Fix the render command to not wipe ca.pem

[mumoshu]

Fixes #1003

@c-knowles Would this work for you?

[mumoshu]

Squashed a fix for an easy mistake. Please reload to see the latest commit id if anyone has already seen it.

[cknowles]

I think this probably works. I'm not so clear on what we're generating now as it's significantly changed but we don't have much documentation on it, could we add some?

[cknowles]

Does this mean if populated, create a symlink?

[mumoshu]

Yes - If we had nothing to write, default to create a symlink to denoted by the ifEmptySymlinkTo.
Basically, we have nothing to write for worker-ca.pem as long as the user explicitly overwrite or put the file before running kube-aws render credentials. So in that case, create a symlink to ca.pem(=the same as the previous behavior).

[mumoshu]

Squashed again. Seems to work so far.

[codecov-io]

Codecov Report

Merging #1014 into master will decrease coverage by 0.02%.
The diff coverage is 61.25%.

@@            Coverage Diff             @@
##           master    #1014      +/-   ##
==========================================
- Coverage   34.88%   34.86%   -0.03%     
==========================================
  Files          59       59              
  Lines        4133     4156      +23     
==========================================
+ Hits         1442     1449       +7     
- Misses       2532     2545      +13     
- Partials      159      162       +3

Impacted Files	Coverage Δ
core/controlplane/config/credential.go	51.26% <14.28%> (-2.73%)	⬇️
core/controlplane/config/encrypted_assets.go	67.22% <65.75%> (-0.86%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6a0a4dc...76e1341. Read the comment docs.

[mumoshu]

I've manually verified this to work by running kube-aws render to regenerate credentials and then updating my cluster with kube-aws update.
The cfn stack update was successful while kube-dashboard went into CrashLookBackOff probably due to the rotation of the service account signing key.

$ k logs kubernetes-dashboard-7f46664f8f-n7gm4
2017/11/21 13:50:43 Starting overwatch
2017/11/21 13:50:43 Using in-cluster config to connect to apiserver
2017/11/21 13:50:43 Using service account token for csrf signing
2017/11/21 13:50:43 No request provided. Skipping authorization
2017/11/21 13:50:43 Error while initializing connection to Kubernetes apiserver. This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service accounts configuration) or the --apiserver-host param points to a server that does not exist. Reason: the server has asked for the client to provide credentials
Refer to the troubleshooting guide for more information: https://github.com/kubernetes/dashboard/blob/master/docs/user-guide/troubleshooting.md

However, this issue is not yet resolved in kube-aws - see #1013 for more info.

[mumoshu]

I'll merge this once someone put LGTM on it

[mumoshu]

/lgtm 😃