This message was deleted Rancher Users #rke2

Join Slack

This message was deleted.

# rke2

adamant-kite-43734

07/11/2024, 9:38 AM

This message was deleted.

salmon-morning-84088

07/11/2024, 11:32 AM

Got a partial answer by trying it out. I'm getting this error if using the bootstrap token as credentials:

panic: failed to normalize server token; must be in format K10<CA-HASH>::<USERNAME>:<PASSWORD> or <PASSWORD>

Still it's unclear to me if

server

is a reserved username or if it is arbitrary.

sparse-fireman-14239

07/11/2024, 2:35 PM

It's arbitrary, the token can be whatever you like

😕 1

creamy-pencil-82913

07/11/2024, 4:53 PM

https://docs.k3s.io/cli/token#token-format

creamy-pencil-82913

07/11/2024, 4:53 PM

The secure token format (occasionally referred to as a “full” token) contains the following parts:

<prefix><cluster CA hash>::<credentials>

• `prefix`: a fixed
K10
prefix that identifies the token format

• `cluster CA hash`: The hash of the cluster’s server CA certificate, used to authenticate the server to the joining node.

◦ For self-signed CA certificates, this is the SHA256 sum of the PEM-formatted certificate, as stored on disk.

◦ For custom CA certificates, this is the SHA256 sum of the DER encoding of the root certificate; commonly known as the certificate fingerprint.

• `credentials`: The username and password, or bearer token, used to authenticate the joining node to the cluster.

creamy-pencil-82913

07/11/2024, 4:55 PM

the username needs to be server for the server token, and node for the agent token. If you are using bootstrap tokens, there is no username portion, because it uses it as a bearer token instead of basic auth credential

👍 1

145 Views

Open in Slack

Previous Next