From 391e36c0ac98e5385f47d697b1450d50045a73c2 Mon Sep 17 00:00:00 2001
From: Malte Poll <mp@edgeless.systems>
Date: Mon, 28 Mar 2022 11:33:28 +0200
Subject: [PATCH] create and use kubeadm join token with no expiry

---
 coordinator/kubernetes/k8sapi/util.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/coordinator/kubernetes/k8sapi/util.go b/coordinator/kubernetes/k8sapi/util.go
index dbba86800..3f2f1e278 100644
--- a/coordinator/kubernetes/k8sapi/util.go
+++ b/coordinator/kubernetes/k8sapi/util.go
@@ -79,8 +79,23 @@ func (k *KubernetesUtil) InitCluster(initConfig []byte) (*kubeadm.BootstrapToken
 
 	// Splits the string into a slice, where earch slice-element contains one line from the previous string
 	splittedJoinCommand := strings.SplitN(joinCommand, "\n", 2)
+	joinConfig, err := ParseJoinCommand(splittedJoinCommand[0])
+	if err != nil {
+		return nil, err
+	}
 
-	return ParseJoinCommand(splittedJoinCommand[0])
+	// create extra join token without expiration
+	cmd = exec.Command("kubeadm", "token", "create", "--ttl", "0")
+	joinToken, err := cmd.Output()
+	if err != nil {
+		var exitErr *exec.ExitError
+		if errors.As(err, &exitErr) {
+			return nil, fmt.Errorf("kubeadm token create failed (code %v) with: %s", exitErr.ExitCode(), exitErr.Stderr)
+		}
+		return nil, fmt.Errorf("kubeadm token create failed: %w", err)
+	}
+	joinConfig.Token = strings.TrimSpace(string(joinToken))
+	return joinConfig, nil
 }
 
 // SetupPodNetwork sets up the flannel pod network.