Skip to content

Implement token fetch from URL #6673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
s3rj1k wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Implement token fetch from URL #6673

s3rj1k wants to merge 1 commit into from
+593 −32

Conversation

@s3rj1k
Copy link
Contributor

@s3rj1k s3rj1k commented Nov 15, 2025
edited
Loading

Enables fetching join tokens from HTTP/HTTPS URLs in addition to local file paths. The --token-file flag now accepts URLs, allowing tokens to be served dynamically from a token server (--insecure-token-fetch flag skips TLS certificate verification when needed).

When fetching from a URL, the following query parameters are automatically appended:

  • hostname - current node hostname
  • arch - system architecture (e.g., amd64, arm64)
  • machine-id - contents of /etc/machine-id (if available)

Implements client-side part of #6693

@s3rj1k s3rj1k force-pushed the token-from-url branch 7 times, most recently from 3fc6c7d to 85a414b Compare November 17, 2025 13:20
@s3rj1k
Copy link
Contributor Author

s3rj1k commented Nov 17, 2025

Demo setup, needs at least 3 nodes to test controller and worker joining.

Need to put build artifacts into all 3 nodes manually, below is a Cheatsheet for setting up demo.

Node 1 (initial CP node):

    k0s install controller \
        --enable-dynamic-config \
        --disable-components=konnectivity-server \
        --enable-worker \
        --no-taints \
        --kubelet-root-dir=/var/lib/kubelet \
        --verbose

    systemctl enable --now k0scontroller

    k0s token create > /var/www/html/worker.token
    k0s token create --role controller > /var/www/html/controller.token

    k0s token list --role=worker
    k0s token list --role=controller

    # Needs Nginx or any other webserver
    curl http://10.42.71.101/worker.token
    curl http://10.42.71.101/controller.token

Node 2 (worker):

    k0s install worker --token-file=http://10.42.71.101/worker.token --kubelet-root-dir=/var/lib/kubelet --verbose
    systemctl enable --now k0sworker
    # journalctl -f -u k0sworker
    # k0s reset --kubelet-root-dir=/var/lib/kubelet --verbose

Node 3 (controller):

    k0s install controller \
        --enable-dynamic-config \
        --disable-components=konnectivity-server \
        --enable-worker \
        --no-taints \
        --kubelet-root-dir=/var/lib/kubelet \
        --token-file=http://10.42.71.101/controller.token \
        --verbose

    systemctl enable --now k0scontroller
    # journalctl -f -u k0scontroller
    # k0s reset --kubelet-root-dir=/var/lib/kubelet --verbose

@s3rj1k s3rj1k marked this pull request as ready for review November 17, 2025 13:30
@s3rj1k s3rj1k requested review from a team as code owners November 17, 2025 13:30
@s3rj1k s3rj1k requested review from ncopa and twz123 November 17, 2025 13:30
@s3rj1k
Implement token fetch from URL
c1d938a 
Signed-off-by: s3rj1k <evasive.gyron@gmail.com>
@s3rj1k
Copy link
Contributor Author

s3rj1k commented Dec 3, 2025
edited
Loading

After disscussion with @makhov, converting this to draft for a time, we will get back to this after functionality from

would land in some way or another

@s3rj1k s3rj1k marked this pull request as draft December 3, 2025 09:24
@s3rj1k s3rj1k mentioned this pull request Dec 19, 2025
Open
@github-actions
Copy link
Contributor

github-actions bot commented Jan 3, 2026

The PR is marked as stale since no activity has been recorded in 30 days

@github-actions github-actions bot added Stale and removed Stale labels Jan 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ncopa ncopa Awaiting requested review from ncopa ncopa is a code owner automatically assigned from k0sproject/k0s-maintainers

@twz123 twz123 Awaiting requested review from twz123 twz123 is a code owner automatically assigned from k0sproject/k0s-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@s3rj1k