tokens.go

Documentation: edge-infra.dev/pkg/sds/k8s/bootstrap/tokens

     1  package tokens
     2  
     3  import (
     4  	"fmt"
     5  	"strconv"
     6  	"strings"
     7  	"time"
     8  
     9  	tokenv1 "k8s.io/cluster-bootstrap/token/util"
    10  
    11  	"edge-infra.dev/pkg/edge/api/graph/model"
    12  )
    13  
    14  var (
    15  	TokenIDKey            = "token-id"
    16  	TokenSecretKey        = "token-secret"
    17  	ExpirationKey         = "expiration"
    18  	APIAuthKey            = "usage-bootstrap-authentication"
    19  	BootstrapSignerKey    = "usage-bootstrap-signing"
    20  	GroupsKey             = "auth-extra-groups"
    21  	TokenLifetime         = 2 * time.Hour
    22  	TokenAPIAuthenticator = true // token can be used as bearer token to authenticate API server
    23  	TokenBootstrapSigner  = true // token can be used to sign the cluster-info config map.
    24  	BootstrapperGroups    = "system:bootstrappers:kubeadm:default-node-token"
    25  )
    26  
    27  // Generates a new bootstrap token and returns the key-value pairs.
    28  func GenerateBootstrapJoinToken() ([]*model.KeyValues, *time.Time, error) {
    29  	token, err := tokenv1.GenerateBootstrapToken() // token-id.token-secret
    30  	if err != nil {
    31  		return nil, nil, err
    32  	}
    33  	tokenSplit := strings.Split(token, ".")
    34  	if len(tokenSplit) != 2 {
    35  		return nil, nil, fmt.Errorf("invalid generated token")
    36  	}
    37  	expireAt := time.Now().Add(TokenLifetime).UTC()
    38  	return []*model.KeyValues{
    39  		{Key: TokenIDKey, Value: tokenSplit[0]},
    40  		{Key: TokenSecretKey, Value: tokenSplit[1]},
    41  		{Key: ExpirationKey, Value: expireAt.Format(time.RFC3339)},
    42  		{Key: APIAuthKey, Value: strconv.FormatBool(TokenAPIAuthenticator)},
    43  		{Key: BootstrapSignerKey, Value: strconv.FormatBool(TokenBootstrapSigner)},
    44  		{Key: GroupsKey, Value: BootstrapperGroups},
    45  	}, &expireAt, nil
    46  }
    47
View as plain text