From b30485cc03cc2a29c48f04ec7fd71aae406575cd Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Sun, 4 Feb 2018 01:24:56 -0500 Subject: [PATCH] When using the bootstrap cert, update the store Otherwise, the certificate store will return nil the first time a store cert is accessed. When background rotation is being used, prevents the client from being nil. Kubernetes-commit: b81f4745546340f08abd3f877c585aac9581d0f0 --- util/certificate/certificate_manager.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/util/certificate/certificate_manager.go b/util/certificate/certificate_manager.go index a2d1feaf..e189c847 100644 --- a/util/certificate/certificate_manager.go +++ b/util/certificate/certificate_manager.go @@ -268,6 +268,13 @@ func getCurrentCertificateOrBootstrap( return nil, false, fmt.Errorf("unable to parse certificate data: %v", err) } bootstrapCert.Leaf = certs[0] + + if _, err := store.Update(bootstrapCertificatePEM, bootstrapKeyPEM); err != nil { + utilruntime.HandleError(fmt.Errorf("Unable to set the cert/key pair to the bootstrap certificate: %v", err)) + } else { + glog.V(4).Infof("Updated the store to contain the initial bootstrap certificate") + } + return &bootstrapCert, true, nil }