add kubernetes secure to haproxy
diff --git a/salt/minion/cert/k8s_client_certificate.yml b/salt/minion/cert/k8s_client.yml
similarity index 90%
rename from salt/minion/cert/k8s_client_certificate.yml
rename to salt/minion/cert/k8s_client.yml
index 37bf618..06d83c4 100644
--- a/salt/minion/cert/k8s_client_certificate.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -7,6 +7,7 @@
authority: ${_param:salt_minion_ca_authority}
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: kubelet-client
signing_policy: cert_client
alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
diff --git a/salt/minion/cert/k8s_server_certificate.yml b/salt/minion/cert/k8s_server.yml
similarity index 82%
rename from salt/minion/cert/k8s_server_certificate.yml
rename to salt/minion/cert/k8s_server.yml
index 835f043..c7b38f9 100644
--- a/salt/minion/cert/k8s_server_certificate.yml
+++ b/salt/minion/cert/k8s_server.yml
@@ -8,6 +8,9 @@
common_name: kubernetes-server
key_file: /etc/kubernetes/ssl/kubernetes-server.key
cert_file: /etc/kubernetes/ssl/kubernetes-server.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ all_file: /etc/haproxy/ssl/kubernetes.pem
signing_policy: cert_server
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ user: root
+ group: haproxy
+ mode: 640
\ No newline at end of file