From d8bf802b6691256fffa25729d8e6f9230b52eadc Mon Sep 17 00:00:00 2001
From: "Dr. Stefan Schimanski" <stefan.schimanski@gmail.com>
Date: Wed, 22 Aug 2018 12:30:24 +0200
Subject: [PATCH] kube-apiserver: create always
 configmap/extension-apiserver-authentication

Other components read the configmap and fail if it does not exist. Possibly not
every cluster has a client-ca or a request-header-ca.
---
 pkg/master/client_ca_hook.go | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/pkg/master/client_ca_hook.go b/pkg/master/client_ca_hook.go
index 3f1daa86c8f..0a01a408627 100644
--- a/pkg/master/client_ca_hook.go
+++ b/pkg/master/client_ca_hook.go
@@ -41,11 +41,6 @@ type ClientCARegistrationHook struct {
 }
 
 func (h ClientCARegistrationHook) PostStartHook(hookContext genericapiserver.PostStartHookContext) error {
-	// no work to do
-	if len(h.ClientCA) == 0 && len(h.RequestHeaderCA) == 0 {
-		return nil
-	}
-
 	// initializing CAs is important so that aggregated API servers can come up with "normal" config.
 	// We've seen lagging etcd before, so we want to retry this a few times before we decide to crashloop
 	// the API server on it.
@@ -68,7 +63,6 @@ func (h ClientCARegistrationHook) PostStartHook(hookContext genericapiserver.Pos
 	}
 
 	return nil
-
 }
 
 // tryToWriteClientCAs is here for unit testing with a fake client.  This is a wait.ConditionFunc so the bool