From ab545babccfc331c5a56285e5ce960479a17604b Mon Sep 17 00:00:00 2001 From: Alexandre Nicolaie Date: Sat, 11 Nov 2023 13:58:06 +0100 Subject: [PATCH] Make k3s token as non-sensitive value In order to have more information during provisionning, I make this token as non-sensitive value. This didn't have any issue on security because it is never showed on logs. --- agent_nodes.tf | 2 +- server_nodes.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/agent_nodes.tf b/agent_nodes.tf index 805f8f5..777cce1 100644 --- a/agent_nodes.tf +++ b/agent_nodes.tf @@ -47,7 +47,7 @@ locals { "--node-ip ${agent.ip}", "--node-name '${try(agent.name, key)}'", "--server https://${local.root_advertise_ip_k3s}:6443", - "--token ${random_password.k3s_cluster_secret.result}", + "--token ${nonsensitive(random_password.k3s_cluster_secret.result)}", # NOTE: nonsensitive is used to show logs during provisioning ], var.global_flags, try(agent.flags, []), diff --git a/server_nodes.tf b/server_nodes.tf index 074c062..3d4b85d 100644 --- a/server_nodes.tf +++ b/server_nodes.tf @@ -94,7 +94,7 @@ locals { "--cluster-domain '${var.cluster_domain}'", "--cluster-cidr ${var.cidr.pods}", "--service-cidr ${var.cidr.services}", - "--token ${random_password.k3s_cluster_secret.result}", + "--token ${nonsensitive(random_password.k3s_cluster_secret.result)}", # NOTE: nonsensitive is used to show logs during provisioning length(var.servers) > 1 ? "--cluster-init" : "", ] : // For other server nodes, use agent flags (because the first node manage the cluster configuration) @@ -105,7 +105,7 @@ locals { "--cluster-domain '${var.cluster_domain}'", "--cluster-cidr ${var.cidr.pods}", "--service-cidr ${var.cidr.services}", - "--token ${random_password.k3s_cluster_secret.result}", + "--token ${nonsensitive(random_password.k3s_cluster_secret.result)}", # NOTE: nonsensitive is used to show logs during provisioning ], var.global_flags, try(server.flags, []),