Unverified Commit a5cfbb35 authored by Jiaqi Luo's avatar Jiaqi Luo Committed by GitHub
Browse files

Merge pull request #2842 from jiaqiluo/fix-crash-rotateEncryptionKey

Showing with 5 additions and 2 deletions
+5 -2
......@@ -91,7 +91,7 @@ func RotateEncryptionKey(
return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Key Rotation is not supported with custom configuration")
}
if !kubeCluster.IsEncryptionEnabled() {
return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Encryption Configuration is disabled")
return APIURL, caCrt, clientCert, clientKey, nil, fmt.Errorf("can't rotate encryption keys: Encryption Configuration is disabled. Please disable rotate_encryption_key and run rke up again")
}
kubeCluster.Certificates = rkeFullState.DesiredState.CertificatesBundle
......
......@@ -104,7 +104,10 @@ func ClusterUp(ctx context.Context, dialersOptions hosts.DialersOptions, flags c
}
// if we need to rotate the encryption key, do so and then return
if kubeCluster.RancherKubernetesEngineConfig.RotateEncryptionKey {
return RotateEncryptionKey(ctx, clusterState.CurrentState.RancherKubernetesEngineConfig.DeepCopy(), dialersOptions, flags)
// rotate the encryption key only when updating an existing cluster
if clusterState.CurrentState.RancherKubernetesEngineConfig != nil {
return RotateEncryptionKey(ctx, clusterState.CurrentState.RancherKubernetesEngineConfig.DeepCopy(), dialersOptions, flags)
}
}
log.Infof(ctx, "Building Kubernetes cluster")
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment