Strip tokens from kubeadm-config config map

cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go

@@ -40,6 +40,9 @@ func UploadConfiguration(cfg *kubeadmapi.MasterConfiguration, client clientset.I
 	externalcfg := &kubeadmapiext.MasterConfiguration{}
 	api.Scheme.Convert(cfg, externalcfg, nil)
 
+	// Removes sensitive info from the data that will be stored in the config map
+	externalcfg.Token = ""
+
 	cfgYaml, err := yaml.Marshal(*externalcfg)
 	if err != nil {
 		return err

cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go

@@ -64,6 +64,7 @@ func TestUploadConfiguration(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			cfg := &kubeadmapi.MasterConfiguration{
 				KubernetesVersion: "1.7.3",
+				Token:             "1234567",
 			}
 			client := clientsetfake.NewSimpleClientset()
 			if tt.errOnCreate != nil {
@@ -108,6 +109,10 @@ func TestUploadConfiguration(t *testing.T) {
 				if decodedCfg.KubernetesVersion != cfg.KubernetesVersion {
 					t.Errorf("Decoded value doesn't match, decoded = %#v, expected = %#v", decodedCfg.KubernetesVersion, cfg.KubernetesVersion)
 				}
+
+				if decodedCfg.Token != "" {
+					t.Errorf("Decoded value contains token (sensitive info), decoded = %#v, expected = empty", decodedCfg.Token)
+				}
 			}
 		})
 	}