Feature: Fetch join tokens from URL for automated cloud-init based provisioning #6693
Description
Add support for fetching k0s join tokens from HTTP/HTTPS URLs instead of requiring local file paths. This enables pull-based node provisioning workflows where nodes fetch their tokens from a central service when URL location is known beforehand.
Possible use-case: Cloud-Init with Link-Local Token Server (AWS-style)
When deploying/extending k0s cluster (extending means no ClusterAPI is available), operators often need to provision new nodes automatically. Instead of the current push-based approach (manually distributing tokens to each node), this feature enables a pull-based model:
Setup:
- Deploy a token provisioning service on a link-local address (e.g., 169.254.169.254 AWS metadata style)
- Service generates and serves k0s node-specific tokens based on request metadata (hostname, machine-id, architecture)
- Configure cloud-init to join nodes using URL-based token fetch
Example cloud-init configuration:
#cloud-config
runcmd:
- k0s install worker --token-file "http://169.254.169.254/k0s/token"
- systemctl start k0sworker