From 8f8ab9e68013163e236d3ce21a3a305c125e0c0a Mon Sep 17 00:00:00 2001
From: Mathieu Velten <mathieu.velten@cern.ch>
Date: Tue, 21 Feb 2017 18:09:36 +0100
Subject: [PATCH] [cern] Missing root-ca-file parameter for proper service
 account support

cherry-pick: https://review.openstack.org/#/c/436558/

Change-Id: I8d581b1fbffdb4b8bc64457da6faae6d45dfc594
Closes-Bug: 1666599
---
 .../kubernetes/fragments/configure-kubernetes-master.sh         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index df1d8a6c1..a005b9b4d 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -47,7 +47,7 @@ _EOC_
 # Add controller manager args
 KUBE_CONTROLLER_MANAGER_ARGS=""
 if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
-    KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/srv/kubernetes/server.key"
+    KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/srv/kubernetes/server.key --root-ca-file=/srv/kubernetes/ca.crt"
 fi
 sed -i '
     /^KUBELET_ADDRESSES=/ s/=.*/="--machines='""'"/
-- 
GitLab