From f0abf15ea7ec3bcfde0a4e2fd163303bb89f26ec Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Thu, 8 Dec 2016 13:06:16 +0100 Subject: [PATCH 1/2] Do not create self-signed certs if port is zero --- pkg/genericapiserver/options/serving.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/genericapiserver/options/serving.go b/pkg/genericapiserver/options/serving.go index fee39ddf5f6..a807fa3b4b6 100644 --- a/pkg/genericapiserver/options/serving.go +++ b/pkg/genericapiserver/options/serving.go @@ -175,7 +175,7 @@ func (s *ServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) { func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateIPs ...net.IP) error { keyCert := &s.ServerCert.CertKey - if s == nil || len(keyCert.CertFile) != 0 || len(keyCert.KeyFile) != 0 { + if s == nil || s.ServingOptions.BindPort == 0 || len(keyCert.CertFile) != 0 || len(keyCert.KeyFile) != 0 { return nil } From 8abdbfcb1c5bea12bbe36125bb9f889ac735ee07 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Thu, 8 Dec 2016 14:25:29 +0100 Subject: [PATCH 2/2] apiserver: fix potential panic with nil SecureServingOptions --- pkg/genericapiserver/options/serving.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/genericapiserver/options/serving.go b/pkg/genericapiserver/options/serving.go index a807fa3b4b6..e91dcb4e380 100644 --- a/pkg/genericapiserver/options/serving.go +++ b/pkg/genericapiserver/options/serving.go @@ -173,9 +173,11 @@ func (s *ServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) { } func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateIPs ...net.IP) error { + if s == nil { + return nil + } keyCert := &s.ServerCert.CertKey - - if s == nil || s.ServingOptions.BindPort == 0 || len(keyCert.CertFile) != 0 || len(keyCert.KeyFile) != 0 { + if s.ServingOptions.BindPort == 0 || len(keyCert.CertFile) != 0 || len(keyCert.KeyFile) != 0 { return nil }