From 617b2f0d0d8d6c0f80b8ccb269d75a216d4ca3cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Smoli=C5=84ski?= <marek@goteleport.com>
Date: Mon, 20 Dec 2021 20:42:43 +0100
Subject: [PATCH] Fix initKube: broadcast KubeReady event (#9418)

---
 integration/helpers.go          | 24 ++++++++++++++++++++++++
 integration/integration_test.go |  4 ++++
 lib/service/kubernetes.go       |  6 ++++--
 3 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/integration/helpers.go b/integration/helpers.go
index 2ee6ec6d85115..535184b6242dc 100644
--- a/integration/helpers.go
+++ b/integration/helpers.go
@@ -49,6 +49,7 @@ import (
 	"github.com/gravitational/teleport/lib/client"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/events"
+	"github.com/gravitational/teleport/lib/kube/kubeconfig"
 	"github.com/gravitational/teleport/lib/reversetunnel"
 	"github.com/gravitational/teleport/lib/service"
 	"github.com/gravitational/teleport/lib/services"
@@ -1627,3 +1628,26 @@ func fatalIf(err error) {
 		log.Fatalf("%v at %v", string(debug.Stack()), err)
 	}
 }
+
+func enableKubernetesService(t *testing.T, config *service.Config) {
+	kubeConfigPath := filepath.Join(t.TempDir(), "kube_config")
+
+	err := kubeconfig.Update(kubeConfigPath, kubeconfig.Values{
+		TeleportClusterName: "teleport-cluster",
+		ClusterAddr:         net.JoinHostPort(Host, ports.Pop()),
+		Credentials: &client.Key{
+			Cert:    []byte("cert"),
+			TLSCert: []byte("tls-cert"),
+			Priv:    []byte("priv"),
+			Pub:     []byte("pub"),
+			TrustedCA: []auth.TrustedCerts{{
+				TLSCertificates: [][]byte{[]byte("ca-cert")},
+			}},
+		},
+	})
+	require.NoError(t, err)
+
+	config.Kube.Enabled = true
+	config.Kube.KubeconfigPath = kubeConfigPath
+	config.Kube.ListenAddr = utils.MustParseAddr(net.JoinHostPort(Host, ports.Pop()))
+}
diff --git a/integration/integration_test.go b/integration/integration_test.go
index ee0bc94f2f2b6..09709e69833b1 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -3381,6 +3381,10 @@ func (s *IntSuite) TestRotateSuccess(c *check.C) {
 	config, err := t.GenerateConfig(nil, tconf)
 	c.Assert(err, check.IsNil)
 
+	// Enable Kubernetes service to test issue where the `KubernetesReady` event was not properly propagated
+	// and in the case where Kube service was enabled cert rotation flow was broken.
+	enableKubernetesService(t, config)
+
 	serviceC := make(chan *service.TeleportProcess, 20)
 
 	runErrCh := make(chan error, 1)
diff --git a/lib/service/kubernetes.go b/lib/service/kubernetes.go
index 8d25b10fdf688..0299778114e43 100644
--- a/lib/service/kubernetes.go
+++ b/lib/service/kubernetes.go
@@ -20,6 +20,9 @@ import (
 	"net"
 	"net/http"
 
+	"github.com/gravitational/trace"
+	"github.com/sirupsen/logrus"
+
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/lib/auth"
 	"github.com/gravitational/teleport/lib/cache"
@@ -29,8 +32,6 @@ import (
 	"github.com/gravitational/teleport/lib/labels"
 	"github.com/gravitational/teleport/lib/reversetunnel"
 	"github.com/gravitational/teleport/lib/utils"
-	"github.com/gravitational/trace"
-	"github.com/sirupsen/logrus"
 )
 
 func (process *TeleportProcess) initKubernetes() {
@@ -262,6 +263,7 @@ func (process *TeleportProcess) initKubernetesService(log *logrus.Entry, conn *C
 				"Kubernetes service %s:%s is starting on %v.",
 				teleport.Version, teleport.Gitref, listener.Addr())
 		}
+		process.BroadcastEvent(Event{Name: KubernetesReady, Payload: nil})
 		err := kubeServer.Serve(listener)
 		if err != nil {
 			if err == http.ErrServerClosed {