fix: panic in osroot controller

Fixes #8753 There seems to be a problem in the machine config anyways, as `machine.ca.crt` is missing for the worker (this should break `apid` connectivity), but still Talos controller shouldn't enter a panic loop. Signed-off-by: Andrey Smirnov <[email protected]>
siderolabs · May 21, 2024 · ce8c86d · ce8c86d
1 parent e1711cd
commit ce8c86d
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/internal/app/machined/pkg/controllers/secrets/root.go b/internal/app/machined/pkg/controllers/secrets/root.go
@@ -165,11 +165,11 @@ func NewRootOSController() *RootOSController {
 					osSecrets.AcceptedCAs = append(osSecrets.AcceptedCAs, &x509.PEMEncodedCertificate{
 						Crt: osSecrets.IssuingCA.Crt,
 					})
-				}
 
-				if len(osSecrets.IssuingCA.Key) == 0 {
-					// drop incomplete issuing CA, as the machine config for workers contains just the cert
-					osSecrets.IssuingCA = nil
+					if len(osSecrets.IssuingCA.Key) == 0 {
+						// drop incomplete issuing CA, as the machine config for workers contains just the cert
+						osSecrets.IssuingCA = nil
+					}
 				}
 
 				osSecrets.CertSANIPs = nil