Skip to content

Support getting join token from environment variable #5253

Open
@twz123

Description

@twz123

Is your feature request related to a problem? Please describe.

There's currently two ways of passing the join token to k0s controller or k0s worker:

  1. As an argument on the command line
  2. As a file, by passing the --token-file /path/to/tokenfile flag on the command line.

The first approach is only feasible for development and testing purposes, since the command line is not confidential except on particularly hardened machines. The second approach doesn't suffer from this, as it relies on the token file's permissions and is therefore used by automation tools (e.g. k0sctl). However, this means that the token must be written to a place where it is potentially persistent and, if the permissions are inappropriate, can be leaked. While persistence may or may not be a desired property, it still means that the lifecycle of the token file must be managed.

Describe the solution you would like

In addition to the above ways of passing the join token, have both subcommands accept it via an environment variable, say K0S_JOIN_TOKEN. This would be a fairly standard way of passing credentials. It doesn't require the file system or the command line, and is a good middle ground for tools.

In fact, I'm about to ask for a deprecation of support for join tokens as CLI arguments, since managing this via environment variables is potentially even more friendly to manual plumbing.

Describe alternatives you've considered

No response

Additional context

No response

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions