There should be a way to avoid printing bootstrap token #160
Comments
k8s-github-robot
pushed a commit
to kubernetes/kubernetes
that referenced
this issue
Apr 25, 2017
Automatic merge from submit-queue (batch tested with PRs 44601, 44842, 44893, 44491, 44588) kubeadm: add flag to skip token print out **What this PR does / why we need it**: When kubeadm init is used in an automated context, it still prints the token to standard out. When standard output ends up in a log file, it can be considered that the token is leaked there and can be compromised. This PR adds a flag you can select to not have it print out and explicitly disable this behavior. This is a continuation from #42823 since it had to be closed. **Which issue this PR fixes** : fixes #kubernetes/kubeadm#160 **Special notes for your reviewer**: /cc @luxas @errordeveloper **Release note**: ```release-note NONE ```
|
Fixed with kubernetes/kubernetes#44588 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When
kubeadm initis used in an automated context, it still prints the token to standard out. When standard output ends up in a log file, it can be cosidered that token is leaked there and can be compromised. We could simply avoid this by either detecting a non-interactive terminal and thereby not printing the join command to the standard output, or have a flag to explicitly disable this behaviour.The text was updated successfully, but these errors were encountered: