Merge pull request #70727 from yagonobre/bootstrap-token

kubeadm graduate bootstrap-token phase
2025-07-27 13:37:30 +00:00 · 2018-11-08 17:36:24 -08:00 · 2018-11-08 17:36:24 -08:00 · 34be549935
commit 34be549935
parent be800e623a e743f0e475
20 changed files with 74 additions and 382 deletions
--- a/cmd/kubeadm/app/cmd/BUILD
+++ b/cmd/kubeadm/app/cmd/BUILD
@ -38,7 +38,6 @@ go_library(
        "//cmd/kubeadm/app/images:go_default_library",
        "//cmd/kubeadm/app/phases/addons/dns:go_default_library",
        "//cmd/kubeadm/app/phases/addons/proxy:go_default_library",
        "//cmd/kubeadm/app/phases/bootstraptoken/clusterinfo:go_default_library",
        "//cmd/kubeadm/app/phases/bootstraptoken/node:go_default_library",
        "//cmd/kubeadm/app/phases/certs:go_default_library",
        "//cmd/kubeadm/app/phases/controlplane:go_default_library",
--- a/cmd/kubeadm/app/cmd/alpha/alpha.go
+++ b/cmd/kubeadm/app/cmd/alpha/alpha.go
@ -53,7 +53,6 @@ func newCmdPhase(out io.Writer) *cobra.Command {
 	}
 	cmd.AddCommand(phases.NewCmdAddon())
 	cmd.AddCommand(phases.NewCmdBootstrapToken())
 	cmd.AddCommand(phases.NewCmdMarkMaster())
 	return cmd
--- a/cmd/kubeadm/app/cmd/init.go
+++ b/cmd/kubeadm/app/cmd/init.go
@ -44,8 +44,6 @@ import (
 	"k8s.io/kubernetes/cmd/kubeadm/app/features"
 	dnsaddonphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns"
 	proxyaddonphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy"
 	clusterinfophase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
 	nodebootstraptokenphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
 	certsphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
 	kubeconfigphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig"
 	kubeletphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/kubelet"
@ -182,6 +180,7 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 	initRunner.AppendPhase(phases.NewEtcdPhase())
 	initRunner.AppendPhase(phases.NewWaitControlPlanePhase())
 	initRunner.AppendPhase(phases.NewUploadConfigPhase())
 	initRunner.AppendPhase(phases.NewBootstrapTokenPhase())
 	// TODO: add other phases to the runner.
 	// sets the data builder function, that will be used by the runner
@ -511,51 +510,6 @@ func runInit(i *initData, out io.Writer) error {
 		}
 	}
 	// PHASE 5: Set up the node bootstrap tokens
 	tokens := []string{}
 	for _, bt := range i.cfg.BootstrapTokens {
 		tokens = append(tokens, bt.Token.String())
 	}
 	if !i.skipTokenPrint {
 		if len(tokens) == 1 {
 			fmt.Printf("[bootstraptoken] using token: %s\n", tokens[0])
 		} else if len(tokens) > 1 {
 			fmt.Printf("[bootstraptoken] using tokens: %v\n", tokens)
 		}
 	}
 	// Create the default node bootstrap token
 	glog.V(1).Infof("[init] creating RBAC rules to generate default bootstrap token")
 	if err := nodebootstraptokenphase.UpdateOrCreateTokens(client, false, i.cfg.BootstrapTokens); err != nil {
 		return errors.Wrap(err, "error updating or creating token")
 	}
 	// Create RBAC rules that makes the bootstrap tokens able to post CSRs
 	glog.V(1).Infof("[init] creating RBAC rules to allow bootstrap tokens to post CSR")
 	if err := nodebootstraptokenphase.AllowBootstrapTokensToPostCSRs(client); err != nil {
 		return errors.Wrap(err, "error allowing bootstrap tokens to post CSRs")
 	}
 	// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
 	glog.V(1).Infof("[init] creating RBAC rules to automatic approval of CSRs automatically")
 	if err := nodebootstraptokenphase.AutoApproveNodeBootstrapTokens(client); err != nil {
 		return errors.Wrap(err, "error auto-approving node bootstrap tokens")
 	}
 	// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
 	glog.V(1).Infof("[init] creating/updating RBAC rules for rotating certificate")
 	if err := nodebootstraptokenphase.AutoApproveNodeCertificateRotation(client); err != nil {
 		return err
 	}
 	// Create the cluster-info ConfigMap with the associated RBAC rules
 	glog.V(1).Infof("[init] creating bootstrap configmap")
 	if err := clusterinfophase.CreateBootstrapConfigMapIfNotExists(client, adminKubeConfigPath); err != nil {
 		return errors.Wrap(err, "error creating bootstrap configmap")
 	}
 	glog.V(1).Infof("[init] creating ClusterInfo RBAC rules")
 	if err := clusterinfophase.CreateClusterInfoRBACRules(client); err != nil {
 		return errors.Wrap(err, "error creating clusterinfo RBAC rules")
 	}
 	glog.V(1).Infof("[init] ensuring DNS addon")
 	if err := dnsaddonphase.EnsureDNSAddon(i.cfg, client); err != nil {
 		return errors.Wrap(err, "error ensuring dns addon")
@ -573,7 +527,7 @@ func runInit(i *initData, out io.Writer) error {
 	}
 	// Prints the join command, multiple times in case the user has multiple tokens
-	for _, token := range tokens {
+	for _, token := range i.Tokens() {
 		if err := printJoinCommand(out, adminKubeConfigPath, token, i.skipTokenPrint); err != nil {
 			return errors.Wrap(err, "failed to print join command")
 		}
--- a/cmd/kubeadm/app/cmd/phases/BUILD
+++ b/cmd/kubeadm/app/cmd/phases/BUILD
@ -52,12 +52,10 @@ go_library(
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
        "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
        "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
        "//vendor/github.com/golang/glog:go_default_library",
        "//vendor/github.com/pkg/errors:go_default_library",
        "//vendor/github.com/renstrom/dedent:go_default_library",
        "//vendor/github.com/spf13/cobra:go_default_library",
        "//vendor/github.com/spf13/pflag:go_default_library",
        "//vendor/k8s.io/utils/exec:go_default_library",
    ],
 )
--- a/cmd/kubeadm/app/cmd/phases/bootstraptoken.go
+++ b/cmd/kubeadm/app/cmd/phases/bootstraptoken.go
@ -1,5 +1,5 @@
 /*
-Copyright 2017 The Kubernetes Authors.
+Copyright 2018 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@ -18,316 +18,106 @@ package phases
 import (
 	"fmt"
 	"path/filepath"
 	"github.com/golang/glog"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clientset "k8s.io/client-go/kubernetes"
-	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmscheme "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme"
 	kubeadmapiv1beta1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation"
 	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/options"
-	cmdutil "k8s.io/kubernetes/cmd/kubeadm/app/cmd/util"
+	"k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
-	"k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
+	clusterinfophase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo"
-	"k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
+	nodebootstraptokenphase "k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node"
 	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
 	configutil "k8s.io/kubernetes/cmd/kubeadm/app/util/config"
 	kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
 	"k8s.io/kubernetes/pkg/util/normalizer"
 )
 var (
-	allTokenLongDesc = normalizer.LongDesc(`
+	bootstrapTokenLongDesc = normalizer.LongDesc(`
 		Bootstrap tokens are used for establishing bidirectional trust between a node joining
 		the cluster and a the master node.
 		This command makes all the configurations required to make bootstrap tokens works
 		and then creates an initial token.
 		` + cmdutil.AlphaDisclaimer)
 	allTokenExamples = normalizer.Examples(`
 		# Makes all the bootstrap token configurations and creates an initial token, functionally
 		# equivalent to what generated by kubeadm init.
 		kubeadm alpha phase bootstrap-token all
 		`)
-	createTokenLongDesc = normalizer.LongDesc(`
+	bootstrapTokenExamples = normalizer.Examples(`
-		Creates a bootstrap token. If no token value is given, kubeadm will generate a random token instead.
+		# Makes all the bootstrap token configurations and creates an initial token, functionally
-
+		# equivalent to what generated by kubeadm init.
-		Alternatively, you can use kubeadm token.
+		kubeadm init phase bootstrap-token
-		` + cmdutil.AlphaDisclaimer)
+		`)
 	clusterInfoLongDesc = fmt.Sprintf(normalizer.LongDesc(`
 		Uploads the %q ConfigMap in the %q namespace, populating it with cluster information extracted from the
 		given kubeconfig file. The ConfigMap is used for the node bootstrap process in its initial phases,
 		before the client trusts the API server.
 		See online documentation about Authenticating with Bootstrap Tokens for more details.
 		`+cmdutil.AlphaDisclaimer), bootstrapapi.ConfigMapClusterInfo, metav1.NamespacePublic)
 	nodePostCSRsLongDesc = normalizer.LongDesc(`
 		Configures RBAC rules to allow node bootstrap tokens to post a certificate signing request,
 		 thus enabling nodes joining the cluster to request long term certificate credentials.
 		See online documentation about TLS bootstrapping for more details.
 		` + cmdutil.AlphaDisclaimer)
 	nodeAutoApproveLongDesc = normalizer.LongDesc(`
 		Configures RBAC rules to allow the csrapprover controller to automatically approve
 		certificate signing requests generated by nodes joining the cluster.
 		It configures also RBAC rules for certificates rotation (with auto approval of new certificates).
 		See online documentation about TLS bootstrapping for more details.
 		` + cmdutil.AlphaDisclaimer)
 )
-// NewCmdBootstrapToken returns the Cobra command for running the mark-master phase
+type bootstrapTokenData interface {
-func NewCmdBootstrapToken() *cobra.Command {
+	Cfg() *kubeadmapi.InitConfiguration
-	kubeConfigFile := kubeadmconstants.GetAdminKubeConfigPath()
+	Client() (clientset.Interface, error)
 	KubeConfigDir() string
 	SkipTokenPrint() bool
 	Tokens() []string
 }
-	cmd := &cobra.Command{
+// NewBootstrapTokenPhase returns the phase to boostrapToken
-		Use:     "bootstrap-token",
+func NewBootstrapTokenPhase() workflow.Phase {
-		Short:   "Manage kubeadm-specific bootstrap token functions",
+	return workflow.Phase{
-		Long:    cmdutil.MacroCommandLongDescription,
+		Name:    "bootstrap-token",
 		Aliases: []string{"bootstraptoken"},
-	}
+		Short:   bootstrapTokenLongDesc,
-
+		Long:    bootstrapTokenExamples,
-	options.AddKubeConfigFlag(cmd.PersistentFlags(), &kubeConfigFile)
+		CmdFlags: []string{
-
+			options.CfgPath,
-	// Add subcommands
+			options.KubeconfigDir,
-	kubeConfigFile = cmdutil.FindExistingKubeConfig(kubeConfigFile)
+			options.SkipTokenPrint,
 	cmd.AddCommand(NewSubCmdBootstrapTokenAll(&kubeConfigFile))
 	cmd.AddCommand(NewSubCmdBootstrapToken(&kubeConfigFile))
 	cmd.AddCommand(NewSubCmdClusterInfo(&kubeConfigFile))
 	cmd.AddCommand(NewSubCmdNodeBootstrapToken(&kubeConfigFile))
 	return cmd
 }
 // NewSubCmdBootstrapTokenAll returns the Cobra command for running the token all sub-phase
 func NewSubCmdBootstrapTokenAll(kubeConfigFile *string) *cobra.Command {
 	cfg := &kubeadmapiv1beta1.InitConfiguration{}
 	// Default values for the cobra help text
 	kubeadmscheme.Scheme.Default(cfg)
 	var cfgPath string
 	var skipTokenPrint bool
 	bto := options.NewBootstrapTokenOptions()
 	cmd := &cobra.Command{
 		Use:     "all",
 		Short:   "Makes all the bootstrap token configurations and creates an initial token",
 		Long:    allTokenLongDesc,
 		Example: allTokenExamples,
 		Run: func(cmd *cobra.Command, args []string) {
 			err := validation.ValidateMixedArguments(cmd.Flags())
 			kubeadmutil.CheckErr(err)
 			err = bto.ApplyTo(cfg)
 			kubeadmutil.CheckErr(err)
 			client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 			// Creates the bootstap token
 			err = createBootstrapToken(*kubeConfigFile, client, cfgPath, cfg, skipTokenPrint)
 			kubeadmutil.CheckErr(err)
 			// Create the cluster-info ConfigMap or update if it already exists
 			err = clusterinfo.CreateBootstrapConfigMapIfNotExists(client, *kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 			// Create the RBAC rules that expose the cluster-info ConfigMap properly
 			err = clusterinfo.CreateClusterInfoRBACRules(client)
 			kubeadmutil.CheckErr(err)
 			// Create RBAC rules that makes the bootstrap tokens able to post CSRs
 			err = node.AllowBootstrapTokensToPostCSRs(client)
 			kubeadmutil.CheckErr(err)
 			// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
 			err = node.AutoApproveNodeBootstrapTokens(client)
 			kubeadmutil.CheckErr(err)
 			// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
 			err = node.AutoApproveNodeCertificateRotation(client)
 			kubeadmutil.CheckErr(err)
 		},
 		Run: runBoostrapToken,
 	}
 }
 func runBoostrapToken(c workflow.RunData) error {
 	data, ok := c.(bootstrapTokenData)
 	if !ok {
 		return errors.New("bootstrap-token phase invoked with an invalid data struct")
 	}
-	// Adds flags to the command
+	client, err := data.Client()
 	addGenericFlags(cmd.Flags(), &cfgPath, &skipTokenPrint)
 	bto.AddTokenFlag(cmd.Flags())
 	bto.AddTTLFlag(cmd.Flags())
 	bto.AddUsagesFlag(cmd.Flags())
 	bto.AddGroupsFlag(cmd.Flags())
 	bto.AddDescriptionFlag(cmd.Flags())
 	return cmd
 }
 // NewSubCmdBootstrapToken returns the Cobra command for running the create token phase
 func NewSubCmdBootstrapToken(kubeConfigFile *string) *cobra.Command {
 	cfg := &kubeadmapiv1beta1.InitConfiguration{}
 	// Default values for the cobra help text
 	kubeadmscheme.Scheme.Default(cfg)
 	var cfgPath string
 	var skipTokenPrint bool
 	bto := options.NewBootstrapTokenOptions()
 	cmd := &cobra.Command{
 		Use:   "create",
 		Short: "Creates a bootstrap token to be used for node joining",
 		Long:  createTokenLongDesc,
 		Run: func(cmd *cobra.Command, args []string) {
 			err := validation.ValidateMixedArguments(cmd.Flags())
 			kubeadmutil.CheckErr(err)
 			err = bto.ApplyTo(cfg)
 			kubeadmutil.CheckErr(err)
 			client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 			err = createBootstrapToken(*kubeConfigFile, client, cfgPath, cfg, skipTokenPrint)
 			kubeadmutil.CheckErr(err)
 		},
 	}
 	// Adds flags to the command
 	addGenericFlags(cmd.Flags(), &cfgPath, &skipTokenPrint)
 	bto.AddTokenFlag(cmd.Flags())
 	bto.AddTTLFlag(cmd.Flags())
 	bto.AddUsagesFlag(cmd.Flags())
 	bto.AddGroupsFlag(cmd.Flags())
 	bto.AddDescriptionFlag(cmd.Flags())
 	return cmd
 }
 // NewSubCmdClusterInfo returns the Cobra command for running the cluster-info sub-phase
 func NewSubCmdClusterInfo(kubeConfigFile *string) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:     "cluster-info",
 		Short:   "Uploads the cluster-info ConfigMap from the given kubeconfig file",
 		Long:    clusterInfoLongDesc,
 		Aliases: []string{"clusterinfo"},
 		Run: func(cmd *cobra.Command, args []string) {
 			client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 			// Create the cluster-info ConfigMap or update if it already exists
 			err = clusterinfo.CreateBootstrapConfigMapIfNotExists(client, *kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 			// Create the RBAC rules that expose the cluster-info ConfigMap properly
 			err = clusterinfo.CreateClusterInfoRBACRules(client)
 			kubeadmutil.CheckErr(err)
 		},
 	}
 	return cmd
 }
 // NewSubCmdNodeBootstrapToken returns the Cobra command for running the node sub-phase
 func NewSubCmdNodeBootstrapToken(kubeConfigFile *string) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:     "node",
 		Short:   "Configures the node bootstrap process",
 		Aliases: []string{"clusterinfo"},
 		Long:    cmdutil.MacroCommandLongDescription,
 	}
 	cmd.AddCommand(NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile))
 	cmd.AddCommand(NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile))
 	return cmd
 }
 // NewSubCmdNodeBootstrapTokenPostCSRs returns the Cobra command for running the allow-post-csrs sub-phase
 func NewSubCmdNodeBootstrapTokenPostCSRs(kubeConfigFile *string) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "allow-post-csrs",
 		Short: "Configures RBAC to allow node bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials",
 		Long:  nodePostCSRsLongDesc,
 		Run: func(cmd *cobra.Command, args []string) {
 			client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 			// Create RBAC rules that makes the bootstrap tokens able to post CSRs
 			err = node.AllowBootstrapTokensToPostCSRs(client)
 			kubeadmutil.CheckErr(err)
 		},
 	}
 	return cmd
 }
 // NewSubCmdNodeBootstrapTokenAutoApprove returns the Cobra command for running the allow-auto-approve sub-phase
 func NewSubCmdNodeBootstrapTokenAutoApprove(kubeConfigFile *string) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "allow-auto-approve",
 		Short: "Configures RBAC rules to allow the csrapprover controller automatically approve CSRs from a node bootstrap token",
 		Long:  nodeAutoApproveLongDesc,
 		Run: func(cmd *cobra.Command, args []string) {
 			client, err := kubeconfigutil.ClientSetFromFile(*kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 			// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
 			err = node.AutoApproveNodeBootstrapTokens(client)
 			kubeadmutil.CheckErr(err)
 			// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
 			err = node.AutoApproveNodeCertificateRotation(client)
 			kubeadmutil.CheckErr(err)
 		},
 	}
 	return cmd
 }
 func addGenericFlags(flagSet *pflag.FlagSet, cfgPath *string, skipTokenPrint *bool) {
 	flagSet.StringVar(
 		cfgPath, "config", *cfgPath,
 		"Path to kubeadm config file. WARNING: Usage of a configuration file is experimental",
 	)
 	flagSet.BoolVar(
 		skipTokenPrint, "skip-token-print", *skipTokenPrint,
 		"Skip printing of the bootstrap token",
 	)
 }
 func createBootstrapToken(kubeConfigFile string, client clientset.Interface, cfgPath string, cfg *kubeadmapiv1beta1.InitConfiguration, skipTokenPrint bool) error {
 	// KubernetesVersion is not used, but we set it explicitly to avoid the lookup
 	// of the version from the internet when executing ConfigFileAndDefaultsToInternalConfig
 	SetKubernetesVersion(cfg)
 	// This call returns the ready-to-use configuration based on the configuration file that might or might not exist and the default cfg populated by flags
 	internalcfg, err := configutil.ConfigFileAndDefaultsToInternalConfig(cfgPath, cfg)
 	if err != nil {
 		return err
 	}
-	glog.V(1).Infoln("[bootstraptoken] creating/updating token")
+	if !data.SkipTokenPrint() {
-	// Creates or updates the token
+		tokens := data.Tokens()
-	if err := node.UpdateOrCreateTokens(client, false, internalcfg.BootstrapTokens); err != nil {
+		if len(tokens) == 1 {
 			fmt.Printf("[bootstrap-token] Using token: %s\n", tokens[0])
 		} else if len(tokens) > 1 {
 			fmt.Printf("[bootstrap-token] Using tokens: %v\n", tokens)
 		}
 	}
 	fmt.Println("[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles")
 	// Create the default node bootstrap token
 	if err := nodebootstraptokenphase.UpdateOrCreateTokens(client, false, data.Cfg().BootstrapTokens); err != nil {
 		return errors.Wrap(err, "error updating or creating token")
 	}
 	// Create RBAC rules that makes the bootstrap tokens able to post CSRs
 	if err := nodebootstraptokenphase.AllowBootstrapTokensToPostCSRs(client); err != nil {
 		return errors.Wrap(err, "error allowing bootstrap tokens to post CSRs")
 	}
 	// Create RBAC rules that makes the bootstrap tokens able to get their CSRs approved automatically
 	if err := nodebootstraptokenphase.AutoApproveNodeBootstrapTokens(client); err != nil {
 		return errors.Wrap(err, "error auto-approving node bootstrap tokens")
 	}
 	// Create/update RBAC rules that makes the nodes to rotate certificates and get their CSRs approved automatically
 	if err := nodebootstraptokenphase.AutoApproveNodeCertificateRotation(client); err != nil {
 		return err
 	}
-	fmt.Println("[bootstraptoken] bootstrap token created")
+	// Create the cluster-info ConfigMap with the associated RBAC rules
-	fmt.Println("[bootstraptoken] you can now join any number of machines by running:")
+	adminKubeConfigPath := filepath.Join(data.KubeConfigDir(), kubeadmconstants.AdminKubeConfigFileName)
-
+	if err := clusterinfophase.CreateBootstrapConfigMapIfNotExists(client, adminKubeConfigPath); err != nil {
-	if len(internalcfg.BootstrapTokens) > 0 {
+		return errors.Wrap(err, "error creating bootstrap ConfigMap")
 		joinCommand, err := cmdutil.GetJoinCommand(kubeConfigFile, internalcfg.BootstrapTokens[0].Token.String(), skipTokenPrint)
 		if err != nil {
 			return errors.Wrap(err, "failed to get join command")
 	}
-		fmt.Println(joinCommand)
+	if err := clusterinfophase.CreateClusterInfoRBACRules(client); err != nil {
 		return errors.Wrap(err, "error creating clusterinfo RBAC rules")
 	}
 	return nil
 }
--- a/docs/.generated_docs
+++ b/docs/.generated_docs
@ -27,13 +27,6 @@ docs/admin/kubeadm_alpha_phase_addon.md
 docs/admin/kubeadm_alpha_phase_addon_all.md
 docs/admin/kubeadm_alpha_phase_addon_coredns.md
 docs/admin/kubeadm_alpha_phase_addon_kube-proxy.md
 docs/admin/kubeadm_alpha_phase_bootstrap-token.md
 docs/admin/kubeadm_alpha_phase_bootstrap-token_all.md
 docs/admin/kubeadm_alpha_phase_bootstrap-token_cluster-info.md
 docs/admin/kubeadm_alpha_phase_bootstrap-token_create.md
 docs/admin/kubeadm_alpha_phase_bootstrap-token_node.md
 docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md
 docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md
 docs/admin/kubeadm_alpha_phase_mark-master.md
 docs/admin/kubeadm_alpha_preflight.md
 docs/admin/kubeadm_alpha_preflight_node.md
@ -54,6 +47,7 @@ docs/admin/kubeadm_config_upload_from-flags.md
 docs/admin/kubeadm_config_view.md
 docs/admin/kubeadm_init.md
 docs/admin/kubeadm_init_phase.md
 docs/admin/kubeadm_init_phase_bootstrap-token.md
 docs/admin/kubeadm_init_phase_certs.md
 docs/admin/kubeadm_init_phase_certs_apiserver-etcd-client.md
 docs/admin/kubeadm_init_phase_certs_apiserver-kubelet-client.md
@ -123,13 +117,6 @@ docs/man/man1/kubeadm-alpha-phase-addon-all.1
 docs/man/man1/kubeadm-alpha-phase-addon-coredns.1
 docs/man/man1/kubeadm-alpha-phase-addon-kube-proxy.1
 docs/man/man1/kubeadm-alpha-phase-addon.1
 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-all.1
 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-cluster-info.1
 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-create.1
 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-auto-approve.1
 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-post-csrs.1
 docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node.1
 docs/man/man1/kubeadm-alpha-phase-bootstrap-token.1
 docs/man/man1/kubeadm-alpha-phase-mark-master.1
 docs/man/man1/kubeadm-alpha-phase.1
 docs/man/man1/kubeadm-alpha-preflight-node.1
@ -151,6 +138,7 @@ docs/man/man1/kubeadm-config-upload-from-flags.1
 docs/man/man1/kubeadm-config-upload.1
 docs/man/man1/kubeadm-config-view.1
 docs/man/man1/kubeadm-config.1
 docs/man/man1/kubeadm-init-phase-bootstrap-token.1
 docs/man/man1/kubeadm-init-phase-certs-apiserver-etcd-client.1
 docs/man/man1/kubeadm-init-phase-certs-apiserver-kubelet-client.1
 docs/man/man1/kubeadm-init-phase-certs-apiserver.1
--- a/docs/admin/kubeadm_alpha_phase_bootstrap-token_cluster-info.md
+++ b/docs/admin/kubeadm_alpha_phase_bootstrap-token_cluster-info.md
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/admin/kubeadm_alpha_phase_bootstrap-token_create.md
+++ b/docs/admin/kubeadm_alpha_phase_bootstrap-token_create.md
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/admin/kubeadm_alpha_phase_bootstrap-token_node.md
+++ b/docs/admin/kubeadm_alpha_phase_bootstrap-token_node.md
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md
+++ b/docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-auto-approve.md
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md
+++ b/docs/admin/kubeadm_alpha_phase_bootstrap-token_node_allow-post-csrs.md
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/admin/kubeadm_alpha_phase_bootstrap-token.md
+++ b/docs/admin/kubeadm_alpha_phase_bootstrap-token.md
--- a/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-all.1
+++ b/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-all.1
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-cluster-info.1
+++ b/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-cluster-info.1
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-create.1
+++ b/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-create.1
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-auto-approve.1
+++ b/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-auto-approve.1
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-post-csrs.1
+++ b/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node-allow-post-csrs.1
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node.1
+++ b/docs/man/man1/kubeadm-alpha-phase-bootstrap-token-node.1
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/man/man1/kubeadm-alpha-phase-bootstrap-token.1
+++ b/docs/man/man1/kubeadm-alpha-phase-bootstrap-token.1
@ -1,3 +0,0 @@
 This file is autogenerated, but we've stopped checking such files into the
 repository to reduce the need for rebases. Please run hack/generate-docs.sh to
 populate this file.
--- a/docs/admin/kubeadm_alpha_phase_bootstrap-token_all.md
+++ b/docs/admin/kubeadm_alpha_phase_bootstrap-token_all.md