Split bootstrap join token from machine provisioning data #9631
Labels
area/bootstrap
Issues or PRs related to bootstrap providers
kind/feature
Categorizes issue or PR as related to a new feature.
kind/proposal
Issues or PRs related to proposals.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
What would you like to be added (User Story)?
As developers, we want clear separation between bootstrapping (join token) and provisioning (machine startup script) in order to not mix these concerns into what is currently called "bootstrap data secret".
Detailed Description
In #8858, we found that having the bootstrap token, needed to join new nodes, is part of the bootstrap data secret and therefore directly used for spinning up machines such as EC2 instances. For machine pools, the token must be regularly rotated (for security) or refreshed since the cloud provider could start a new machine at any time (example: AWS auto-scaling group creating a new instance) and it should be able to join the cluster. Since the token is rotated regularly, the bootstrap secret also changes at certain intervals (related to, but normally earlier than
DefaultTokenTTL
= 15 minutes). If we can split off retrieval of the bootstrap token from the machine's provisioning data, such as the cloud-init/ignition script, it would help infra providers like CAPA to recognize when something other than the token has changed.Anything else you would like to add?
cc @vincepri
Label(s) to be applied
/kind feature
/area bootstrap
The text was updated successfully, but these errors were encountered: