Create k8s server certs directly on ctl nodes
Related bug: https://mirantis.jira.com/browse/PROD-24174
Change-Id: I0eece9893afabe2b431de2ce050abd8bf95e759d
diff --git a/classes/cluster/k8s-ha-calico-flannel-virtlet/infra/config.yml b/classes/cluster/k8s-ha-calico-flannel-virtlet/infra/config.yml
index a5eb9ab..30c0290 100644
--- a/classes/cluster/k8s-ha-calico-flannel-virtlet/infra/config.yml
+++ b/classes/cluster/k8s-ha-calico-flannel-virtlet/infra/config.yml
@@ -5,7 +5,6 @@
- system.salt.master.pkg
- system.salt.minion.ca.salt_master
- system.salt.master.api
-- system.salt.minion.cert.k8s_server
- system.reclass.storage.salt
- system.reclass.storage.system.kubernetes_control_cluster
- cluster.k8s-ha-calico-flannel-virtlet
diff --git a/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml b/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml
index 6e95a6e..5cf36e1 100644
--- a/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml
@@ -1,5 +1,6 @@
classes:
- system.etcd.server.cluster
+- system.salt.minion.cert.k8s_server
- service.kubernetes.control.cluster
- system.haproxy.proxy.listen.kubernetes.apiserver
- system.keepalived.cluster.instance.kube_api_server_vip
diff --git a/classes/cluster/k8s-ha-calico/infra/config.yml b/classes/cluster/k8s-ha-calico/infra/config.yml
index c505d53..aa7dac0 100644
--- a/classes/cluster/k8s-ha-calico/infra/config.yml
+++ b/classes/cluster/k8s-ha-calico/infra/config.yml
@@ -5,7 +5,6 @@
- system.salt.master.pkg
- system.salt.minion.ca.salt_master
- system.salt.master.api
-- system.salt.minion.cert.k8s_server
- system.reclass.storage.salt
- system.reclass.storage.system.kubernetes_control_cluster
- cluster.k8s-ha-calico
diff --git a/classes/cluster/k8s-ha-calico/kubernetes/control.yml b/classes/cluster/k8s-ha-calico/kubernetes/control.yml
index 1e2f60f..bb40fcb 100644
--- a/classes/cluster/k8s-ha-calico/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-calico/kubernetes/control.yml
@@ -1,5 +1,6 @@
classes:
- system.etcd.server.cluster
+- system.salt.minion.cert.k8s_server
- service.kubernetes.control.cluster
- system.haproxy.proxy.listen.kubernetes.apiserver
- system.keepalived.cluster.instance.kube_api_server_vip
diff --git a/classes/cluster/k8s-ha-contrail-40/infra/config.yml b/classes/cluster/k8s-ha-contrail-40/infra/config.yml
index ef5d993..943cb54 100644
--- a/classes/cluster/k8s-ha-contrail-40/infra/config.yml
+++ b/classes/cluster/k8s-ha-contrail-40/infra/config.yml
@@ -6,7 +6,6 @@
- system.salt.master.pkg
- system.salt.minion.ca.salt_master
- system.salt.master.api
-- system.salt.minion.cert.k8s_server
- system.reclass.storage.salt
- system.reclass.storage.system.kubernetes_control_cluster
- cluster.k8s-ha-contrail-40.infra
diff --git a/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml b/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml
index 3d55a35..0532e50 100644
--- a/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml
@@ -1,5 +1,6 @@
classes:
- system.etcd.server.cluster
+- system.salt.minion.cert.k8s_server
- service.kubernetes.control.cluster
- system.haproxy.proxy.listen.kubernetes.apiserver
- system.linux.system.repo.docker_legacy
diff --git a/classes/cluster/k8s-ha-contrail/infra/config.yml b/classes/cluster/k8s-ha-contrail/infra/config.yml
index 48b8397..9fa261e 100644
--- a/classes/cluster/k8s-ha-contrail/infra/config.yml
+++ b/classes/cluster/k8s-ha-contrail/infra/config.yml
@@ -7,7 +7,6 @@
- system.salt.master.api
- system.reclass.storage.salt
- system.salt.minion.ca.salt_master
-- system.salt.minion.cert.k8s_server
- system.reclass.storage.system.kubernetes_control_cluster
- system.reclass.storage.system.opencontrail_control_cluster
- cluster.k8s-ha-contrail
diff --git a/classes/cluster/k8s-ha-contrail/kubernetes/control.yml b/classes/cluster/k8s-ha-contrail/kubernetes/control.yml
index 5c131c7..d608df2 100644
--- a/classes/cluster/k8s-ha-contrail/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-contrail/kubernetes/control.yml
@@ -1,5 +1,6 @@
classes:
- system.etcd.server.cluster
+- system.salt.minion.cert.k8s_server
- service.kubernetes.control.cluster
- system.haproxy.proxy.listen.kubernetes.apiserver
- system.keepalived.cluster.instance.kube_api_server_vip
diff --git a/classes/cluster/sl-k8s-calico/infra/config.yml b/classes/cluster/sl-k8s-calico/infra/config.yml
index 5cf7d6c..4e98584 100644
--- a/classes/cluster/sl-k8s-calico/infra/config.yml
+++ b/classes/cluster/sl-k8s-calico/infra/config.yml
@@ -5,7 +5,6 @@
- system.salt.master.pkg
- system.salt.minion.ca.salt_master
- system.salt.master.api
-- system.salt.minion.cert.k8s_server
- system.mysql.client
- system.mysql.client.database.grafana
- system.reclass.storage.salt
diff --git a/classes/cluster/sl-k8s-calico/kubernetes/control.yml b/classes/cluster/sl-k8s-calico/kubernetes/control.yml
index a316fb8..bd254a5 100644
--- a/classes/cluster/sl-k8s-calico/kubernetes/control.yml
+++ b/classes/cluster/sl-k8s-calico/kubernetes/control.yml
@@ -1,5 +1,6 @@
classes:
- system.etcd.server.cluster
+- system.salt.minion.cert.k8s_server
- service.kubernetes.control.cluster
- system.haproxy.proxy.listen.kubernetes.apiserver
- system.keepalived.cluster.instance.kube_api_server_vip
diff --git a/classes/cluster/sl-k8s-contrail/infra/config.yml b/classes/cluster/sl-k8s-contrail/infra/config.yml
index bb5ad1f..c94dd3d 100644
--- a/classes/cluster/sl-k8s-contrail/infra/config.yml
+++ b/classes/cluster/sl-k8s-contrail/infra/config.yml
@@ -9,7 +9,6 @@
- system.salt.minion.ca.salt_master
- system.salt.master.api
- system.reclass.storage.salt
-- system.salt.minion.cert.k8s_server
- system.reclass.storage.system.kubernetes_control_cluster
#- system.reclass.storage.system.opencontrail_control_cluster
- cluster.sl-k8s-contrail
diff --git a/classes/cluster/sl-k8s-contrail/kubernetes/control.yml b/classes/cluster/sl-k8s-contrail/kubernetes/control.yml
index 7de9af4..0ddfbda 100644
--- a/classes/cluster/sl-k8s-contrail/kubernetes/control.yml
+++ b/classes/cluster/sl-k8s-contrail/kubernetes/control.yml
@@ -4,6 +4,7 @@
- system.keepalived.cluster.instance.kube_api_server_vip
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
+- system.salt.minion.cert.k8s_server
- system.kubernetes.master.cluster
- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
diff --git a/classes/cluster/virtual-mcp11-k8s-calico/infra/config.yml b/classes/cluster/virtual-mcp11-k8s-calico/infra/config.yml
index 61ab895..8548e0c 100644
--- a/classes/cluster/virtual-mcp11-k8s-calico/infra/config.yml
+++ b/classes/cluster/virtual-mcp11-k8s-calico/infra/config.yml
@@ -7,7 +7,6 @@
- system.salt.master.pkg
- system.salt.minion.ca.salt_master
- system.salt.master.api
-- system.salt.minion.cert.k8s_server
- system.mysql.client
- system.mysql.client.database.grafana
- system.reclass.storage.salt
diff --git a/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml b/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml
index 1c201ee..672b202 100644
--- a/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml
+++ b/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml
@@ -1,5 +1,6 @@
classes:
- system.etcd.server.cluster
+- system.salt.minion.cert.k8s_server
- service.kubernetes.control.cluster
- system.haproxy.proxy.listen.kubernetes.apiserver
- system.keepalived.cluster.instance.kube_api_server_vip
diff --git a/classes/system b/classes/system
index 91f8927..42435a9 160000
--- a/classes/system
+++ b/classes/system
@@ -1 +1 @@
-Subproject commit 91f89276bee05cc677c325dafa9dffb190fe1bee
+Subproject commit 42435a9d7e919cca3e0eb24b102da0e3b8343809