From 36c5023d47b69578347584033334c002af313e6e Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@rancher.com>
Date: Sat, 9 Nov 2019 04:18:56 +0000
Subject: [PATCH 1/2] Wrong address used

Fixes three issues
1. Use localaddr, not remoteadd for CN
2. Don't return error from net.Listener.Accept
3. Try three times to save secret
---
 listener.go                      |  8 ++++++--
 storage/kubernetes/controller.go | 11 ++++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/listener.go b/listener.go
index 7ba1a69..eaec9b5 100644
--- a/listener.go
+++ b/listener.go
@@ -68,7 +68,7 @@ func (l *listener) Accept() (net.Conn, error) {
 		return conn, err
 	}
 
-	addr := conn.RemoteAddr()
+	addr := conn.LocalAddr()
 	if addr == nil {
 		return conn, nil
 	}
@@ -79,7 +79,11 @@ func (l *listener) Accept() (net.Conn, error) {
 		return conn, nil
 	}
 
-	return conn, l.updateCert(host)
+	if err := l.updateCert(host); err != nil {
+		logrus.Infof("failed to create TLS cert for: %s", host)
+	}
+
+	return conn, nil
 }
 
 func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
diff --git a/storage/kubernetes/controller.go b/storage/kubernetes/controller.go
index 64ed536..ec8eef0 100644
--- a/storage/kubernetes/controller.go
+++ b/storage/kubernetes/controller.go
@@ -127,7 +127,16 @@ func (s *storage) Update(secret *v1.Secret) (err error) {
 	s.Lock()
 	defer s.Unlock()
 
-	secret, err = s.saveInK8s(secret)
+	for i := 0; i < 3; i++ {
+		secret, err = s.saveInK8s(secret)
+		if errors.IsConflict(err) {
+			continue
+		} else if err != nil {
+			return err
+		}
+		break
+	}
+
 	if err != nil {
 		return err
 	}

From 6c7ccae2fc2bd8e5c089819b7ceffc5fbf2def99 Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@rancher.com>
Date: Sun, 10 Nov 2019 03:51:22 +0000
Subject: [PATCH 2/2] Save secret to k8s on start

---
 storage/kubernetes/controller.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/storage/kubernetes/controller.go b/storage/kubernetes/controller.go
index ec8eef0..d6c163c 100644
--- a/storage/kubernetes/controller.go
+++ b/storage/kubernetes/controller.go
@@ -73,6 +73,11 @@ func (s *storage) init(secrets v1controller.SecretController) {
 		return secret, nil
 	})
 	s.secrets = secrets
+
+	secret, err := s.storage.Get()
+	if err == nil && secret != nil {
+		s.saveInK8s(secret)
+	}
 }
 
 func (s *storage) Get() (*v1.Secret, error) {
@@ -115,10 +120,10 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) {
 	targetSecret.Data = secret.Data
 
 	if targetSecret.UID == "" {
-		logrus.Infof("Creating new TLS secret for %v", targetSecret.Annotations)
+		logrus.Infof("Creating new TLS secret for %v (count: %d)", targetSecret.Name, len(targetSecret.Data)-1)
 		return s.secrets.Create(targetSecret)
 	} else {
-		logrus.Infof("Updating TLS secret for %v", targetSecret.Annotations)
+		logrus.Infof("Updating TLS secret for %v (count: %d)", targetSecret.Name, len(targetSecret.Data)-1)
 		return s.secrets.Update(targetSecret)
 	}
 }