fix panic with SIGSEGV in kubeadm certs check-expiration

cmd/kubeadm/app/phases/certs/renewal/manager.go

@@ -322,7 +322,7 @@ func (rm *Manager) CertificateExists(name string) (bool, error) {
 		return false, errors.Errorf("%s is not a known certificate", name)
 	}
 
-	return handler.readwriter.Exists(), nil
+	return handler.readwriter.Exists()
 }
 
 // GetCertificateExpirationInfo returns certificate expiration info.
@@ -358,7 +358,7 @@ func (rm *Manager) CAExists(name string) (bool, error) {
 		return false, errors.Errorf("%s is not a known certificate", name)
 	}
 
-	return handler.readwriter.Exists(), nil
+	return handler.readwriter.Exists()
 }
 
 // GetCAExpirationInfo returns CA expiration info.

cmd/kubeadm/app/phases/certs/renewal/manager_test.go

@@ -54,8 +54,8 @@ type fakecertificateReadWriter struct {
 	cert  *x509.Certificate
 }
 
-func (cr fakecertificateReadWriter) Exists() bool {
+func (cr fakecertificateReadWriter) Exists() (bool, error) {
-	return cr.exist
+	return cr.exist, nil
 }
 
 func (cr fakecertificateReadWriter) Read() (*x509.Certificate, error) {

cmd/kubeadm/app/phases/certs/renewal/readwriter.go

@@ -36,7 +36,7 @@ import (
 // read or write a certificate stored/embedded in a file
 type certificateReadWriter interface {
 	//Exists return true if the certificate exists
-	Exists() bool
+	Exists() (bool, error)
 
 	// Read a certificate stored/embedded in a file
 	Read() (*x509.Certificate, error)
@@ -61,17 +61,20 @@ func newPKICertificateReadWriter(certificateDir string, baseName string) *pkiCer
 }
 
 // Exists checks if a certificate exist
-func (rw *pkiCertificateReadWriter) Exists() bool {
+func (rw *pkiCertificateReadWriter) Exists() (bool, error) {
 	certificatePath, _ := pkiutil.PathsForCertAndKey(rw.certificateDir, rw.baseName)
 	return fileExists(certificatePath)
 }
 
-func fileExists(filename string) bool {
+func fileExists(filename string) (bool, error) {
 	info, err := os.Stat(filename)
-	if os.IsNotExist(err) {
+	if err != nil {
-		return false
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
 	}
-	return !info.IsDir()
+	return !info.IsDir(), nil
 }
 
 // Read a certificate from a file the K8s pki managed by kubeadm
@@ -120,7 +123,7 @@ func newKubeconfigReadWriter(kubernetesDir string, kubeConfigFileName string, ce
 }
 
 // Exists checks if a certificate embedded in kubeConfig file exists
-func (rw *kubeConfigReadWriter) Exists() bool {
+func (rw *kubeConfigReadWriter) Exists() (bool, error) {
 	return fileExists(rw.kubeConfigFilePath)
 }
 

cmd/kubeadm/app/phases/certs/renewal/readwriter_test.go

@@ -239,7 +239,7 @@ func TestFileExists(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := fileExists(tt.filename); got != tt.want {
+			if got, _ := fileExists(tt.filename); got != tt.want {
 				t.Errorf("fileExists() = %v, want %v", got, tt.want)
 			}
 		})
@@ -295,7 +295,7 @@ func TestPKICertificateReadWriterExists(t *testing.T) {
 				baseName:       tt.fields.baseName,
 				certificateDir: tt.fields.certificateDir,
 			}
-			if got := rw.Exists(); got != tt.want {
+			if got, _ := rw.Exists(); got != tt.want {
 				t.Errorf("pkiCertificateReadWriter.Exists() = %v, want %v", got, tt.want)
 			}
 		})
@@ -338,7 +338,7 @@ func TestKubeConfigReadWriterExists(t *testing.T) {
 			rw := &kubeConfigReadWriter{
 				kubeConfigFilePath: tt.kubeConfigFilePath,
 			}
-			if got := rw.Exists(); got != tt.want {
+			if got, _ := rw.Exists(); got != tt.want {
 				t.Errorf("kubeConfigReadWriter.Exists() = %v, want %v", got, tt.want)
 			}
 		})