Fix use of SecretTLSKeyPair in certificates controller

Signed-off-by: James Munnelly <james@munnelly.eu>
2018-11-30 12:17:38 +00:00 · 2018-11-30 12:17:38 +00:00 · 22342b61b3
commit 22342b61b3
parent 4fa6d9775c
1 changed files with 6 additions and 1 deletions
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@ -77,12 +77,17 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (err e
 	}()

 	// grab existing certificate and validate private key
-	cert, key, err := kube.SecretTLSKeyPair(c.secretLister, crtCopy.Namespace, crtCopy.Spec.SecretName)
+	certs, key, err := kube.SecretTLSKeyPair(c.secretLister, crtCopy.Namespace, crtCopy.Spec.SecretName)
 	// if we don't have a certificate, we need to trigger a re-issue immediately
 	if err != nil && !(k8sErrors.IsNotFound(err) || errors.IsInvalidData(err)) {
 		return err
 	}

+	var cert *x509.Certificate
+	if len(certs) > 0 {
+		cert = certs[0]
+	}
+
 	// update certificate expiry metric
 	defer c.metrics.UpdateCertificateExpiry(crtCopy, c.secretLister)
 	c.setCertificateStatus(crtCopy, key, cert)