From 06bd22ebf95caa4a6e3ccb52aabae1f88d45a085 Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyer@heptio.com>
Date: Wed, 12 Jul 2017 14:50:14 -0700
Subject: [PATCH] kubeadm: add a warning about the default token TTL changing
 in 1.8

This adds a warning to `kubeadm init` and `kubeadm token create` if they are run without the `--token-ttl` / `--ttl` flags. In 1.7 and before, the tokens generated by these commands defaulted to an infinite TTL (no expiration) in 1.8, they will generate a token with a 24 hour TTL.

The actual default change is in https://github.com/kubernetes/kubernetes/pull/48783. This change is separate so we can cherry pick the warning into the release-1.7 branch.
---
 cmd/kubeadm/app/cmd/init.go  | 6 ++++++
 cmd/kubeadm/app/cmd/token.go | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go
index 0fbf7f87f8c..6ab8ea4942d 100644
--- a/cmd/kubeadm/app/cmd/init.go
+++ b/cmd/kubeadm/app/cmd/init.go
@@ -87,6 +87,12 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 			i, err := NewInit(cfgPath, internalcfg, skipPreFlight, skipTokenPrint)
 			kubeadmutil.CheckErr(err)
 			kubeadmutil.CheckErr(i.Validate(cmd))
+
+			// TODO: remove this warning in 1.9
+			if !cmd.Flags().Lookup("token-ttl").Changed {
+				fmt.Println("[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)")
+			}
+
 			kubeadmutil.CheckErr(i.Run(out))
 		},
 	}
diff --git a/cmd/kubeadm/app/cmd/token.go b/cmd/kubeadm/app/cmd/token.go
index e496709b884..7e542f54644 100644
--- a/cmd/kubeadm/app/cmd/token.go
+++ b/cmd/kubeadm/app/cmd/token.go
@@ -109,6 +109,12 @@ func NewCmdToken(out io.Writer, errW io.Writer) *cobra.Command {
 			client, err := kubeconfigutil.ClientSetFromFile(kubeConfigFile)
 			kubeadmutil.CheckErr(err)
 
+			// TODO: remove this warning in 1.9
+			if !tokenCmd.Flags().Lookup("ttl").Changed {
+				// sending this output to stderr s
+				fmt.Fprintln(errW, "[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --ttl 0)")
+			}
+
 			err = RunCreateToken(out, client, token, tokenDuration, usages, description)
 			kubeadmutil.CheckErr(err)
 		},