Merge pull request #48783 from mattmoyer/change-kubeadm-default-token-ttl

Automatic merge from submit-queue (batch tested with PRs 48572, 48838, 48931, 48783, 47090)

kubeadm: change the default bootstrap token TTL to 24 hours

**What this PR does / why we need it**:
This PR changes the TTL for the default bootstrap token generated by `kubeadm init` (without the `--token-ttl` parameter) and `kubeadm token create` (without the `--ttl` flag). Previously, the default TTL was infinite. After this change it is 24 hours.

~~The reasoning for 2 hours as a default is that it's 1) long enough that someone manually using kubeadm (copy-pasting) shouldn't have any issues and 2) short enough that if something is going to break, it should break while the user/admin is still paying attention to the cluster. I'm open to bikeshedding about the exact value, 2 hours is a bit of a strawman.~~

**Edit: updated this to 24 hours instead of 2 hours.**

This is a breaking change if you rely on infinite TTL tokens (e.g., if you had an ASG group of worker nodes). The old behavior is easily restored by passing `--token-ttl 0` to `kubeadm init` or the `--ttl 0` flag to `kubeadm token create`.

**Which issue this PR fixes**: fixes https://github.com/kubernetes/kubeadm/issues/343

**Special notes for your reviewer**:
This was discussed earlier today in SIG-cluster-lifecycle

**Release note**:
```release-note
Change the default kubeadm bootstrap token TTL from infinite to 24 hours. This is a breaking change. If you require the old behavior, use `kubeadm init --token-ttl 0` / `kubeadm token create --ttl 0`.
```

cc @jbeda
This commit is contained in:
Kubernetes Submit Queue 2017-07-14 10:53:51 -07:00 committed by GitHub
commit 47f86ddb04

View File

@ -84,8 +84,8 @@ const (
MinimumAddressesInServiceSubnet = 10
// DefaultTokenDuration specifies the default amount of time that a bootstrap token will be valid
// Default behaviour is "never expire" == 0
DefaultTokenDuration = 0
// Default behaviour is 24 hours
DefaultTokenDuration = 24 * time.Hour
// LabelNodeRoleMaster specifies that a node is a master
// It's copied over to kubeadm until it's merged in core: https://github.com/kubernetes/kubernetes/pull/39112