apiserver so we can default to RBAC k8sVersion, err := semver.Parse(cfg.KubernetesVersion[1:]) if k8sVersion.GT(allowAllMaxVersion) { cfg.AuthorizationMode = "RBAC" } fmt.Println("[init] Using Authorization mode:", cfg.AuthorizationMode) // Warn about the limitations with the current cloudprovider solution. if cfg.CloudProvider != "" { fmt.Println("[init] WARNING: For cloudprovider integrations to work --cloud-provider must be set for all kubelets in the cluster.") fmt.Println("\t(/etc/systemd/system/kubelet.service.d/10-kubeadm.conf should be edited for this purpose)") } // Validate token if any, otherwise generate if cfg.Discovery.Token != nil { if cfg.Discovery.Token.ID != "" && cfg.Discovery.Token.Secret != "" { fmt.Printf("[init] A token has been provided, validating [%s]\n", kubeadmutil.BearerToken(cfg.Discovery.Token)) if valid, err := kubeadmutil.ValidateToken(cfg.Discovery.Token); valid == false { return err } } else { fmt.Println("[init] A token has not been provided, generating one") if err := kubeadmutil.GenerateToken(cfg.Discovery.Token); err != nil { return err } } // If there aren't any addresses specified, default to the first advertised address which can be user-provided or the default network interface's IP address if len(cfg.Discovery.Token.Addresses) == 0 { cfg.Discovery.Token.Addresses = []string{cfg.API.AdvertiseAddresses[0] + ":" + strconv.Itoa(kubeadmapiext.DefaultDiscoveryBindPort)} } } return nil }
func RunGenerateToken(out io.Writer) error { td := &kubeadmapi.TokenDiscovery{} err := kubeadmutil.GenerateToken(td) if err != nil { return err } fmt.Fprintln(out, kubeadmutil.BearerToken(td)) return nil }
func RunGenerateToken(out io.Writer) error { s := &kubeadmapi.Secrets{} err := util.GenerateToken(s) if err != nil { return err } fmt.Fprintln(out, s.GivenToken) return nil }
func generateTokenIfNeeded(d *kubeadmapi.TokenDiscovery) error { ok, err := kubeadmutil.IsTokenValid(d) if err != nil { return err } if ok { fmt.Println("[tokens] Accepted provided token") return nil } if err := kubeadmutil.GenerateToken(d); err != nil { return err } fmt.Printf("[tokens] Generated token: %q\n", kubeadmutil.BearerToken(d)) return nil }
func generateTokenIfNeeded(s *kubeadmapi.Secrets) error { ok, err := kubeadmutil.UseGivenTokenIfValid(s) // TODO(phase1+) @krousey: I know it won't happen with the way it is currently implemented, but this doesn't handle case where ok is true and err is non-nil. if !ok { if err != nil { return err } err = kubeadmutil.GenerateToken(s) if err != nil { return err } fmt.Printf("<master/tokens> generated token: %q\n", s.GivenToken) } else { fmt.Println("<master/tokens> accepted provided token") } return nil }