Better usability for the join token #519
Comments
|
+1 on something like this. Some riffs on this idea:
|
|
Thanks for tagging me in this. Take a note from the UX of Docker Swarm - at any point you can type in |
|
Also the init output is so heavy you can't really get just the join command and stash it somewhere... currently I'm resorting to |
|
Anyway, what is the way to get that ca-cert-hash right now? Of course, the I managed to get join token with So, before it becomes error, how do I pass that parameter? Thanks for any help! |
|
@zcalusic the current way is to calculate the hash with OpenSSL like this (run on the master or wherever you have a copy of |
|
Thank you @mattmoyer for the hint. Your oneliner worked perfectly. Of course, I must agree that |
|
Agree with |
|
We concluded in the SIG meeting that we're gonna proceed with both kubernetes/kubernetes#55468 and this feature addition. |
|
This was discussed on the November 21, 2017 zoom call; minutes for that call are at https://docs.google.com/document/d/1deJYPIF4LmhGjDVaqrswErIrV7mtwJgovtLnPCDxP7U/edit# |
|
I just had a quick look on this yesterday but haven't worked on it yet :)
If we prefer this one, I think there is already the same logic in bootstrap token create. We can use that here.
I prefer this one personally. But seems like both the two ideas need more context when implementing, e.g., we need MasterConfiguration to get apiserver advertise address. Currently the UPDATE: maybe we can implement both of the ideas? @luxas @mattmoyer |
|
I implemented just the first idea in kubernetes/kubernetes#56185. I'm not opposed to implementing the |
|
Instead of creating a new |
|
I think |
|
I like that idea @luxas. I think we could make it less verbose, I find I'm typing very long flags
|
|
|
Automatic merge from submit-queue (batch tested with PRs 55545, 55548, 55815, 56136, 56185). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: add `--print-join-command` flag for token create. **What this PR does / why we need it**: This change adds a new flag `kubeadm token create --print-join-command`. When this flag is passed, kubeadm prints the full `kubeadm join [...]` command, including the CA certificate hash which is otherwise annoying to calculate. **Which issue(s) this PR fixes** fixes kubernetes/kubeadm#519 **Special notes for your reviewer**: ### Example Output ``` $ kubeadm token create --print-join-command kubeadm join --token 447067.20b55955bd6abe6c 192.168.99.100:8443 --discovery-token-ca-cert-hash sha256:17023a5c90b996e50c514e63e161e46f78be216fd48c0c3df3be67e008b28889 $ kubeadm token create -h [...] --print-join-command Instead of printing only the token, print the full 'kubeadm join' flag needed to join the cluster using the token. [...] ``` I ended up not using the approach suggested by @xiangpengzhao in #56025 (and also by @fabriziopandini) of reusing the `bootstrap-token` phase code, since that code assumes it can load the CA certificates from `/etc/kubernetes`, but that is only true if kubeadm is run on an already-joined node. Instead, I wrote code to pull the CA certificates and server endpoint from the kubeconfig that `kubeadm token create` is called with, since that also contains the data and is available even if, e.g., kubeadm is being run from outside the cluster. **Release note**: ```release-note kubeadm: added `--print-join-command` flag for `kubeadm token create`. ``` /sig cluster-lifecycle /cc @fabriziopandini @xiangpengzhao @luxas
|
Hey, is this done? |
|
@tzurE it's merged but not released yet, it will be part of Kubernetes 1.9 which is scheduled to be released later this week. The new functionality allows you to run this command to join nodes: |
|
nice, thank you. |
|
@tzurE see this comment: #519 (comment) |
|
Hi @mattmoyer The command "kubeadm token create --print-join-command" works great in 1.9. But i am getting NotReady status on my node. I am Using ubuntu 16.04 with k8s 1.9.0. Any suggestions? |
|
@siddharthjoshi745 Deploy a Pod Network like Weave Net (as can be seen in our docs). |
|
How can we output just one value ? Say the token or the discovery token sha, etc.. |
/kind feature
@kubernetes/sig-cli
What happened:
I have discovered that if it is not so easy to add new machines if you do not have original joun string output from kubeadm. "Is there a way to generate the whole join command? I feel like I have to reset the entire cluster to be able to "reach" the magic string" (c) @alexellis
What you expected to happen:
Likewise in Docker Swarm, you can always tell the master to print a copy-pastable join string to add.. or assimilate? more machines.
Example input:
kubeadm token stringExample output:
kubeadm join --token TOK MASTER_IP:6443 --discovery-token-ca-cert-hash sha256:HASHAnything else we need to know?:
You are awesome!
(Follow-up from: kubernetes/kubernetes#41663)
@luxas @mattmoyer @jamiehannaford
The text was updated successfully, but these errors were encountered: