Create k8s server certs directly on ctl nodes Related bug: https://mirantis.jira.com/browse/PROD-24174 Change-Id: Iac1fd4b31cf9a0052bc81cd6238d51ad38474819

commit: 546660c940ac56ad2efc4a79a150c9043f200b79 [log] [tgz]
author: Sergey Kolekonov <skolekonov@mirantis.com> Tue Oct 23 23:01:59 2018 +0400
committer: Sergey Kolekonov <skolekonov@mirantis.com> Sun Oct 28 22:27:30 2018 +0400
tree: 9bab85e0159c77944b1d12bcb073776950f69c6f
parent: 173609a2f15a5921651e05c3722c798b6f1a670d [diff]
diff --git a/salt/minion/cert/k8s_server.yml b/salt/minion/cert/k8s_server.yml
index 603d369..16cf2cc 100644
--- a/salt/minion/cert/k8s_server.yml
+++ b/salt/minion/cert/k8s_server.yml

@@ -6,8 +6,8 @@
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           common_name: kubernetes-server
-          key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
-          cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
-          all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
+          key_file: /etc/kubernetes/ssl/kubernetes-server.key
+          cert_file: /etc/kubernetes/ssl/kubernetes-server.crt
+          all_file: /etc/kubernetes/ssl/kubernetes-server.pem
           signing_policy: cert_server
           alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc

diff --git a/salt/minion/cert/k8s_server_single.yml b/salt/minion/cert/k8s_server_single.yml
index 33637e4..7227d0f 100644
--- a/salt/minion/cert/k8s_server_single.yml
+++ b/salt/minion/cert/k8s_server_single.yml

@@ -6,8 +6,8 @@
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           common_name: kubernetes-server
-          key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
-          cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
-          all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
+          key_file: /etc/kubernetes/ssl/kubernetes-server.key
+          cert_file: /etc/kubernetes/ssl/kubernetes-server.crt
+          all_file: /etc/kubernetes/ssl/kubernetes-server.pem
           signing_policy: cert_server
           alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
commit	546660c940ac56ad2efc4a79a150c9043f200b79	[log] [tgz]
author	Sergey Kolekonov <skolekonov@mirantis.com>	Tue Oct 23 23:01:59 2018 +0400
committer	Sergey Kolekonov <skolekonov@mirantis.com>	Sun Oct 28 22:27:30 2018 +0400
tree	9bab85e0159c77944b1d12bcb073776950f69c6f
parent	173609a2f15a5921651e05c3722c798b6f1a670d [diff]