Change join token in gravity

Hi There,

I want to rotate the join token from time to time in gravity since it has no expiration date and and any person who has this token and know the IP address of my cluster can join my cluster, so How I can change the join token and how I can set an expiration time for it.

Yes, join tokens do not have expiration time which is by design. Although these can be made expirable, I’d argue that this would not make your cluster more secure.
As an alternative, for example, you could disallow the 3012 port externally or have even stricter rules - e.g. only allow a specific subnet for the nodes that can join.

Thanks for your reply @Dmitri_Shelenin, do you have an idea on how to make the join token expirable or how to change it, in case I don’t need to close the 3012 port or make it internal use port.

You can replace the token directly in etcd but it is an unsupported operation and you’re going to have to use it at your own risk.
You can use this script as an example to achieve this:

$ ./replace_join_token.sh <new-join-token>