Use node-token from an env-var instead of a file

This reduces the risk of the resulting file being committed Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
alexellis · Oct 27, 2023 · d35edd4 · d35edd4
1 parent 3e94ac6
commit d35edd4
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 15 deletions.
diff --git a/cmd/join.go b/cmd/join.go
@@ -66,7 +66,8 @@ func MakeJoin() *cobra.Command {
 
 	command.Flags().Bool("server", false, "Join the cluster as a server rather than as an agent for the embedded etcd mode")
 	command.Flags().Bool("print-command", false, "Print a command that you can use with SSH to manually recover from an error")
-	command.Flags().String("node-token-path", "", "prefetched token used by nodes to join the cluster")
+	command.Flags().String("node-token-path", "", "file containing --node-token")
+	command.Flags().String("node-token", "", "prefetched token used by nodes to join the cluster")
 
 	command.Flags().String("k3s-extra-args", "", "Additional arguments to pass to k3s installer, wrapped in quotes (e.g. --k3s-extra-args '--node-taint key=value:NoExecute')")
 	command.Flags().String("k3s-version", "", "Set a version to install, overrides k3s-channel")
@@ -86,14 +87,18 @@ func MakeJoin() *cobra.Command {
 
 		var nodeToken string
 
-		nodeTokenPath, _ := command.Flags().GetString("node-token-path")
-		if len(nodeTokenPath) > 0 {
-			data, err := os.ReadFile(nodeTokenPath)
-			if err != nil {
-				return err
+		if command.Flags().Changed("node-token") {
+			nodeToken, _ = command.Flags().GetString("node-token")
+		} else if command.Flags().Changed("node-token-path") {
+			nodeTokenPath, _ := command.Flags().GetString("node-token-path")
+			if len(nodeTokenPath) > 0 {
+				data, err := os.ReadFile(nodeTokenPath)
+				if err != nil {
+					return err
+				}
+
+				nodeToken = strings.TrimSpace(string(data))
 			}
-
-			nodeToken = strings.TrimSpace(string(data))
 		}
 
 		host, err := command.Flags().GetString("host")
@@ -135,7 +140,7 @@ func MakeJoin() *cobra.Command {
 			return err
 		}
 
-		fmt.Printf("Agent: %s Server: %s\n", serverHost, host)
+		fmt.Printf("Joining %s => %s\n", host, serverHost)
 		if len(serverURL) > 0 {
 			fmt.Printf("Server join URL: %s\n", serverURL)
 		}

diff --git a/cmd/plan.go b/cmd/plan.go
@@ -95,7 +95,7 @@ Input file format, in JSON:
 		for i, host := range hosts {
 			if serversAdded == 0 {
 
-				script += `echo ""Setting up primary server 1
+				script += `echo "Setting up primary server 1"
 `
 
 				script += fmt.Sprintf(`k3sup install --host %s \
@@ -112,28 +112,30 @@ Input file format, in JSON:
 				script += fmt.Sprintf(`
 echo "Fetching the server's node-token into memory"
 
-NODE_TOKEN=$(k3sup node-token --host %s --user %s)
+export NODE_TOKEN=$(k3sup node-token --host %s --user %s)
 `, host.IP, user)
 
 				serversAdded = 1
 				primaryServer = host
 			} else if serversAdded < servers {
 				script += fmt.Sprintf("\necho \"Setting up additional server: %d\"\n", serversAdded+1)
 
-				script += fmt.Sprintf(`k3sup join --host %s \
+				script += fmt.Sprintf(`k3sup join \
+--host %s \
 --server-host %s \
 --server \
---node-token-path $NODE_TOKEN \
+--node-token "$NODE_TOKEN" \
 --user %s%s%s
 `, host.IP, primaryServer.IP, user, tlsSanStr, bgStr)
 
 				serversAdded++
 			} else {
 				script += fmt.Sprintf("\necho \"Setting up worker: %d\"\n", (i+1)-serversAdded)
 
-				script += fmt.Sprintf(`k3sup join --host %s \
+				script += fmt.Sprintf(`k3sup join \
+--host %s \
 --server-host %s \
---node-token-path $NODE_TOKEN \
+--node-token "$NODE_TOKEN" \
 --user %s%s
 `, host.IP, primaryServer.IP, user, bgStr)
 			}