From 09698e4638f7654bf03ddba138678a449548e6c4 Mon Sep 17 00:00:00 2001
From: Sharif Elgamal <selgamal@google.com>
Date: Tue, 12 May 2020 11:53:38 -0700
Subject: [PATCH 1/2] only copy apiserver certs to control plane

---
 pkg/minikube/bootstrapper/certs.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pkg/minikube/bootstrapper/certs.go b/pkg/minikube/bootstrapper/certs.go
index 5e4dd8e50ffd..50597ec8b910 100644
--- a/pkg/minikube/bootstrapper/certs.go
+++ b/pkg/minikube/bootstrapper/certs.go
@@ -56,9 +56,12 @@ func SetupCerts(cmd command.Runner, k8s config.KubernetesConfig, n config.Node)
 		return nil, errors.Wrap(err, "shared CA certs")
 	}
 
-	xfer, err := generateProfileCerts(k8s, n, ccs)
-	if err != nil {
-		return nil, errors.Wrap(err, "profile certs")
+	var xfer []string
+	if n.ControlPlane {
+		xfer, err = generateProfileCerts(k8s, n, ccs)
+		if err != nil {
+			return nil, errors.Wrap(err, "profile certs")
+		}
 	}
 
 	xfer = append(xfer, ccs.caCert)

From 475bcc889cc34a239e86a60b7aaf954e566ccff5 Mon Sep 17 00:00:00 2001
From: Sharif Elgamal <selgamal@google.com>
Date: Thu, 14 May 2020 14:12:26 -0700
Subject: [PATCH 2/2] move condition around for clarity

---
 pkg/minikube/bootstrapper/certs.go | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/pkg/minikube/bootstrapper/certs.go b/pkg/minikube/bootstrapper/certs.go
index 50597ec8b910..fbc3481bf71d 100644
--- a/pkg/minikube/bootstrapper/certs.go
+++ b/pkg/minikube/bootstrapper/certs.go
@@ -56,12 +56,9 @@ func SetupCerts(cmd command.Runner, k8s config.KubernetesConfig, n config.Node)
 		return nil, errors.Wrap(err, "shared CA certs")
 	}
 
-	var xfer []string
-	if n.ControlPlane {
-		xfer, err = generateProfileCerts(k8s, n, ccs)
-		if err != nil {
-			return nil, errors.Wrap(err, "profile certs")
-		}
+	xfer, err := generateProfileCerts(k8s, n, ccs)
+	if err != nil {
+		return nil, errors.Wrap(err, "profile certs")
 	}
 
 	xfer = append(xfer, ccs.caCert)
@@ -184,6 +181,12 @@ func generateSharedCACerts() (CACerts, error) {
 
 // generateProfileCerts generates profile certs for a profile
 func generateProfileCerts(k8s config.KubernetesConfig, n config.Node, ccs CACerts) ([]string, error) {
+
+	// Only generate these certs for the api server
+	if !n.ControlPlane {
+		return []string{}, nil
+	}
+
 	profilePath := localpath.Profile(k8s.ClusterName)
 
 	serviceIP, err := util.GetServiceClusterIP(k8s.ServiceCIDR)