From 441d06df32d038041ba0ff1a6b56f1b4870d10a2 Mon Sep 17 00:00:00 2001
From: Faisal Chaudhry <chaudhryfaisal@gmail.com>
Date: Fri, 2 Jul 2021 10:01:32 -0400
Subject: [PATCH] set EncryptionConfig on DesiredState when using CustomCerts

---
 cluster/state.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/cluster/state.go b/cluster/state.go
index ebcb694a..6aa56437 100644
--- a/cluster/state.go
+++ b/cluster/state.go
@@ -182,6 +182,11 @@ func RebuildState(ctx context.Context, kubeCluster *Cluster, oldState *FullState
 		}
 		newState.DesiredState.CertificatesBundle = certBundle
 		newState.CurrentState = oldState.CurrentState
+
+		err = updateEncryptionConfig(kubeCluster, oldState, newState)
+		if err != nil {
+			return nil, err
+		}
 		return newState, nil
 	}
 
@@ -341,7 +346,12 @@ func rebuildExistingState(ctx context.Context, kubeCluster *Cluster, oldState, n
 		return err
 	}
 	newState.DesiredState.CertificatesBundle = pkiCertBundle
-	if isEncryptionEnabled(rkeConfig) {
+	err := updateEncryptionConfig(kubeCluster, oldState, newState)
+	return err
+}
+
+func updateEncryptionConfig(kubeCluster *Cluster, oldState *FullState, newState *FullState) error {
+	if isEncryptionEnabled(&kubeCluster.RancherKubernetesEngineConfig) {
 		if oldState.DesiredState.EncryptionConfig != "" {
 			newState.DesiredState.EncryptionConfig = oldState.DesiredState.EncryptionConfig
 		} else {
@@ -351,6 +361,5 @@ func rebuildExistingState(ctx context.Context, kubeCluster *Cluster, oldState, n
 			}
 		}
 	}
-
 	return nil
 }