You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// If the CA key is defined, the cluster is using a managed etcd, and so we can generate a new
142
-
// etcd client certificate for the controllers.
143
-
// Otherwise the cluster is using an external etcd; in this case the only option to connect to etcd is to re-use
144
-
// the apiserver-etcd-client certificate.
145
-
// TODO: consider if we can detect if we are using external etcd in a more explicit way (e.g. looking at the config instead of deriving from the existing certificates)
146
-
varclientCert tls.Certificate
147
-
ifkeyData!=nil {
140
+
// If the apiserver-etcd-client certificate exists, use it.
141
+
// Otherwise, try to generate a new etcd client certificate for the controllers.
returnnil, fmt.Errorf("missing keyData in etcd CA bundle %s/%s and no apiserver-etcd-client certificate found", clusterKey.Namespace, fmt.Sprintf("%s-etcd", clusterKey.Name))
148
+
} else {
148
149
// Get client cert from cache if possible, otherwise generate it and add it to the cache.
149
150
// Note: The caching assumes that the etcd CA is not rotated during the lifetime of a Cluster.
150
151
ifentry, ok:=m.ClientCertCache.Has(ClientCertEntry{Cluster: clusterKey, ClusterUID: cluster.UID, EncryptionAlgorithm: keyEncryptionAlgorithm}.Key()); ok {
0 commit comments