Skip to content

Issue with k8s.io/docs/reference/setup-tools/kubeadm/kubeadm-join/ giving insecure advice #16538

Closed
#16557
Closed
Issue with k8s.io/docs/reference/setup-tools/kubeadm/kubeadm-join/ giving insecure advice#16538
#16557
Assignees
neolit123
Labels
priority/backlogHigher priority than priority/awaiting-more-evidence.sig/cluster-lifecycleCategorizes an issue or PR as relevant to SIG Cluster Lifecycle.
@arianvp

Description

@arianvp
arianvp
opened on Sep 24, 2019

This is a Bug Report

Problem:

The docs mentions (emphasis mine)

Requires that you have some way to carry the discovery information from the control-plane node to the bootstrapping nodes. This might be possible, for example, via your cloud provider or provisioning tool. The information in this file is not secret, but HTTPS or equivalent is required to ensure its integrity.

But this is not true anymore. if the discovery file contains credentials, then kubeadm will use them. If it doesn't contain credentials an extra --tls-bootstrap-token needs to be provided. As it says a few sentences up:

In case the discovery file does not contain credentials, the TLS discovery token will be used.

Proposed Solution:

Either remove the part about the file not being secret. Or mention very clearly that if you put credentials in the kubeconfig, then you can skip the --tls-bootstrap-token step but you should treat the file as a secret

Page to Update:
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/

Metadata

Metadata

Assignees

Labels

priority/backlogHigher priority than priority/awaiting-more-evidence.sig/cluster-lifecycleCategorizes an issue or PR as relevant to SIG Cluster Lifecycle.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions