rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-08 18:39:40 +00:00
Code Issues Releases Wiki Activity

Handle missing service account token key when fetching certs from nodes

Browse Source
This commit is contained in:
galal-hussein
2019-03-19 11:06:01 +02:00
committed by Craig Jellick
parent 9fccbfa08e
commit 32e1071041
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cluster/certificates.go
View File

@@ -212,6 +212,12 @@ func GetClusterCertsFromNodes(ctx context.Context, kubeCluster *Cluster) (map[st
for _, host := range backupHosts {
certificates, err = pki.FetchCertificatesFromHost(ctx, kubeCluster.EtcdHosts, host, kubeCluster.SystemImages.Alpine, kubeCluster.LocalKubeConfigPath, kubeCluster.PrivateRegistriesMap)
if certificates != nil {
// Handle service account token key issue
kubeAPICert := certificates[pki.KubeAPICertName]
if certificates[pki.ServiceAccountTokenKeyName].Key == nil {
log.Infof(ctx, "[certificates] Creating service account token key")
certificates[pki.ServiceAccountTokenKeyName] = pki.ToCertObject(pki.ServiceAccountTokenKeyName, pki.ServiceAccountTokenKeyName, "", kubeAPICert.Certificate, kubeAPICert.Key, nil)
}
return certificates, nil
}
}