Split bootstrap join token from machine provisioning data

[AndiDog]

What would you like to be added (User Story)?

As developers, we want clear separation between bootstrapping (join token) and provisioning (machine startup script) in order to not mix these concerns into what is currently called "bootstrap data secret".

Detailed Description

In #8858, we found that having the bootstrap token, needed to join new nodes, is part of the bootstrap data secret and therefore directly used for spinning up machines such as EC2 instances. For machine pools, the token must be regularly rotated (for security) or refreshed since the cloud provider could start a new machine at any time (example: AWS auto-scaling group creating a new instance) and it should be able to join the cluster. Since the token is rotated regularly, the bootstrap secret also changes at certain intervals (related to, but normally earlier than DefaultTokenTTL = 15 minutes). If we can split off retrieval of the bootstrap token from the machine's provisioning data, such as the cloud-init/ignition script, it would help infra providers like CAPA to recognize when something other than the token has changed.

Anything else you would like to add?

cc @vincepri

Label(s) to be applied

/kind feature
/area bootstrap

[killianmuldoon]

/triage accepted

[fabriziopandini]

/remove kind/feature
/kind proposal

This is a sort of duplicate of #5294, which has a lot of historical context, not sure if we want to dedup tough

Also, some related issue that might benefit from this work:

• Bottlerocket OS support in kubeadm bootstrap #7840
• Ignition v3.x support #9157

[fabriziopandini]

/priority backlog

[fabriziopandini]

/close

in favour of #5294

[k8s-ci-robot]

@fabriziopandini: Closing this issue.

In response to this:

/close

in favour of #5294

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.