rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-24 21:07:32 +00:00
Code Issues Releases Wiki Activity

Revert "Encryption Key Rotation Changes"

Browse Source
This commit is contained in:
Ryan Sanna
2020-12-09 13:49:27 -07:00
committed by GitHub
parent 5824366b06
commit 92573270c7
8 changed files with 72 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/up.go
View File

@@ -85,9 +85,10 @@ func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags c
if err != nil {
return APIURL, caCrt, clientCert, clientKey, nil, err
}
// We generate the first encryption config in ClusterInit, to store it ASAP. It's written to the DesiredState
// We generate the first encryption config in ClusterInit, to store it ASAP. It's written
// to the DesiredState
stateEncryptionConfig := clusterState.DesiredState.EncryptionConfig
// if CurrentState has EncryptionConfig, it means this is NOT the first time we enable encryption, we should use the _latest_ applied value from the current cluster
if clusterState.CurrentState.EncryptionConfig != "" {
stateEncryptionConfig = clusterState.CurrentState.EncryptionConfig
@@ -102,10 +103,6 @@ func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags c
if kubeCluster.RancherKubernetesEngineConfig.RotateCertificates != nil {
return rebuildClusterWithRotatedCertificates(ctx, dialersOptions, flags, svcOptionsData)
}
// if we need to rotate the encryption key, do so and then return
if kubeCluster.RancherKubernetesEngineConfig.RotateEncryptionKey {
return RotateEncryptionKey(ctx, clusterState.CurrentState.RancherKubernetesEngineConfig.DeepCopy(), dialersOptions, flags)
}
log.Infof(ctx, "Building Kubernetes cluster")
err = kubeCluster.SetupDialers(ctx, dialersOptions)