From 64084b522f54248aad7ea59cd2b4ca4191384094 Mon Sep 17 00:00:00 2001
From: Clayton Coleman <ccoleman@redhat.com>
Date: Thu, 2 Nov 2017 00:35:41 -0400
Subject: [PATCH] UPSTREAM: 54979: Certificate store handles rel path
 incorrectly

Symlinks must be to absolute paths, or relative to the target. Absolute
is easier here.
---
 .../pkg/kubelet/certificate/certificate_store.go         | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/certificate/certificate_store.go b/vendor/k8s.io/kubernetes/pkg/kubelet/certificate/certificate_store.go
index 49c084b7758e..1fd1a0563baf 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/certificate/certificate_store.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/certificate/certificate_store.go
@@ -67,7 +67,6 @@ func NewFileStore(
 	keyDirectory string,
 	certFile string,
 	keyFile string) (Store, error) {
-
 	s := fileStore{
 		pairNamePrefix: pairNamePrefix,
 		certDirectory:  certDirectory,
@@ -75,6 +74,7 @@ func NewFileStore(
 		certFile:       certFile,
 		keyFile:        keyFile,
 	}
+	glog.Infof("New file store: %#v", s)
 	if err := s.recover(); err != nil {
 		return nil, err
 	}
@@ -268,6 +268,13 @@ func (s *fileStore) updateSymlink(filename string) error {
 		return fmt.Errorf("file %q does not exist so it can not be used as the currently selected cert/key", filename)
 	}
 
+	// Ensure the source path is absolute to ensure the symlink target is
+	// correct when certDirectory is a relative path.
+	filename, err := filepath.Abs(filename)
+	if err != nil {
+		return err
+	}
+
 	// Create the 'updated' symlink pointing to the requested file name.
 	if err := os.Symlink(filename, updatedPath); err != nil {
 		return fmt.Errorf("unable to create a symlink from %q to %q: %v", updatedPath, filename, err)