rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-29 19:53:12 +00:00
Code Issues Releases Wiki Activity

Do not fetch kube-admin certificate from host(s)

Browse Source
This commit is contained in:
Sebastiaan van Steenis 2019-09-06 21:41:42 +02:00 committed by Alena Prokharchyk
parent 0a170b22b7
commit d6b29c9ccc
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pki/deploy.go
View File

@ -201,7 +201,8 @@ func FetchCertificatesFromHost(ctx context.Context, extraHosts []*hosts.Host, ho
// Return error if the certificate file is not found but only if its not etcd or request header certificate // Return error if the certificate file is not found but only if its not etcd or request header certificate
if err != nil && !strings.HasPrefix(certName, "kube-etcd") && if err != nil && !strings.HasPrefix(certName, "kube-etcd") &&
certName != RequestHeaderCACertName && certName != RequestHeaderCACertName &&
certName != APIProxyClientCertName { certName != APIProxyClientCertName &&
certName != KubeAdminCertName {
// IsErrNotFound doesn't catch this because it's a custom error // IsErrNotFound doesn't catch this because it's a custom error
if isFileNotFoundErr(err) { if isFileNotFoundErr(err) {
return nil, fmt.Errorf("Certificate %s is not found", GetCertTempPath(certName)) return nil, fmt.Errorf("Certificate %s is not found", GetCertTempPath(certName))
@ -212,7 +213,8 @@ func FetchCertificatesFromHost(ctx context.Context, extraHosts []*hosts.Host, ho
// If I can't find an etcd or request header ca I will not fail and will create it later. // If I can't find an etcd or request header ca I will not fail and will create it later.
if crt == "" && (strings.HasPrefix(certName, "kube-etcd") || if crt == "" && (strings.HasPrefix(certName, "kube-etcd") ||
certName == RequestHeaderCACertName || certName == RequestHeaderCACertName ||
certName == APIProxyClientCertName) { certName == APIProxyClientCertName ||
certName == KubeAdminCertName) {
tmpCerts[certName] = CertificatePKI{} tmpCerts[certName] = CertificatePKI{}
continue continue
} }