change k8s certs path
It should be includes only in master
diff --git a/haproxy/proxy/listen/kubernetes/apiserver_secure.yml b/haproxy/proxy/listen/kubernetes/apiserver_secure.yml
index a4c59ac..a2994ef 100644
--- a/haproxy/proxy/listen/kubernetes/apiserver_secure.yml
+++ b/haproxy/proxy/listen/kubernetes/apiserver_secure.yml
@@ -20,7 +20,7 @@
port: 443
ssl:
enabled: true
- pem_file: /etc/haproxy/ssl/kubernetes.pem
+ pem_file: /etc/kubernetes/ssl/kubernetes-server.pem
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
@@ -33,4 +33,4 @@
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
port: 443
- params: "check ssl verify none"
\ No newline at end of file
+ params: "check ssl verify none"
diff --git a/salt/minion/cert/k8s_server.yml b/salt/minion/cert/k8s_server.yml
index c7b38f9..5a1a180 100644
--- a/salt/minion/cert/k8s_server.yml
+++ b/salt/minion/cert/k8s_server.yml
@@ -6,11 +6,8 @@
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: kubernetes-server
- key_file: /etc/kubernetes/ssl/kubernetes-server.key
- cert_file: /etc/kubernetes/ssl/kubernetes-server.crt
- all_file: /etc/haproxy/ssl/kubernetes.pem
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetest-server.pem
signing_policy: cert_server
alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
- user: root
- group: haproxy
- mode: 640
\ No newline at end of file