Give the API server access to TLS certs.

Moved the cert generation to a separate salt state and put it in a more appropriate sharable location (`/srv/kubernetes/`).
2014-11-12 18:14:24 -08:00
parent e0e686896e
commit ee2f030623
10 changed files with 87 additions and 69 deletions
--- a/cluster/saltbase/salt/nginx/kubernetes-site
+++ b/cluster/saltbase/salt/nginx/kubernetes-site
@@ -33,8 +33,8 @@ server {
        index index.html index.htm;

        ssl on;
-        ssl_certificate /usr/share/nginx/server.cert;
-        ssl_certificate_key /usr/share/nginx/server.key;
+        ssl_certificate /srv/kubernetes/server.cert;
+        ssl_certificate_key /srv/kubernetes/server.key;

        ssl_session_timeout 5m;

@@ -53,7 +53,7 @@ server {
          proxy_connect_timeout 159s;
          proxy_send_timeout   600s;
          proxy_read_timeout   600s;
-          
+
          # Disable retry
          proxy_next_upstream off;