Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm init --token-ttl 0 (flag) and tokenTTL: "0" (config) are broken since 1.8.0 #509

Closed
mattmoyer opened this issue Oct 26, 2017 · 4 comments · Fixed by kubernetes/kubernetes#54640
Closed

kubeadm init --token-ttl 0 (flag) and tokenTTL: "0" (config) are broken since 1.8.0 #509

mattmoyer opened this issue Oct 26, 2017 · 4 comments · Fixed by kubernetes/kubernetes#54640
Assignees
@mattmoyer
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
v1.8

Comments

@mattmoyer
Copy link

Is this a BUG REPORT or FEATURE REQUEST?

BUG REPORT (copied from @rhuss's issue filed here kubernetes/kubernetes#5363)

Versions

1.8.0 - up to current master (2017-10-26)

What happened?

When using kubeadm with a token generated by kubeadm token generate in advance, but also when letting kubeadm create the token, a tokenTTL configuration is ignored. The same is true when not using a config file but using kubeadm init --token-ttl 0

What you expected to happen?

I would expect when providing a tokenTTL of 0s that the token does not expire.

How to reproduce it (as minimally and precisely as possible)?

See kubernetes/kubernetes#53637 where @rhuss described this nicely.

Anything else we need to know?

This bug was introduced in kubernetes/kubernetes#48783 when default token TTL was changed.

The API machinery defaulting mechanism doesn't have a way to differentiate between an unset value and a value that's explicitly set to zero.

I did some manual testing on that change, but apparently only for kubeadm token create --ttl 0, which works fine because it doesn't use the MasterConfiguration defaulting mechanism.
@mattmoyer
Copy link
Author

cc @kubernetes/sig-cluster-lifecycle-bugs
/type bug

@mattmoyer mattmoyer mentioned this issue Oct 26, 2017
Closed
@jbeda jbeda mentioned this issue Oct 26, 2017
Closed
@mattmoyer mattmoyer mentioned this issue Oct 26, 2017
Merged
@rhuss
Copy link

rhuss commented Oct 26, 2017

My current workaround is to create an extra token on my own after kubeadm init:

kubeadm init --config /etc/kubernetes/kubeadm.yml
kubeadm token create --ttl 0 --groups system:bootstrappers:kubeadm:default-node-token --description "Bootstrap token which does not expire"

The later token is then used for kubeadm join on the nodes.

@luxas luxas added this to the v1.8 milestone Oct 27, 2017
@luxas luxas added kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Oct 27, 2017
@luxas
Copy link
Member

luxas commented Oct 27, 2017

Thanks @mattmoyer for the bug fix 👏! Approved

@tamalsaha tamalsaha mentioned this issue Nov 2, 2017
Merged
@mattmoyer
Copy link
Author

This is fixed in master and should be in v1.8.3.

@luxas luxas mentioned this issue Nov 18, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattmoyer mattmoyer

Labels
kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
v1.8
Development

Successfully merging a pull request may close this issue.

Fix kubeadm init --token-ttl=0/config tokenTTL: "0". mattmoyer/kubernetes
3 participants
@rhuss @mattmoyer @luxas