From 888fe4b175240879ee4abecb975be8882227b0f2 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Mon, 19 Jan 2015 12:25:52 -0500
Subject: [PATCH] Build TLS client for kubelet correctly

---
 pkg/client/kubelet.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/client/kubelet.go b/pkg/client/kubelet.go
index 503f409282c..8c1c5b7186b 100644
--- a/pkg/client/kubelet.go
+++ b/pkg/client/kubelet.go
@@ -60,7 +60,9 @@ type HTTPKubeletClient struct {
 
 func NewKubeletClient(config *KubeletConfig) (KubeletClient, error) {
 	transport := http.DefaultTransport
-	if config.CertFile != "" {
+	hasCA := len(config.CAFile) > 0 || len(config.CAData) > 0
+	hasCert := len(config.CertFile) > 0 || len(config.CertData) > 0
+	if hasCert {
 		var (
 			certData, keyData, caData []byte
 			err                       error
@@ -77,7 +79,7 @@ func NewKubeletClient(config *KubeletConfig) (KubeletClient, error) {
 		if transport, err = NewClientCertTLSTransport(certData, keyData, caData); err != nil {
 			return nil, err
 		}
-	} else if config.CAFile != "" {
+	} else if hasCA {
 		var (
 			caData []byte
 			err    error