Setup bootstrap-tokens configuration #7
Description
Bootstrap tokens configuration consists of 9 manifests:
# helm install foo kvaps/kubernetes --set persistence.enabled=false --set admin.job.enabled=false
# kubectl exec -ti deploy/foo-kubernetes-admin -- sh
# kubeadm init phase bootstrap-token --config /config/kubeadmcfg.yaml --skip-token-print -v 10 2>&1 | sed -n 's/.*Request Body: //p'
{"kind":"Secret","apiVersion":"v1","metadata":{"name":"bootstrap-token-lusbhc","namespace":"kube-system","creationTimestamp":null},"data":{"auth-extra-groups":"c3lzdGVtOmJvb3RzdHJhcHBlcnM6a3ViZWFkbTpkZWZhdWx0LW5vZGUtdG9rZW4=","expiration":"MjAyMC0xMS0xMFQyMToxNjoxNVo=","token-id":"bHVzYmhj","token-secret":"dmsyOGg2b2h4aW9kOGl2eg==","usage-bootstrap-authentication":"dHJ1ZQ==","usage-bootstrap-signing":"dHJ1ZQ=="},"type":"bootstrap.kubernetes.io/token"}
{"kind":"ClusterRole","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"kubeadm:get-nodes","namespace":"kube-system","creationTimestamp":null},"rules":[{"verbs":["get"],"apiGroups":[""],"resources":["nodes"]}]}
{"kind":"ClusterRoleBinding","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"kubeadm:get-nodes","namespace":"kube-system","creationTimestamp":null},"subjects":[{"kind":"Group","name":"system:bootstrappers:kubeadm:default-node-token"}],"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"kubeadm:get-nodes"}}
{"kind":"ClusterRoleBinding","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"kubeadm:kubelet-bootstrap","creationTimestamp":null},"subjects":[{"kind":"Group","name":"system:bootstrappers:kubeadm:default-node-token"}],"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"system:node-bootstrapper"}}
{"kind":"ClusterRoleBinding","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"kubeadm:node-autoapprove-bootstrap","creationTimestamp":null},"subjects":[{"kind":"Group","name":"system:bootstrappers:kubeadm:default-node-token"}],"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"system:certificates.k8s.io:certificatesigningrequests:nodeclient"}}
{"kind":"ClusterRoleBinding","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"kubeadm:node-autoapprove-certificate-rotation","creationTimestamp":null},"subjects":[{"kind":"Group","name":"system:nodes"}],"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"system:certificates.k8s.io:certificatesigningrequests:selfnodeclient"}}
{"kind":"ConfigMap","apiVersion":"v1","metadata":{"name":"cluster-info","namespace":"kube-public","creationTimestamp":null},"data":{"kubeconfig":"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority: /pki/admin-client/ca.crt\n server: https://foo-kubernetes-apiserver:6443\n name: \"\"\ncontexts: null\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers: null\n"}}
{"kind":"Role","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"kubeadm:bootstrap-signer-clusterinfo","namespace":"kube-public","creationTimestamp":null},"rules":[{"verbs":["get"],"apiGroups":[""],"resources":["configmaps"],"resourceNames":["cluster-info"]}]}
{"kind":"RoleBinding","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"kubeadm:bootstrap-signer-clusterinfo","namespace":"kube-public","creationTimestamp":null},"subjects":[{"kind":"User","name":"system:anonymous"}],"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role","name":"kubeadm:bootstrap-signer-clusterinfo"}}Let's omit the secret and consider the opportunity to convert the rest to templates, parametrize and put into manifests directory