Handle missing service account token key when fetching certs from nodes

32e10710 · galal-hussein · Craig Jellick · 9fccbfa0 · 32e10710
Commit 32e10710 authored 6 years ago by galal-hussein Committed by Craig Jellick 6 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 6 additions and 0 deletions
+6 -0
--- a/cluster/certificates.go
+++ b/cluster/certificates.go
@@ -212,6 +212,12 @@ func GetClusterCertsFromNodes(ctx context.Context, kubeCluster *Cluster) (map[st
 	for _, host := range backupHosts {
 		certificates, err = pki.FetchCertificatesFromHost(ctx, kubeCluster.EtcdHosts, host, kubeCluster.SystemImages.Alpine, kubeCluster.LocalKubeConfigPath, kubeCluster.PrivateRegistriesMap)
 		if certificates != nil {
+			// Handle service account token key issue
+			kubeAPICert := certificates[pki.KubeAPICertName]
+			if certificates[pki.ServiceAccountTokenKeyName].Key == nil {
+				log.Infof(ctx, "[certificates] Creating service account token key")
+				certificates[pki.ServiceAccountTokenKeyName] = pki.ToCertObject(pki.ServiceAccountTokenKeyName, pki.ServiceAccountTokenKeyName, "", kubeAPICert.Certificate, kubeAPICert.Key, nil)
+			}
 			return certificates, nil
 		}
 	}