From 4f52666722ef6653af4afe071460a3eb9a04608d Mon Sep 17 00:00:00 2001
From: Carlos Salas <carlos.salas@suse.com>
Date: Fri, 12 Jan 2024 17:19:22 +0100
Subject: [PATCH] fix: rke2 registration token generated twice

Signed-off-by: Carlos Salas <carlos.salas@suse.com>
---
 .../api/v1alpha1/zz_generated.deepcopy.go     |  2 +-
 .../controllers/rke2config_controller.go      | 24 +++++++++++++++----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/bootstrap/api/v1alpha1/zz_generated.deepcopy.go b/bootstrap/api/v1alpha1/zz_generated.deepcopy.go
index b1d6b148..0a2e35a7 100644
--- a/bootstrap/api/v1alpha1/zz_generated.deepcopy.go
+++ b/bootstrap/api/v1alpha1/zz_generated.deepcopy.go
@@ -22,7 +22,7 @@ package v1alpha1
 
 import (
 	"k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	runtime "k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
diff --git a/bootstrap/internal/controllers/rke2config_controller.go b/bootstrap/internal/controllers/rke2config_controller.go
index d8ed9465..36fd98ff 100644
--- a/bootstrap/internal/controllers/rke2config_controller.go
+++ b/bootstrap/internal/controllers/rke2config_controller.go
@@ -334,14 +334,28 @@ func (r *RKE2ConfigReconciler) handleClusterNotInitialized(ctx context.Context,
 
 	conditions.MarkTrue(scope.Config, bootstrapv1.CertificatesAvailableCondition)
 
-	token, err := r.generateAndStoreToken(ctx, scope)
-	if err != nil {
-		scope.Logger.Error(err, "unable to generate and store an RKE2 server token")
+	// RKE2 server token must only be generated once, so all nodes join the cluster with the same registration token.
+	var token string
 
-		return ctrl.Result{}, err
+	tokenSecret := &corev1.Secret{}
+	secretKey := types.NamespacedName{
+		Namespace: scope.Config.Namespace,
+		Name:      bsutil.TokenName(scope.Cluster.Name),
 	}
+	err := r.Client.Get(ctx, secretKey, tokenSecret)
+
+	if err != nil {
+		token, err = r.generateAndStoreToken(ctx, scope)
+		if err != nil {
+			scope.Logger.Error(err, "unable to generate and store an RKE2 server token")
 
-	scope.Logger.Info("RKE2 server token generated and stored in Secret!")
+			return ctrl.Result{}, err
+		}
+
+		scope.Logger.Info("RKE2 server token generated and stored in Secret!")
+	} else {
+		token = string(tokenSecret.Data["value"])
+	}
 
 	configStruct, configFiles, err := rke2.GenerateInitControlPlaneConfig(
 		rke2.ServerConfigOpts{