// RunCreateToken generates a new bootstrap token and stores it as a secret on the server. func RunCreateToken(out io.Writer, cmd *cobra.Command, tokenDuration time.Duration, token string) error { client, err := kubemaster.CreateClientFromFile(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, "admin.conf")) if err != nil { return err } d := &kubeadmapi.TokenDiscovery{} if token != "" { parsedID, parsedSecret, err := kubeadmutil.ParseToken(token) if err != nil { return err } d.ID = parsedID d.Secret = parsedSecret } err = kubeadmutil.GenerateTokenIfNeeded(d) if err != nil { return err } err = kubeadmutil.UpdateOrCreateToken(client, d, tokenDuration) if err != nil { return err } fmt.Fprintln(out, kubeadmutil.BearerToken(d)) return nil }
// RunCreateToken generates a new bootstrap token and stores it as a secret on the server. func RunCreateToken(out io.Writer, cmd *cobra.Command, tokenDuration time.Duration, token string) error { client, err := kubemaster.CreateClientFromFile(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfig.AdminKubeConfigFileName)) if err != nil { return err } parsedID, parsedSecret, err := kubeadmutil.ParseToken(token) if err != nil { return err } td := &kubeadmapi.TokenDiscovery{ID: parsedID, Secret: parsedSecret} err = kubeadmutil.UpdateOrCreateToken(client, td, tokenDuration) if err != nil { return err } fmt.Fprintln(out, kubeadmutil.BearerToken(td)) return nil }
// Run executes master node provisioning, including certificates, needed static pod manifests, etc. func (i *Init) Run(out io.Writer) error { if i.cfg.Discovery.Token != nil { if err := kubemaster.PrepareTokenDiscovery(i.cfg.Discovery.Token); err != nil { return err } if err := kubemaster.CreateTokenAuthFile(kubeadmutil.BearerToken(i.cfg.Discovery.Token)); err != nil { return err } } if err := kubemaster.WriteStaticPodManifests(i.cfg); err != nil { return err } caKey, caCert, err := kubemaster.CreatePKIAssets(i.cfg) if err != nil { return err } kubeconfigs, err := kubemaster.CreateCertsAndConfigForClients(i.cfg.API, []string{"kubelet", "admin"}, caKey, caCert) if err != nil { return err } // kubeadm is responsible for writing the following kubeconfig file, which // kubelet should be waiting for. Help user avoid foot-shooting by refusing to // write a file that has already been written (the kubelet will be up and // running in that case - they'd need to stop the kubelet, remove the file, and // start it again in that case). // TODO(phase1+) this is no longer the right place to guard against foo-shooting, // we need to decide how to handle existing files (it may be handy to support // importing existing files, may be we could even make our command idempotant, // or at least allow for external PKI and stuff) for name, kubeconfig := range kubeconfigs { if err := kubeadmutil.WriteKubeconfigIfNotExists(name, kubeconfig); err != nil { return err } } client, err := kubemaster.CreateClientAndWaitForAPI(kubeconfigs["admin"]) if err != nil { return err } if err := kubemaster.UpdateMasterRoleLabelsAndTaints(client, false); err != nil { return err } if i.cfg.Discovery.Token != nil { fmt.Printf("[token-discovery] Using token: %s\n", kubeadmutil.BearerToken(i.cfg.Discovery.Token)) if err := kubemaster.CreateDiscoveryDeploymentAndSecret(i.cfg, client, caCert); err != nil { return err } if err := kubeadmutil.UpdateOrCreateToken(client, i.cfg.Discovery.Token, kubeadmutil.DefaultTokenDuration); err != nil { return err } } if err := kubemaster.CreateEssentialAddons(i.cfg, client); err != nil { return err } fmt.Fprintf(out, initDoneMsgf, generateJoinArgs(i.cfg)) return nil }
// Run executes master node provisioning, including certificates, needed static pod manifests, etc. func (i *Init) Run(out io.Writer) error { // PHASE 1: Generate certificates caCert, err := certphase.CreatePKIAssets(i.cfg, kubeadmapi.GlobalEnvParams.HostPKIPath) if err != nil { return err } // PHASE 2: Generate kubeconfig files for the admin and the kubelet // TODO this is not great, but there is only one address we can use here // so we'll pick the first one, there is much of chance to have an empty // slice by the time this gets called masterEndpoint := fmt.Sprintf("https://%s:%d", i.cfg.API.AdvertiseAddresses[0], i.cfg.API.Port) err = kubeconfigphase.CreateAdminAndKubeletKubeConfig(masterEndpoint, kubeadmapi.GlobalEnvParams.HostPKIPath, kubeadmapi.GlobalEnvParams.KubernetesDir) if err != nil { return err } // TODO: It's not great to have an exception for token here, but necessary because the apiserver doesn't handle this properly in the API yet // but relies on files on disk for now, which is daunting. if i.cfg.Discovery.Token != nil { if err := kubemaster.CreateTokenAuthFile(kubeadmutil.BearerToken(i.cfg.Discovery.Token)); err != nil { return err } } // Phase 3: Bootstrap the control plane if err := kubemaster.WriteStaticPodManifests(i.cfg); err != nil { return err } client, err := kubemaster.CreateClientAndWaitForAPI(path.Join(kubeadmapi.GlobalEnvParams.KubernetesDir, kubeconfigphase.AdminKubeConfigFileName)) if err != nil { return err } if i.cfg.AuthorizationMode == "RBAC" { err = apiconfig.CreateBootstrapRBACClusterRole(client) if err != nil { return err } err = apiconfig.CreateKubeDNSRBACClusterRole(client) if err != nil { return err } // TODO: remove this when https://github.com/kubernetes/kubeadm/issues/114 is fixed err = apiconfig.CreateKubeProxyClusterRoleBinding(client) if err != nil { return err } } if err := kubemaster.UpdateMasterRoleLabelsAndTaints(client, false); err != nil { return err } if i.cfg.Discovery.Token != nil { fmt.Printf("[token-discovery] Using token: %s\n", kubeadmutil.BearerToken(i.cfg.Discovery.Token)) if err := kubemaster.CreateDiscoveryDeploymentAndSecret(i.cfg, client, caCert); err != nil { return err } if err := kubeadmutil.UpdateOrCreateToken(client, i.cfg.Discovery.Token, kubeadmutil.DefaultTokenDuration); err != nil { return err } } if err := kubemaster.CreateEssentialAddons(i.cfg, client); err != nil { return err } fmt.Fprintf(out, initDoneMsgf, generateJoinArgs(i.cfg)) return nil }