Skip to content

cks: fix token TTL, set it to never expire#4747

Merged
yadvr merged 1 commit intoapache:4.14from
shapeblue:fix-cks-cluster-token-ttl
Mar 4, 2021
Merged

cks: fix token TTL, set it to never expire#4747
yadvr merged 1 commit intoapache:4.14from
shapeblue:fix-cks-cluster-token-ttl

Conversation

@shwstppr
Copy link
Contributor

@shwstppr shwstppr commented Mar 3, 2021

Description

Fixes #4742

kubeadm init is called with --token-ttl 0
This will allow the token to remain valid forever.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Checked token details after k8s cluster deployment;

Container Linux by CoreOS stable (2303.3.0)
Update Strategy: No Reboots
core@t2-master ~ $ sudo kubadm token list
sudo: kubadm: command not found
core@t2-master ~ $ sudo kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
00dec2.178dc8478dbecfc5   <forever>   <never>                authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token
ul9g7i.jl1ehlghm8apx634   1h          2021-03-03T12:03:15Z   <none>                   Proxy for managing TTL for the kubeadm-certs secret        <none>

@shwstppr
cks: fix token TTL, set it to never expire
a5a9097 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
@shwstppr shwstppr added this to the 4.15.1.0 milestone Mar 3, 2021
@shwstppr shwstppr linked an issue Mar 3, 2021 that may be closed by this pull request
Kubernetes Service: Scaling out after 24 hours from Cluster creation will fail because the Kubeadm Init Token TTL is only 24 hours. #4742
Closed
@shwstppr
Copy link
Contributor Author

shwstppr commented Mar 3, 2021

Explicitly set the base branch to 4.14 in case 4.14.2 is released in future.

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Mar 3, 2021

@shwstppr a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Mar 3, 2021

Packaging result: ✔centos7 ✖centos8 ✔debian. JID-2860

@yadvr
Copy link
Member

yadvr commented Mar 3, 2021

@blueorangutan test

@blueorangutan
Copy link

blueorangutan commented Mar 3, 2021

@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

@blueorangutan
Copy link

blueorangutan commented Mar 4, 2021

Trillian test result (tid-3646)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 32954 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr4747-t3646-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_internal_lb.py
Intermittent failure detected: /marvin/tests/smoke/test_vm_life_cycle.py
Smoke tests completed. 81 look OK, 2 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File
test_04_rvpc_internallb_haproxy_stats_on_all_interfaces Error 190.60 test_internal_lb.py
test_01_migrate_VM_and_root_volume Error 60.69 test_vm_life_cycle.py
test_02_migrate_VM_with_two_data_disks Error 48.77 test_vm_life_cycle.py

Pearl1594
Pearl1594 approved these changes Mar 4, 2021
View reviewed changes
Copy link
Contributor

@Pearl1594 Pearl1594 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM

@blueorangutan
Copy link

blueorangutan commented Mar 4, 2021

Packaging result: ✔️ centos7 ✖️ centos8 ✔️ debian. SL-JID 49

@yadvr yadvr merged commit f893c5c into apache:4.14 Mar 4, 2021
@yadvr yadvr mentioned this pull request Mar 6, 2021
Closed
nlgordon pushed a commit to ippathways/cloudstack that referenced this pull request Aug 2, 2022
@shwstppr @nlgordon
cks: fix token TTL, set it to never expire (apache#4747)
9de609d 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yadvr yadvr yadvr approved these changes

@Pearl1594 Pearl1594 Pearl1594 approved these changes

@weizhouapache weizhouapache weizhouapache approved these changes

@davidjumani davidjumani Awaiting requested review from davidjumani

Assignees

No one assigned

Labels

component:kubernetes type:bug

Projects

None yet

Milestone

4.15.1.0

Development

Successfully merging this pull request may close these issues.

Kubernetes Service: Scaling out after 24 hours from Cluster creation will fail because the Kubeadm Init Token TTL is only 24 hours.

5 participants

@shwstppr @blueorangutan @yadvr @Pearl1594 @weizhouapache