Merge pull request #2842 from jiaqiluo/fix-crash-rotateEncryptionKey

a5cfbb35 · Jiaqi Luo · GitHub · 99546124 · 93954268 · a5cfbb35
Unverified Commit a5cfbb35 authored 3 years ago by Jiaqi Luo Committed by GitHub 3 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 5 additions and 2 deletions
+5 -2
--- a/cmd/encryption.go
+++ b/cmd/encryption.go
@@ -91,7 +91,7 @@ func RotateEncryptionKey(
 		return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Key Rotation is not supported with custom configuration")
 	}
 	if !kubeCluster.IsEncryptionEnabled() {
-		return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Encryption Configuration is disabled")
+		return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Encryption Configuration is disabled. Please disable rotate_encryption_key and run rke up again")
 	}

 	kubeCluster.Certificates = rkeFullState.DesiredState.CertificatesBundle

--- a/cmd/up.go
+++ b/cmd/up.go
@@ -104,7 +104,10 @@ func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags c
 	}
 	// if we need to rotate the encryption key, do so and then return
 	if kubeCluster.RancherKubernetesEngineConfig.RotateEncryptionKey {
-		return RotateEncryptionKey(ctx, clusterState.CurrentState.RancherKubernetesEngineConfig.DeepCopy(), dialersOptions, flags)
+		// rotate the encryption key only when updating an existing cluster
+		if clusterState.CurrentState.RancherKubernetesEngineConfig != nil {
+			return RotateEncryptionKey(ctx, clusterState.CurrentState.RancherKubernetesEngineConfig.DeepCopy(), dialersOptions, flags)
+		}
 	}

 	log.Infof(ctx, "Building Kubernetes cluster")