Skip to content

Commit

Permalink
kubeadm: ensure leaf certs properly signed in CreateTree
Browse files Browse the repository at this point in the history
  • Loading branch information
Koichiro Den committed Sep 7, 2018
1 parent 2fd01a0 commit 17b4c19
Showing 1 changed file with 15 additions and 17 deletions.
32 changes: 15 additions & 17 deletions cmd/kubeadm/app/phases/certs/certlist.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,31 +103,29 @@ type CertificateTree map[*KubeadmCert]Certificates
// CreateTree creates the CAs, certs signed by the CAs, and writes them all to disk.
func (t CertificateTree) CreateTree(ic *kubeadmapi.InitConfiguration) error {
for ca, leaves := range t {
cfg, err := ca.GetConfig(ic)
caCert, caKey, err := LoadCertificateAuthority(ic.CertificatesDir, ca.BaseName)
if err != nil {
return err
}

caCert, caKey, err := NewCACertAndKey(cfg)
if err != nil {
return err
cfg, err := ca.GetConfig(ic)
caCert, caKey, err = NewCACertAndKey(cfg)
if err != nil {
return err
}
err = writeCertificateAuthorithyFilesIfNotExist(
ic.CertificatesDir,
ca.BaseName,
caCert,
caKey,
)
if err != nil {
return err
}
}

for _, leaf := range leaves {
if err := leaf.CreateFromCA(ic, caCert, caKey); err != nil {
return err
}
}

err = writeCertificateAuthorithyFilesIfNotExist(
ic.CertificatesDir,
ca.BaseName,
caCert,
caKey,
)
if err != nil {
return err
}
}
return nil
}
Expand Down

0 comments on commit 17b4c19

Please sign in to comment.