From 32e10710411a7962a084859d43e030d4e0dc7a44 Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Tue, 19 Mar 2019 11:06:01 +0200
Subject: [PATCH] Handle missing service account token key when fetching certs
 from nodes

---
 cluster/certificates.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cluster/certificates.go b/cluster/certificates.go
index 7ed3ceed..41c2b2fc 100644
--- a/cluster/certificates.go
+++ b/cluster/certificates.go
@@ -212,6 +212,12 @@ func GetClusterCertsFromNodes(ctx context.Context, kubeCluster *Cluster) (map[st
 	for _, host := range backupHosts {
 		certificates, err = pki.FetchCertificatesFromHost(ctx, kubeCluster.EtcdHosts, host, kubeCluster.SystemImages.Alpine, kubeCluster.LocalKubeConfigPath, kubeCluster.PrivateRegistriesMap)
 		if certificates != nil {
+			// Handle service account token key issue
+			kubeAPICert := certificates[pki.KubeAPICertName]
+			if certificates[pki.ServiceAccountTokenKeyName].Key == nil {
+				log.Infof(ctx, "[certificates] Creating service account token key")
+				certificates[pki.ServiceAccountTokenKeyName] = pki.ToCertObject(pki.ServiceAccountTokenKeyName, pki.ServiceAccountTokenKeyName, "", kubeAPICert.Certificate, kubeAPICert.Key, nil)
+			}
 			return certificates, nil
 		}
 	}