mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
13af0b1d88
Having separate tokens for server and agent nodes is a nice feature. However, passing server's plain `K3S_AGENT_TOKEN` value to `k3s agent --token` without CA hash is insecure when CA is self-signed, and k3s warns about it in the logs: ``` Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation. ``` Okay so I need CA hash but where should I get it? This commit attempts to fix this issue by saving agent token value to `agent-token` file with CA hash appended. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru> |
||
|---|---|---|
| .. | ||
| auth.go | ||
| context.go | ||
| etcd.go | ||
| router.go | ||
| secrets-encrypt.go | ||
| server.go | ||
| types.go | ||