diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
index 29b14903d0adbe4aae91dcc39a8b3f27d9ea6a0a..2c460e28fd8180f5b4c055c2b16333bc1e6e55a2 100644
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -96,10 +96,6 @@ bin_dir: /usr/local/bin
## Uncomment to enable experimental kubeadm deployment mode
#kubeadm_enabled: false
-#kubeadm_token_first: "{{ lookup('password', inventory_dir + '/credentials/kubeadm_token_first length=6 chars=ascii_lowercase,digits') }}"
-#kubeadm_token_second: "{{ lookup('password', inventory_dir + '/credentials/kubeadm_token_second length=16 chars=ascii_lowercase,digits') }}"
-#kubeadm_token: "{{ kubeadm_token_first }}.{{ kubeadm_token_second }}"
-#
## Set these proxy values in order to update package manager and docker daemon to use proxies
#http_proxy: ""
#https_proxy: ""
diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index 0616dad5b148315b5d65ffc3227a49104368ada3..2b6e739dbae341e8f473989d27e6ebe939d70fa3 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -22,12 +22,20 @@
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
+- name: Create kubeadm token for joining nodes with 24h expiration (default)
+ command: "{{ bin_dir }}/kubeadm token create"
+ run_once: true
+ register: temp_token
+ delegate_to: "{{ groups['kube-master'][0] }}"
+
- name: Create kubeadm client config
template:
src: kubeadm-client.conf.j2
dest: "{{ kube_config_dir }}/kubeadm-client.conf"
backup: yes
when: not is_kube_master
+ vars:
+ kubeadm_token: "{{ temp_token.stdout }}"
register: kubeadm_client_conf
- name: Join to cluster if needed
diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index 69e74cf83d01aefd3146c922196dcfb35699e308..6b22bfd05613f8844e373904a98afa8bb8475d4d 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -82,9 +82,6 @@ controller_mgr_custom_flags: []
scheduler_custom_flags: []
-# kubeadm settings
-## Value of 0 means it never expires
-kubeadm_token_ttl: 0
## Extra args for k8s components passing by kubeadm
kube_kubeadm_controller_extra_args: {}
kube_kubeadm_scheduler_extra_args: {}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.yaml.j2
index eafe6f8510be1b3cef449d6d0f92fe41ab0c1d81..1f243e54468aa18258f8135960ca797e20a1cef9 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.yaml.j2
@@ -29,8 +29,6 @@ authorizationModes:
{% for mode in authorization_modes %}
- {{ mode }}
{% endfor %}
-token: {{ kubeadm_token }}
-tokenTTL: "{{ kubeadm_token_ttl }}"
selfHosted: false
apiServerExtraArgs:
bind-address: {{ kube_apiserver_bind_address }}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index f1d3a92b1a88b4fe67f4c0ca1d506d12e64f30af..3be3e9d6643435b2aed0219140fdffc5d2aa987f 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -147,7 +147,6 @@ helm_deployment_type: host
# Enable kubeadm deployment (experimental)
kubeadm_enabled: false
-kubeadm_token: "abcdef.0123456789abcdef"
# Make a copy of kubeconfig on the host that runs Ansible in GITDIR/artifacts
kubeconfig_localhost: false
diff --git a/roles/upgrade/post-upgrade/tasks/main.yml b/roles/upgrade/post-upgrade/tasks/main.yml
index ec6fdcf90723734bb04ae8f9f1d91988bea37f00..cef98bb0bb5df29a229e09a312b76738836d4373 100644
--- a/roles/upgrade/post-upgrade/tasks/main.yml
+++ b/roles/upgrade/post-upgrade/tasks/main.yml
@@ -2,4 +2,4 @@
- name: Uncordon node
command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}"
delegate_to: "{{ groups['kube-master'][0] }}"
- when: (needs_cordoning|default(false)) and ( {%- if inventory_hostname in groups['kube-node'] -%} true {%- else -%} false {%- endif -%} )
+ when: needs_cordoning|default(false)