rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-01 15:06:23 +00:00
Code Issues Releases Wiki Activity

Handle missing request header ca in rotate certificate

Browse Source
This commit is contained in:
galal-hussein
2019-08-29 20:59:47 +02:00
committed by Alena Prokharchyk
parent a569f2e81c
commit 798632b3a4
3 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
pki/deploy.go
View File

@@ -198,25 +198,37 @@ func FetchCertificatesFromHost(ctx context.Context, extraHosts []*hosts.Host, ho
for certName, config := range crtList {
certificate := CertificatePKI{}
crt, err := FetchFileFromHost(ctx, GetCertTempPath(certName), image, host, prsMap, CertFetcherContainer, "certificates")
// I will only exit with an error if it's not a not-found-error and this is not an etcd certificate
if err != nil && !strings.HasPrefix(certName, "kube-etcd") {
// Return error if the certificate file is not found but only if its not etcd or request header certificate
if err != nil && !strings.HasPrefix(certName, "kube-etcd") &&
certName != RequestHeaderCACertName &&
certName != APIProxyClientCertName {
// IsErrNotFound doesn't catch this because it's a custom error
if isFileNotFoundErr(err) {
return nil, nil
return nil, fmt.Errorf("Certificate %s is not found", GetCertTempPath(certName))
}
return nil, err
}
// If I can't find an etcd I will not fail and will create it later.
if crt == "" && strings.HasPrefix(certName, "kube-etcd") {
// If I can't find an etcd or request header ca I will not fail and will create it later.
if crt == "" && (strings.HasPrefix(certName, "kube-etcd") ||
certName == RequestHeaderCACertName ||
certName == APIProxyClientCertName) {
tmpCerts[certName] = CertificatePKI{}
continue
}
key, err := FetchFileFromHost(ctx, GetKeyTempPath(certName), image, host, prsMap, CertFetcherContainer, "certificate")
if err != nil {
if isFileNotFoundErr(err) {
return nil, fmt.Errorf("Key %s is not found", GetKeyTempPath(certName))
}
return nil, err
}
if config {
config, err := FetchFileFromHost(ctx, GetConfigTempPath(certName), image, host, prsMap, CertFetcherContainer, "certificate")
if err != nil {
if isFileNotFoundErr(err) {
return nil, fmt.Errorf("Config %s is not found", GetConfigTempPath(certName))
}
return nil, err
}
certificate.Config = config