From 00e317250d0d4a1aedb91717064c37628bcd7da8 Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Sat, 8 Sep 2018 02:23:47 +0200
Subject: [PATCH] Fix requestheaqder ca certificate regeneration

---
 cluster/certificates.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/cluster/certificates.go b/cluster/certificates.go
index 5c7f468d..bca05317 100644
--- a/cluster/certificates.go
+++ b/cluster/certificates.go
@@ -126,6 +126,8 @@ func getClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, etcd
 		pki.KubeControllerCertName,
 		pki.KubeSchedulerCertName,
 		pki.KubeAdminCertName,
+		pki.APIProxyClientCertName,
+		pki.RequestHeaderCACertName,
 	}
 
 	for _, etcdHost := range etcdHosts {
@@ -136,11 +138,16 @@ func getClusterCerts(ctx context.Context, kubeClient *kubernetes.Clientset, etcd
 	certMap := make(map[string]pki.CertificatePKI)
 	for _, certName := range certificatesNames {
 		secret, err := k8s.GetSecret(kubeClient, certName)
-		if err != nil && !strings.HasPrefix(certName, "kube-etcd") {
+		if err != nil && !strings.HasPrefix(certName, "kube-etcd") &&
+			!strings.Contains(certName, pki.RequestHeaderCACertName) &&
+			!strings.Contains(certName, pki.APIProxyClientCertName) {
 			return nil, err
 		}
-		// If I can't find an etcd cert, I will not fail and will create it later.
-		if (secret == nil || secret.Data == nil) && strings.HasPrefix(certName, "kube-etcd") {
+		// If I can't find an etcd, requestheader, or proxy client cert, I will not fail and will create it later.
+		if (secret == nil || secret.Data == nil) &&
+			(strings.HasPrefix(certName, "kube-etcd") ||
+				strings.Contains(certName, pki.RequestHeaderCACertName) ||
+				strings.Contains(certName, pki.APIProxyClientCertName)) {
 			certMap[certName] = pki.CertificatePKI{}
 			continue
 		}