Implement kubeadm bootstrap token management.

Adds kubeadm subcommands to create, list, and delete bootstrap tokens. Tokens can be created with a TTL duration, or 0 for tokens that will not expire. The create command can also be used to specify your own token (for use when bootstrapping masters and nodes in parallel), or update an existing token's secret or ttl. Marked "ex" for experimental for now as the boostrap controllers are not yet hooked up in core.
2025-11-01 10:48:15 +00:00 · 2016-10-21 14:48:06 -03:00
parent 2b0a1f2b11
commit bfe345dd86
13 changed files with 306 additions and 51 deletions
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@@ -3249,6 +3249,9 @@ const (
 	// - Secret.Data["token"] - a token that identifies the service account to the API
 	SecretTypeServiceAccountToken SecretType = "kubernetes.io/service-account-token"

+	// SecretTypeBootstrapToken is the key for tokens used by kubeadm to validate cluster info during discovery.
+	SecretTypeBootstrapToken = "bootstrap.kubernetes.io/token"
+
 	// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets
 	ServiceAccountNameKey = "kubernetes.io/service-account.name"
 	// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets