...
1 package tokens
2
3 import (
4 "fmt"
5 "strconv"
6 "strings"
7 "time"
8
9 tokenv1 "k8s.io/cluster-bootstrap/token/util"
10
11 "edge-infra.dev/pkg/edge/api/graph/model"
12 )
13
14 var (
15 TokenIDKey = "token-id"
16 TokenSecretKey = "token-secret"
17 ExpirationKey = "expiration"
18 APIAuthKey = "usage-bootstrap-authentication"
19 BootstrapSignerKey = "usage-bootstrap-signing"
20 GroupsKey = "auth-extra-groups"
21 TokenLifetime = 2 * time.Hour
22 TokenAPIAuthenticator = true
23 TokenBootstrapSigner = true
24 BootstrapperGroups = "system:bootstrappers:kubeadm:default-node-token"
25 )
26
27
28 func GenerateBootstrapJoinToken() ([]*model.KeyValues, *time.Time, error) {
29 token, err := tokenv1.GenerateBootstrapToken()
30 if err != nil {
31 return nil, nil, err
32 }
33 tokenSplit := strings.Split(token, ".")
34 if len(tokenSplit) != 2 {
35 return nil, nil, fmt.Errorf("invalid generated token")
36 }
37 expireAt := time.Now().Add(TokenLifetime).UTC()
38 return []*model.KeyValues{
39 {Key: TokenIDKey, Value: tokenSplit[0]},
40 {Key: TokenSecretKey, Value: tokenSplit[1]},
41 {Key: ExpirationKey, Value: expireAt.Format(time.RFC3339)},
42 {Key: APIAuthKey, Value: strconv.FormatBool(TokenAPIAuthenticator)},
43 {Key: BootstrapSignerKey, Value: strconv.FormatBool(TokenBootstrapSigner)},
44 {Key: GroupsKey, Value: BootstrapperGroups},
45 }, &expireAt, nil
46 }
47
View as plain text