From 3c6c7f1b7b8bdda3de75cf06a92aebba7c4fddd6 Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Fri, 21 Dec 2018 00:01:42 +0200
Subject: [PATCH] Run rebuild cluster certs from clusterup

---
 cluster/certificates.go | 3 ++-
 cmd/cert.go             | 4 ++--
 cmd/up.go               | 6 +++++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/cluster/certificates.go b/cluster/certificates.go
index fb35a9c7..9bed8fc5 100644
--- a/cluster/certificates.go
+++ b/cluster/certificates.go
@@ -177,7 +177,8 @@ func RotateRKECertificates(ctx context.Context, c *Cluster, flags ExternalFlags,
 			}
 		}
 	}
-	if len(rotateFlags.Services) == 0 {
+	// to handle kontainer engine sending empty string for services
+	if len(rotateFlags.Services) == 0 || (len(rotateFlags.Services) == 1 && rotateFlags.Services[0] == "") {
 		// do not rotate service account token
 		if c.Certificates[pki.ServiceAccountTokenKeyName].Key != nil {
 			serviceAccountTokenKey = string(cert.EncodePrivateKeyPEM(c.Certificates[pki.ServiceAccountTokenKeyName].Key))
diff --git a/cmd/cert.go b/cmd/cert.go
index 643236bc..b9837616 100644
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -77,7 +77,7 @@ func rotateRKECertificatesFromCli(ctx *cli.Context) error {
 	if err := ClusterInit(context.Background(), rkeConfig, hosts.DialersOptions{}, externalFlags); err != nil {
 		return err
 	}
-	_, _, _, _, _, err = RebuildClusterWithRotatedCertificates(context.Background(), hosts.DialersOptions{}, externalFlags)
+	_, _, _, _, _, err = ClusterUp(context.Background(), hosts.DialersOptions{}, externalFlags)
 	return err
 }
 
@@ -85,7 +85,7 @@ func showRKECertificatesFromCli(ctx *cli.Context) error {
 	return nil
 }
 
-func RebuildClusterWithRotatedCertificates(ctx context.Context,
+func rebuildClusterWithRotatedCertificates(ctx context.Context,
 	dialersOptions hosts.DialersOptions,
 	flags cluster.ExternalFlags) (string, string, string, string, map[string]pki.CertificatePKI, error) {
 	var APIURL, caCrt, clientCert, clientKey string
diff --git a/cmd/up.go b/cmd/up.go
index d7596677..d0a214bc 100644
--- a/cmd/up.go
+++ b/cmd/up.go
@@ -103,7 +103,6 @@ func doUpgradeLegacyCluster(ctx context.Context, kubeCluster *cluster.Cluster, f
 }
 
 func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags cluster.ExternalFlags) (string, string, string, string, map[string]pki.CertificatePKI, error) {
-	log.Infof(ctx, "Building Kubernetes cluster")
 	var APIURL, caCrt, clientCert, clientKey string
 
 	clusterState, err := cluster.ReadStateFile(ctx, cluster.GetStateFilePath(flags.ClusterFilePath, flags.ConfigDir))
@@ -115,7 +114,12 @@ func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags c
 	if err != nil {
 		return APIURL, caCrt, clientCert, clientKey, nil, err
 	}
+	// check if rotate certificates is triggered
+	if kubeCluster.RancherKubernetesEngineConfig.RotateCertificates != nil {
+		return rebuildClusterWithRotatedCertificates(ctx, dialersOptions, flags)
+	}
 
+	log.Infof(ctx, "Building Kubernetes cluster")
 	err = kubeCluster.SetupDialers(ctx, dialersOptions)
 	if err != nil {
 		return APIURL, caCrt, clientCert, clientKey, nil, err