Commit 32e10710 authored by galal-hussein's avatar galal-hussein Committed by Craig Jellick
Browse files

Handle missing service account token key when fetching certs from nodes

parent 9fccbfa0
Showing with 6 additions and 0 deletions
+6 -0
......@@ -212,6 +212,12 @@ func GetClusterCertsFromNodes(ctx context.Context, kubeCluster *Cluster) (map[st
for _, host := range backupHosts {
certificates, err = pki.FetchCertificatesFromHost(ctx, kubeCluster.EtcdHosts, host, kubeCluster.SystemImages.Alpine, kubeCluster.LocalKubeConfigPath, kubeCluster.PrivateRegistriesMap)
if certificates != nil {
// Handle service account token key issue
kubeAPICert := certificates[pki.KubeAPICertName]
if certificates[pki.ServiceAccountTokenKeyName].Key == nil {
log.Infof(ctx, "[certificates] Creating service account token key")
certificates[pki.ServiceAccountTokenKeyName] = pki.ToCertObject(pki.ServiceAccountTokenKeyName, pki.ServiceAccountTokenKeyName, "", kubeAPICert.Certificate, kubeAPICert.Key, nil)
}
return certificates, nil
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment