From d35edd4d8b76bf88f1f5df5c3ed82cf0b27a0a69 Mon Sep 17 00:00:00 2001 From: "Alex Ellis (OpenFaaS Ltd)" Date: Fri, 27 Oct 2023 12:14:01 +0100 Subject: [PATCH] Use node-token from an env-var instead of a file This reduces the risk of the resulting file being committed Signed-off-by: Alex Ellis (OpenFaaS Ltd) --- cmd/join.go | 23 ++++++++++++++--------- cmd/plan.go | 14 ++++++++------ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/cmd/join.go b/cmd/join.go index c5f2394..2435a83 100644 --- a/cmd/join.go +++ b/cmd/join.go @@ -66,7 +66,8 @@ func MakeJoin() *cobra.Command { command.Flags().Bool("server", false, "Join the cluster as a server rather than as an agent for the embedded etcd mode") command.Flags().Bool("print-command", false, "Print a command that you can use with SSH to manually recover from an error") - command.Flags().String("node-token-path", "", "prefetched token used by nodes to join the cluster") + command.Flags().String("node-token-path", "", "file containing --node-token") + command.Flags().String("node-token", "", "prefetched token used by nodes to join the cluster") command.Flags().String("k3s-extra-args", "", "Additional arguments to pass to k3s installer, wrapped in quotes (e.g. --k3s-extra-args '--node-taint key=value:NoExecute')") command.Flags().String("k3s-version", "", "Set a version to install, overrides k3s-channel") @@ -86,14 +87,18 @@ func MakeJoin() *cobra.Command { var nodeToken string - nodeTokenPath, _ := command.Flags().GetString("node-token-path") - if len(nodeTokenPath) > 0 { - data, err := os.ReadFile(nodeTokenPath) - if err != nil { - return err + if command.Flags().Changed("node-token") { + nodeToken, _ = command.Flags().GetString("node-token") + } else if command.Flags().Changed("node-token-path") { + nodeTokenPath, _ := command.Flags().GetString("node-token-path") + if len(nodeTokenPath) > 0 { + data, err := os.ReadFile(nodeTokenPath) + if err != nil { + return err + } + + nodeToken = strings.TrimSpace(string(data)) } - - nodeToken = strings.TrimSpace(string(data)) } host, err := command.Flags().GetString("host") @@ -135,7 +140,7 @@ func MakeJoin() *cobra.Command { return err } - fmt.Printf("Agent: %s Server: %s\n", serverHost, host) + fmt.Printf("Joining %s => %s\n", host, serverHost) if len(serverURL) > 0 { fmt.Printf("Server join URL: %s\n", serverURL) } diff --git a/cmd/plan.go b/cmd/plan.go index c8b0b4a..83632d0 100644 --- a/cmd/plan.go +++ b/cmd/plan.go @@ -95,7 +95,7 @@ Input file format, in JSON: for i, host := range hosts { if serversAdded == 0 { - script += `echo ""Setting up primary server 1 + script += `echo "Setting up primary server 1" ` script += fmt.Sprintf(`k3sup install --host %s \ @@ -112,7 +112,7 @@ Input file format, in JSON: script += fmt.Sprintf(` echo "Fetching the server's node-token into memory" -NODE_TOKEN=$(k3sup node-token --host %s --user %s) +export NODE_TOKEN=$(k3sup node-token --host %s --user %s) `, host.IP, user) serversAdded = 1 @@ -120,10 +120,11 @@ NODE_TOKEN=$(k3sup node-token --host %s --user %s) } else if serversAdded < servers { script += fmt.Sprintf("\necho \"Setting up additional server: %d\"\n", serversAdded+1) - script += fmt.Sprintf(`k3sup join --host %s \ + script += fmt.Sprintf(`k3sup join \ +--host %s \ --server-host %s \ --server \ ---node-token-path $NODE_TOKEN \ +--node-token "$NODE_TOKEN" \ --user %s%s%s `, host.IP, primaryServer.IP, user, tlsSanStr, bgStr) @@ -131,9 +132,10 @@ NODE_TOKEN=$(k3sup node-token --host %s --user %s) } else { script += fmt.Sprintf("\necho \"Setting up worker: %d\"\n", (i+1)-serversAdded) - script += fmt.Sprintf(`k3sup join --host %s \ + script += fmt.Sprintf(`k3sup join \ +--host %s \ --server-host %s \ ---node-token-path $NODE_TOKEN \ +--node-token "$NODE_TOKEN" \ --user %s%s `, host.IP, primaryServer.IP, user, bgStr) }