rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-17 07:30:01 +00:00
Code Issues Releases Wiki Activity

Problem:

Browse Source 
RKE will panic if we enable rotate_encryption_key but disable secrets_encryption_config when creating a cluster. The panic happens because RKE tries to use the rkeConfig, which does not exist. The rkeConfig will be made after the rke up command succeeds.
Solution:
Skip the rotateEncryptionKey operation when creating a new cluster. Also, In this case, keys are just made for the first time, so there is no need to rotate them.
This commit is contained in:
Jiaqi Luo
2022-02-16 17:37:53 -07:00
parent 995461240c
commit 9395426834
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/encryption.go
View File

@@ -91,7 +91,7 @@ func RotateEncryptionKey(
return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Key Rotation is not supported with custom configuration")
}
if !kubeCluster.IsEncryptionEnabled() {
return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Encryption Configuration is disabled")
return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Encryption Configuration is disabled. Please disable rotate_encryption_key and run rke up again")
}
kubeCluster.Certificates = rkeFullState.DesiredState.CertificatesBundle