From 3ec453d0d000a9bd3244d9d455f715bfe64d2e6b Mon Sep 17 00:00:00 2001
From: Clayton Coleman <ccoleman@redhat.com>
Date: Thu, 2 Nov 2017 00:34:34 -0400
Subject: [PATCH] When cert dir is relative, cert rotation builds incorrect
 symlinks

Symlinks relative to a working directory were being constructed to the
wrong location, leading to failure to refresh client certs.
---
 .../k8s.io/client-go/util/certificate/certificate_store.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/staging/src/k8s.io/client-go/util/certificate/certificate_store.go b/staging/src/k8s.io/client-go/util/certificate/certificate_store.go
index 029f9916b77..42a40dcdf00 100644
--- a/staging/src/k8s.io/client-go/util/certificate/certificate_store.go
+++ b/staging/src/k8s.io/client-go/util/certificate/certificate_store.go
@@ -266,6 +266,13 @@ func (s *fileStore) updateSymlink(filename string) error {
 		return fmt.Errorf("file %q does not exist so it can not be used as the currently selected cert/key", filename)
 	}
 
+	// Ensure the source path is absolute to ensure the symlink target is
+	// correct when certDirectory is a relative path.
+	filename, err := filepath.Abs(filename)
+	if err != nil {
+		return err
+	}
+
 	// Create the 'updated' symlink pointing to the requested file name.
 	if err := os.Symlink(filename, updatedPath); err != nil {
 		return fmt.Errorf("unable to create a symlink from %q to %q: %v", updatedPath, filename, err)