-
Vladimir Kochnev authored
Having separate tokens for server and agent nodes is a nice feature. However, passing server's plain `K3S_AGENT_TOKEN` value to `k3s agent --token` without CA hash is insecure when CA is self-signed, and k3s warns about it in the logs: ``` Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation. ``` Okay so I need CA hash but where should I get it? This commit attempts to fix this issue by saving agent token value to `agent-token` file with CA hash appended. Signed-off-by:
Vladimir Kochnev <hashtable@yandex.ru> (cherry picked from commit 13af0b1d) Signed-off-by:
Brad Davidson <brad.davidson@rancher.com>
4e72947f
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| auth.go | ||
| context.go | ||
| etcd.go | ||
| router.go | ||
| secrets-encrypt.go | ||
| server.go | ||
| types.go |