Merge pull request #44588 from dmmcquay/kubeadm_skip_token_print

Automatic merge from submit-queue (batch tested with PRs 44601, 44842, 44893, 44491, 44588)

kubeadm: add flag to skip token print out

**What this PR does / why we need it**: When kubeadm init is used in an automated context, it still prints the token to standard out. When standard output ends up in a log file, it can be considered that the token is leaked there and can be compromised. This PR adds a flag you can select to not have it print out and explicitly disable this behavior.

This is a continuation from https://github.com/kubernetes/kubernetes/pull/42823 since it had to be closed.

**Which issue this PR fixes** : fixes #https://github.com/kubernetes/kubeadm/issues/160

**Special notes for your reviewer**: /cc @luxas @errordeveloper 

**Release note**:
```release-note
NONE
```

cmd/kubeadm/app/cmd/init.go

@@ -72,6 +72,7 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 
 	var cfgPath string
 	var skipPreFlight bool
+	var skipTokenPrint bool
 	cmd := &cobra.Command{
 		Use:   "init",
 		Short: "Run this in order to set up the Kubernetes master",
@@ -80,7 +81,7 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 			internalcfg := &kubeadmapi.MasterConfiguration{}
 			api.Scheme.Convert(cfg, internalcfg, nil)
 
-			i, err := NewInit(cfgPath, internalcfg, skipPreFlight)
+			i, err := NewInit(cfgPath, internalcfg, skipPreFlight, skipTokenPrint)
 			kubeadmutil.CheckErr(err)
 			kubeadmutil.CheckErr(i.Validate())
 			kubeadmutil.CheckErr(i.Run(out))
@@ -126,6 +127,10 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 		&skipPreFlight, "skip-preflight-checks", skipPreFlight,
 		"Skip preflight checks normally run before modifying the system",
 	)
+	cmd.PersistentFlags().BoolVar(
+		&skipTokenPrint, "skip-token-print", skipTokenPrint,
+		"Skip printing of the default bootstrap token generated by 'kubeadm init'",
+	)
 
 	cmd.PersistentFlags().StringVar(
 		&cfg.Token, "token", cfg.Token,
@@ -138,7 +143,7 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 	return cmd
 }
 
-func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, skipPreFlight bool) (*Init, error) {
+func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, skipPreFlight, skipTokenPrint bool) (*Init, error) {
 
 	fmt.Println("[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.")
 
@@ -177,11 +182,12 @@ func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, skipPreFlight
 	// Try to start the kubelet service in case it's inactive
 	preflight.TryStartKubelet()
 
-	return &Init{cfg: cfg}, nil
+	return &Init{cfg: cfg, skipTokenPrint: skipTokenPrint}, nil
 }
 
 type Init struct {
 	cfg            *kubeadmapi.MasterConfiguration
+	skipTokenPrint bool
 }
 
 // Validate validates configuration passed to "kubeadm init"
@@ -232,7 +238,9 @@ func (i *Init) Run(out io.Writer) error {
 	}
 
 	// PHASE 4: Set up the bootstrap tokens
+	if !i.skipTokenPrint {
 		fmt.Printf("[token] Using token: %s\n", i.cfg.Token)
+	}
 
 	tokenDescription := "The default bootstrap token generated by 'kubeadm init'."
 	if err := tokenphase.UpdateOrCreateToken(client, i.cfg.Token, false, i.cfg.TokenTTL, kubeadmconstants.DefaultTokenUsages, tokenDescription); err != nil {
@@ -267,6 +275,9 @@ func (i *Init) Run(out io.Writer) error {
 		"MasterIP":       i.cfg.API.AdvertiseAddress,
 		"MasterPort":     strconv.Itoa(int(i.cfg.API.BindPort)),
 	}
+	if i.skipTokenPrint {
+		ctx["Token"] = "<value withheld>"
+	}
 
 	return initDoneTempl.Execute(out, ctx)
 }

hack/verify-flags/known-flags.txt

@@ -648,6 +648,7 @@ since-time
 skip-generated-rewrite
 skip-munges
 skip-preflight-checks
+skip-token-print
 skip-unsafe
 sort-by
 source-file