From 22342b61b32447a780dd9b854e82f4fea5e9786a Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Fri, 30 Nov 2018 12:17:38 +0000
Subject: [PATCH] Fix use of SecretTLSKeyPair in certificates controller

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 pkg/controller/certificates/sync.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/controller/certificates/sync.go b/pkg/controller/certificates/sync.go
index 978963587..64edeff42 100644
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@@ -77,12 +77,17 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (err e
 	}()
 
 	// grab existing certificate and validate private key
-	cert, key, err := kube.SecretTLSKeyPair(c.secretLister, crtCopy.Namespace, crtCopy.Spec.SecretName)
+	certs, key, err := kube.SecretTLSKeyPair(c.secretLister, crtCopy.Namespace, crtCopy.Spec.SecretName)
 	// if we don't have a certificate, we need to trigger a re-issue immediately
 	if err != nil && !(k8sErrors.IsNotFound(err) || errors.IsInvalidData(err)) {
 		return err
 	}
 
+	var cert *x509.Certificate
+	if len(certs) > 0 {
+		cert = certs[0]
+	}
+
 	// update certificate expiry metric
 	defer c.metrics.UpdateCertificateExpiry(crtCopy, c.secretLister)
 	c.setCertificateStatus(crtCopy, key, cert)