JWS Discovery Service API Requirements

[dgoodwin]

As part of the ongoing sig-cluster-lifecycle work and the kubeadm utility that resulted, we have implemented a standalone JWS discovery service as a pod which kubeadm configures so other systems can run kubeadm and join the cluster. The discovery service pod expects to be passed the API CA certificate, API endpoints list, and a secure token as secrets when launched.

We hope to bring this service into the core API (details in #30707), as part of the kubeadm beta (#31711) targeted for 1.5.

Requirements for this to happen:

• Must implement a token sub-system in core API. May want to plan for multiple types of tokens, discovery being the first. May need expiration and cleanup. Callers may want to be able to specify their own tokens.
• Post cluster info into core API. Challenge will be fitting this into API framework, as it's a single entity per cluster.
• Start loading API endpoints and CA cert dynamically once in core API.

[mikedanese]

@kubernetes/sig-cluster-lifecycle

[dgoodwin]

Ok if I close this in light of kubernetes/enhancements#134 and kubernetes/enhancements#130 ?

[mikedanese]

SGTM