Make k3s token as non-sensitive value

In order to have more information during provisionning, I make this token as non-sensitive value. This didn't have any issue on security because it is never showed on logs.
xunleii · Nov 11, 2023 · ab545ba · ab545ba
1 parent 3791d3f
commit ab545ba
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/agent_nodes.tf b/agent_nodes.tf
@@ -47,7 +47,7 @@ locals {
           "--node-ip ${agent.ip}",
           "--node-name '${try(agent.name, key)}'",
           "--server https://${local.root_advertise_ip_k3s}:6443",
-          "--token ${random_password.k3s_cluster_secret.result}",
+          "--token ${nonsensitive(random_password.k3s_cluster_secret.result)}", # NOTE: nonsensitive is used to show logs during provisioning
         ],
         var.global_flags,
         try(agent.flags, []),

diff --git a/server_nodes.tf b/server_nodes.tf
@@ -94,7 +94,7 @@ locals {
           "--cluster-domain '${var.cluster_domain}'",
           "--cluster-cidr ${var.cidr.pods}",
           "--service-cidr ${var.cidr.services}",
-          "--token ${random_password.k3s_cluster_secret.result}",
+          "--token ${nonsensitive(random_password.k3s_cluster_secret.result)}", # NOTE: nonsensitive is used to show logs during provisioning
           length(var.servers) > 1 ? "--cluster-init" : "",
         ] :
         // For other server nodes, use agent flags (because the first node manage the cluster configuration)
@@ -105,7 +105,7 @@ locals {
           "--cluster-domain '${var.cluster_domain}'",
           "--cluster-cidr ${var.cidr.pods}",
           "--service-cidr ${var.cidr.services}",
-          "--token ${random_password.k3s_cluster_secret.result}",
+          "--token ${nonsensitive(random_password.k3s_cluster_secret.result)}", # NOTE: nonsensitive is used to show logs during provisioning
         ],
         var.global_flags,
         try(server.flags, []),