alt-orchestra/talos
1
0
Fork 0
Code Issues Pull Requests Actions 27 Packages Projects Releases Wiki Activity

fix: panic in osroot controller

Browse Source 
Fixes #8753

There seems to be a problem in the machine config anyways, as
`machine.ca.crt` is missing for the worker (this should break `apid`
connectivity), but still Talos controller shouldn't enter a panic loop.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Andrey Smirnov 2024-05-21 17:37:50 +04:00
parent e1711cd3c9
commit ce8c86d640
No known key found for this signature in database
GPG Key ID: FE042E3D4085A811
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/app/machined/pkg/controllers/secrets/root.go
View File

@ -165,11 +165,11 @@ func NewRootOSController() *RootOSController {
osSecrets.AcceptedCAs = append(osSecrets.AcceptedCAs, &x509.PEMEncodedCertificate{
Crt: osSecrets.IssuingCA.Crt,
})
}
if len(osSecrets.IssuingCA.Key) == 0 {
// drop incomplete issuing CA, as the machine config for workers contains just the cert
osSecrets.IssuingCA = nil
if len(osSecrets.IssuingCA.Key) == 0 {
// drop incomplete issuing CA, as the machine config for workers contains just the cert
osSecrets.IssuingCA = nil
}
}
osSecrets.CertSANIPs = nil