From 246c8209c190dc24da1225c220e94208ab535c12 Mon Sep 17 00:00:00 2001
From: fen4o <martin.vladev@gmail.com>
Date: Wed, 7 Dec 2016 11:09:04 +0200
Subject: [PATCH] add cluster-signing to kube-controller-manager

kube-controller-manager's cluster signing cert and key points by default to not
existing `/etc/kubernetes/ca/ca.pem` and `/etc/kubernetes/ca/ca.key` [docs][1]

[1]: http://kubernetes.io/docs/admin/kube-controller-manager/#options
---
 .../templates/manifests/kube-controller-manager.manifest.j2     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index 7821ee309..cdfbef064 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -18,6 +18,8 @@ spec:
     - --leader-elect=true
     - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
     - --root-ca-file={{ kube_cert_dir }}/ca.pem
+    - --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
+    - --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem
     - --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }}
     - --v={{ kube_log_level }}
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure"] %}