From 9e0d9c6a13f88d253535d916b0623e1e4f1c04fd Mon Sep 17 00:00:00 2001 From: Fang-Pen Lin Date: Fri, 22 Sep 2023 23:49:10 -0700 Subject: [PATCH] Fix wrong controller port used for pre-generated tokens command The port number of controller used in the custom CA cert doc's pre-generated tokens section is wrong. It's using `6443`, that's for `kube-apiserver`. But what we need here is `9443` actually (the k0s-api). Took me a while debugging to find out that k0s is trying to join the controller server with a wrong port Signed-off-by: Fang-Pen Lin --- docs/custom-ca.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/custom-ca.md b/docs/custom-ca.md index bd750168b286..6805a02a3387 100644 --- a/docs/custom-ca.md +++ b/docs/custom-ca.md @@ -30,3 +30,11 @@ k0s token pre-shared --role worker --cert /var/lib/k0s/pki/ca.crt --url https:// The command above generates a join token and a Secret. A Secret should be deployed to the cluster to authorize the token. For example, you can put the Secret under the [manifest](manifests.md) directory and it will be deployed automatically. + +Please note that if you are generating a join token for a controller, the port number needs to be 9443 instead of 6443. +Controller bootstrapping requires talking to the k0s-apiserver instead of the kube-apiserver. +Here's an example of a command for pre-generating a token for a controller. + +```shell +k0s token pre-shared --role controller --cert /var/lib/k0s/pki/ca.crt --url https://:9443/ +```