From b472c2df980c7a676b4ba2a88d8feabfe10f4f78 Mon Sep 17 00:00:00 2001
From: mlushpenko <iviakciivi@gmail.com>
Date: Tue, 6 Feb 2018 00:14:50 +0100
Subject: [PATCH] Fix safe upgrade

Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335, so we need to create a new temporary token during the cluster upgrade.
---
 roles/kubernetes/kubeadm/tasks/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index 0616dad5b..4da21b77d 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -22,6 +22,16 @@
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
 
+- name: Create kubeadm token for joining nodes with 24h expiration (default)
+  command: "{{ bin_dir }}/kubeadm token create"
+  run_once: true
+  register: temp_token
+  delegate_to: "{{ groups['kube-master'][0] }}"
+
+- name: Override predefined kubeadm_token that expires after 24h
+  set_fact:
+    kubeadm_token: "{{ temp_token.stdout }}"
+    
 - name: Create kubeadm client config
   template:
     src: kubeadm-client.conf.j2
-- 
GitLab